83 lines
2.6 KiB
Markdown
83 lines
2.6 KiB
Markdown
Title: Production Deployment Procedure
|
|
Document ID: [PROC-DEPLOY-001]
|
|
Version: 0.1 Draft
|
|
Status: Draft
|
|
Owner: CISO (Paul Jenkins)
|
|
Approver: CISO (Paul Jenkins)
|
|
Classification: Internal
|
|
Effective date: [DD Month YYYY]
|
|
Review date: [DD Month YYYY]
|
|
|
|
# Production Deployment Procedure
|
|
|
|
## Purpose
|
|
|
|
This procedure defines how BlackDice should prepare, authorise, execute, and verify production deployments.
|
|
|
|
## Scope
|
|
|
|
This procedure applies to production releases affecting applications, infrastructure as code, Kubernetes workloads, configuration, and supporting service components within the ISMS scope.
|
|
|
|
## Trigger / When Used
|
|
|
|
Use this procedure when:
|
|
|
|
- a production deployment is planned
|
|
- a production hotfix or emergency release is required
|
|
- a deployment rollback or recovery action is needed
|
|
|
|
## Procedure Steps
|
|
|
|
1. Confirm that the change has passed the required review, approval, and testing gates.
|
|
2. Validate the release scope, artefact version, deployment target, and deployment owner.
|
|
3. Check for known operational risks, dependencies, freeze periods, customer constraints, and rollback readiness.
|
|
4. Notify relevant stakeholders where communication is required.
|
|
5. Execute the deployment using the approved and traceable deployment path.
|
|
6. Monitor the deployment and perform post-deployment validation checks, including service health and any security-relevant control checks.
|
|
7. Roll back or escalate if the deployment introduces unacceptable risk, instability, or failed controls.
|
|
8. Record the deployment outcome, timing, issues, and follow-up actions.
|
|
|
|
## Inputs
|
|
|
|
- approved change record
|
|
- release artefact or deployment package
|
|
- deployment plan and rollback plan
|
|
- validation criteria
|
|
|
|
## Outputs / Records
|
|
|
|
- deployment record
|
|
- validation evidence
|
|
- rollback or incident record where applicable
|
|
- follow-up action record
|
|
|
|
## Roles and Responsibilities
|
|
|
|
- Deployment owners must ensure readiness and accurate execution.
|
|
- Reviewers and approvers must confirm the deployment is authorised.
|
|
- Operational teams must monitor production behaviour during and after deployment.
|
|
|
|
## Escalation / Exceptions
|
|
|
|
Escalate where:
|
|
|
|
- deployment validation fails
|
|
- unexpected customer or production impact occurs
|
|
- rollback fails or is not available
|
|
- emergency deployment bypasses normal control steps
|
|
|
|
Emergency or exceptional deployments must be reviewed retrospectively and recorded.
|
|
|
|
## Related Documents
|
|
|
|
- Change Management Policy
|
|
- Change Approval Procedure
|
|
- CI/CD Security Standard
|
|
- Secure Code Review Standard
|
|
|
|
## Version Control
|
|
|
|
| Version | Date | Description of Change | Author |
|
|
| --- | --- | --- | --- |
|
|
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|