The Internet of Things is rising in popularity across many different domains, such as build automation, healthcare, electrical smart metering and physical security. Many prominent IT experts and companies like Gartner expect there to be a continued rise in the amount of IoT endpoints, with an estimated 5.8 million endpoints in 2020. With the rapid growth of the devices, the physical nature of these devices, and the amount of data collected, there will be a greater need for trustworthiness. These devices often gather personal data and as the devices have relatively less computational power than other devices, security and privacy risks are greater. With the IoT systems often operating in highly dynamic environments, the development of these systems should often be done in an iterative manner. DevOps is an increasingly popular agile practice which combines the development and operations of systems to provide continuous delivery. This is well suited for the development of IoT systems. However, there is currently a lack of support for risk driven planning of trustworthy smart IoT systems within DevOps. This thesis investigates currently available tools and methods for the planning of trustworthy smart IoT systems within DevOps. We also propose a tool-supported method with the purpose of assisting developers in the planning phase of DevOps with identifying security and privacy risks, and executing risk assessment algorithms. Furthermore we facilitate automatic real-time security and privacy risk assessment through our custom made API. Moreover we conduct a case study where we apply both our method and tool in a real-life smart home case. Based on our initial result we argue that our tool-supported method: is easy to use and understandable for developers, supports the planning of trustworthy smart IoT systems in the DevOps practice in terms of security and privacy risk assessment and it is appropriate for use in the DevOps practice in terms of adapting to new plans and flexible in response to changes in the system.