From compliance perspective - it is always better to start early. Building a non-compliant application initially and waiting for an audit to flag the outliers creates technical debt, and this debt is too heavy to solve sometimes. Many teams rework the compliance gap angle over and over again because they didnt shift left the compliance prerogatives as they did with security.
From compliance perspective - it is always better to start early. Building a non-compliant application initially and waiting for an audit to flag the outliers creates technical debt, and this debt is too heavy to solve sometimes. Many teams rework the compliance gap angle over and over again because they didnt shift left the compliance prerogatives as they did with security.