The production readiness checklist is a safety tool that enables your team to quickly check and align what is not properly covered in the production ready system. The checklist is to be used as a guide for a safe enrollment of a system in a production ready state.
Security control proposal
Below is an example of the production readiness checklist for a software deployment:
|Onboarding to SIEM system
|Ops Monitoring and Alerting
|Onboarding to Monitoring / Telemetry system
|Onboarded to Incident Management e.g. Pager Duty?
|Documentation for Public
|At least “User Guide”
|3 environments (DEV, STAGE, PROD)
|Basic automated test between DEV/STAGE and STAGE/PROD - it means propagation to PROD is without or minimum human intervention
|Automated Pipelines for deployment (keywords: infrastructure-as-a-code, configuration-as-a-code, immutable and reproducible deployment
|Do we backup all data? Are we able to recover from a disaster (e.g. data loss)?
|PSA and Pen test