From the article, the thing that jumped out at me was documenting it all. Sure, your processes may be perfectly pristine. Where's your document that shows that you considered everything? Don't forget to include development processes. And don't forget to update your documentation when your processes change.
Changing the processes may not be hard, if you're doing things close to right to begin with. Complying with the documentation requirements? That's going to be painful.
Changing the processes may not be hard, if you're doing things close to right to begin with. Complying with the documentation requirements? That's going to be painful.