# Secure Change And Deployment Guidance

## Purpose

This guidance note helps engineering and operational teams apply the change and deployment controls consistently in a cloud-native environment.

## Key Principle

The goal is not to slow change down. The goal is to make production change deliberate, traceable, and recoverable.

## What Deserves More Scrutiny

Higher-risk changes usually include:

- authentication or authorisation changes
- changes affecting production access or secrets
- Kubernetes or infrastructure changes
- CI/CD pipeline changes
- logging or monitoring changes
- customer-impacting configuration changes

## Minimum Practical Checks Before Deployment

Before a production deployment, confirm:

- the change is reviewed and approved at the right level
- the deployment path is the approved one
- rollback or recovery is understood
- monitoring exists to detect failure quickly
- any customer or operational communication need is understood

## Emergency Change Discipline

Emergency change does not mean uncontrolled change. If a shortcut is needed during an incident or outage, the record still needs to show:

- why the shortcut was necessary
- who made the decision
- what was changed
- what retrospective review is required

## Evidence To Keep

Useful deployment evidence often includes:

- change approval
- code review or pipeline traceability
- deployment timestamp
- deployment owner
- validation results
- rollback or follow-up actions where relevant

## Related Documents

- `../../01-policies/change-management-policy.md`
- `../../02-standards/ci-cd-security-standard.md`
- `../../03-procedures/change-approval-procedure.md`
- `../../03-procedures/production-deployment-procedure.md`