psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
881b2bf2bcd7b1053d66f58e0fb522118a672f19
ISMS/03-procedures/production-deployment-procedure.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.6 KiB
Raw Blame History

Title: Production Deployment Procedure Document ID: [PROC-DEPLOY-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Production Deployment Procedure

Purpose

This procedure defines how BlackDice should prepare, authorise, execute, and verify production deployments.

Scope

This procedure applies to production releases affecting applications, infrastructure as code, Kubernetes workloads, configuration, and supporting service components within the ISMS scope.

Trigger / When Used

Use this procedure when:

  • a production deployment is planned
  • a production hotfix or emergency release is required
  • a deployment rollback or recovery action is needed

Procedure Steps

  1. Confirm that the change has passed the required review, approval, and testing gates.
  2. Validate the release scope, artefact version, deployment target, and deployment owner.
  3. Check for known operational risks, dependencies, freeze periods, customer constraints, and rollback readiness.
  4. Notify relevant stakeholders where communication is required.
  5. Execute the deployment using the approved and traceable deployment path.
  6. Monitor the deployment and perform post-deployment validation checks, including service health and any security-relevant control checks.
  7. Roll back or escalate if the deployment introduces unacceptable risk, instability, or failed controls.
  8. Record the deployment outcome, timing, issues, and follow-up actions.

Inputs

  • approved change record
  • release artefact or deployment package
  • deployment plan and rollback plan
  • validation criteria

Outputs / Records

  • deployment record
  • validation evidence
  • rollback or incident record where applicable
  • follow-up action record

Roles and Responsibilities

  • Deployment owners must ensure readiness and accurate execution.
  • Reviewers and approvers must confirm the deployment is authorised.
  • Operational teams must monitor production behaviour during and after deployment.

Escalation / Exceptions

Escalate where:

  • deployment validation fails
  • unexpected customer or production impact occurs
  • rollback fails or is not available
  • emergency deployment bypasses normal control steps

Emergency or exceptional deployments must be reviewed retrospectively and recorded.

Related Documents

  • Change Management Policy
  • Change Approval Procedure
  • CI/CD Security Standard
  • Secure Code Review Standard

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink