BestHub
Sign in
Information Security 11 min read

How Ping An Bank Achieved National‑Level DevSecOps Maturity with the Starlink Platform

The 2020 GOLF+ IT New Governance Leadership Forum in Beijing showcased Ping An Bank's Smart Due Diligence System passing the first DevSecOps security and risk management assessment, highlighting the role of the Starlink platform in integrating DevOps practices, enhancing security, and driving industry‑wide IT governance improvements.

Efficient Ops
Efficient Ops
Efficient Ops
How Ping An Bank Achieved National‑Level DevSecOps Maturity with the Starlink Platform

Event Overview

On December 23, 2020, the 2020 GOLF+ IT New Governance Leadership Forum was held in Beijing, focusing on IT governance and DevOps empowerment. The forum announced the first batch of DevOps capability maturity security and risk management assessment results.

Ping An Bank Assessment

Ping An Bank’s Smart Due Diligence System was evaluated by the China Academy of Information and Communications Technology (CAICT) under the DevSecOps standard, achieving Level 2 security delivery, which represents an advanced domestic level of security capability.

Starlink Platform

The Starlink development‑operation integration platform, a key product for digital, platform, and ecosystem banking, incorporates DevSecOps practices, enabling end‑to‑end security, automated testing, and risk management across the software lifecycle.

Interview Highlights

Bank representatives explained that technology must be the foundation of banking transformation and described how the Starlink platform supports agile and secure delivery. They discussed challenges faced during the assessment, cultural, procedural, and technical measures taken to embed security throughout development, and the benefits gained from the evaluation.

Future Plans

Ping An Bank plans to further enhance Starlink with automated threat modeling, security testing, and continuous monitoring, aligning with the CAICT DevSecOps standard to promote best practices across the industry.

Standard Background

The “R&D Operations Integration (DevOps) Capability Maturity Model” was jointly developed by CAICT, industry alliances, and leading internet companies, and became the first international DevOps standard approved by ITU‑T in 2020. The model covers agile development management, continuous delivery, technical operations, application design, security and risk management, and system/tool integration.

Contact information for further DevOps standard inquiries is provided at the end of the article.

devopsSecurityDevSecOpsIT GovernancePing An BankStarlink
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment