Initial commit
This commit is contained in:
Paul Jenkins
82
03-procedures/production-deployment-procedure.md
Normal file
82
03-procedures/production-deployment-procedure.md
Normal file
@@ -0,0 +1,82 @@
|
||||
Title: Production Deployment Procedure
|
||||
Document ID: [PROC-DEPLOY-001]
|
||||
Version: 0.1 Draft
|
||||
Status: Draft
|
||||
Owner: CISO (Paul Jenkins)
|
||||
Approver: CISO (Paul Jenkins)
|
||||
Classification: Internal
|
||||
Effective date: [DD Month YYYY]
|
||||
Review date: [DD Month YYYY]
|
||||
|
||||
# Production Deployment Procedure
|
||||
|
||||
## Purpose
|
||||
|
||||
This procedure defines how BlackDice should prepare, authorise, execute, and verify production deployments.
|
||||
|
||||
## Scope
|
||||
|
||||
This procedure applies to production releases affecting applications, infrastructure as code, Kubernetes workloads, configuration, and supporting service components within the ISMS scope.
|
||||
|
||||
## Trigger / When Used
|
||||
|
||||
Use this procedure when:
|
||||
|
||||
- a production deployment is planned
|
||||
- a production hotfix or emergency release is required
|
||||
- a deployment rollback or recovery action is needed
|
||||
|
||||
## Procedure Steps
|
||||
|
||||
1. Confirm that the change has passed the required review, approval, and testing gates.
|
||||
2. Validate the release scope, artefact version, deployment target, and deployment owner.
|
||||
3. Check for known operational risks, dependencies, freeze periods, customer constraints, and rollback readiness.
|
||||
4. Notify relevant stakeholders where communication is required.
|
||||
5. Execute the deployment using the approved and traceable deployment path.
|
||||
6. Monitor the deployment and perform post-deployment validation checks, including service health and any security-relevant control checks.
|
||||
7. Roll back or escalate if the deployment introduces unacceptable risk, instability, or failed controls.
|
||||
8. Record the deployment outcome, timing, issues, and follow-up actions.
|
||||
|
||||
## Inputs
|
||||
|
||||
- approved change record
|
||||
- release artefact or deployment package
|
||||
- deployment plan and rollback plan
|
||||
- validation criteria
|
||||
|
||||
## Outputs / Records
|
||||
|
||||
- deployment record
|
||||
- validation evidence
|
||||
- rollback or incident record where applicable
|
||||
- follow-up action record
|
||||
|
||||
## Roles and Responsibilities
|
||||
|
||||
- Deployment owners must ensure readiness and accurate execution.
|
||||
- Reviewers and approvers must confirm the deployment is authorised.
|
||||
- Operational teams must monitor production behaviour during and after deployment.
|
||||
|
||||
## Escalation / Exceptions
|
||||
|
||||
Escalate where:
|
||||
|
||||
- deployment validation fails
|
||||
- unexpected customer or production impact occurs
|
||||
- rollback fails or is not available
|
||||
- emergency deployment bypasses normal control steps
|
||||
|
||||
Emergency or exceptional deployments must be reviewed retrospectively and recorded.
|
||||
|
||||
## Related Documents
|
||||
|
||||
- Change Management Policy
|
||||
- Change Approval Procedure
|
||||
- CI/CD Security Standard
|
||||
- Secure Code Review Standard
|
||||
|
||||
## Version Control
|
||||
|
||||
| Version | Date | Description of Change | Author |
|
||||
| --- | --- | --- | --- |
|
||||
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|
||||
Reference in New Issue
Block a user