How Inner Mongolia Mobile Reached Advanced DevSecOps Standards in China

Background

Large enterprises worldwide have found that standardization and tool empowerment are key to success. Applying DevOps standards and a continuous‑delivery pipeline platform can significantly improve quality, efficiency, safety, and agility, enhancing market competitiveness.

Event Overview

On 26 October 2023, the 21st GOPS Global Operations Conference was held in Shanghai, jointly organized by GreatOPS and the DevOps Era Community. At the conference, the China Academy of Information and Communications Technology (CAICT) announced the latest batch of DevOps standard assessment results.

Inner Mongolia Mobile’s Achievement

Inner Mongolia Mobile participated with the Unified 4A System 3.0 (Panji PaaS platform) and successfully passed the CAICT “Research‑Operation Integrated (DevOps) Capability Maturity Model” security and risk management (DevSecOps) Level 2 assessment, demonstrating an advanced domestic capability.

To date, Inner Mongolia Mobile has passed one continuous‑delivery standard assessment and one security‑and‑risk‑management (DevSecOps) assessment.

Q&A Highlights

Zhang Yongtao (Deputy GM, IT Department) explained that the 4A system provides unified account, authentication, authorization, and audit capabilities for all IT resources, serving as a single portal for the company.

He noted that digital transformation creates many security risks, and adopting DevSecOps allowed the company to embed security throughout the software lifecycle, improve team collaboration, and obtain a measurable maturity level.

Adif (Security Management Manager) described the cultural, process, and technical steps taken: training and awareness to spread DevSecOps concepts, establishing a secure software development lifecycle, and building a security toolchain (code audit, vulnerability scanning, compliance baseline checks) integrated into the DevOps pipeline.

Both executives highlighted challenges such as handling a large user base across multiple domains, meeting high security requirements for authentication and audit, and overcoming difficulties in metric collection and issue‑feedback mechanisms by forming a dedicated DevSecOps task force.

Future plans include deepening DevSecOps practice across more domains, aiming for higher maturity levels, and continuously enhancing security efficiency through standards‑driven improvements.

Industry Participation Details

Statistics (as of 26 October 2023) show the number of communication‑industry enterprises that have undergone DevOps capability maturity assessments, covering continuous‑delivery, technical‑operation, security‑and‑risk‑management, and system/tool evaluations.

DevOps Capability Maturity Model Introduction

The “Research‑Operation Integrated (DevOps) Capability Maturity Model” series of standards, led by CAICT with contributions from the Cloud Computing Open Source Alliance, GreatOPS, BATJ, and major telecom, finance, and internet companies, is the first comprehensive DevOps standard worldwide. It has been approved by the Ministry of Industry and Information Technology and adopted by many leading enterprises.

The model covers processes (agile management, continuous delivery, technical operation), application design, security and risk management (DevSecOps), system and tool evaluation, business value management, collaborative development‑operations, continuous testing, performance measurement, platform engineering, and Site Reliability Engineering (SRE).

Contact Information

For DevOps standard assessment inquiries, contact CAICT (Liu Kailing, phone 156 5078 6171, email [email protected]) or GreatOPS (Wei Huanxin, phone 185 0025 5645, email [email protected]).