I always felt the idea of trying to align your code, policy, software and infrastructure so it's easy to do compliance is the bread and butter of devops and devsecops in a regulated environment,

Is this an article by someone who's just done ISO 27001 for the first time and realised that?