Printed from CheckTick DSPT Compliance Documentation
Change Management Policy
1. Scope
This policy applies to all changes to the CheckTick production environment, including application code, database schema, and Northflank infrastructure configurations.
2. Standard Change Procedure (Git-Ops)
- Initiation: Changes are developed in a separate 'Feature Branch.'
- Review: A Pull Request (PR) is opened. The PR must describe the change and its impact on data security.
- Validation: Automated CI/CD tests must pass. These include:
- Unit/Integration tests.
- Static Analysis (SAST) via CodeQL.
- Dependency scanning via
pip-audit.
- Approval: The CTO ([SIRO Name]) or SIRO ([DPO Name]) must review the code and manually approve the PR.
- Deployment: Once merged, the Northflank pipeline automatically builds and deploys the change to the production environment.
3. Emergency Changes
In the event of a Critical security patch or system failure:
- The change may be implemented immediately to restore service/security.
- A retrospective PR must be created within 24 hours to document the change and ensure it passes all standard security gates.
4. Documentation
The GitHub commit history and merged Pull Request logs serve as the official Change Management Record for CheckTick.