Two options that should be considered when making production changes in a highly regulated and audited environment are: all changes including hotfixes should be reviewed against security principles, and any production change should have explicit stakeholder approval. These options can help ensure that the changes are compliant with the regulations and have the necessary authorization and documentation. No manual steps should be carried out is not a valid option, as some changes may require manual steps, such as data migration or post-deployment verification. After deployment, the development team should test and verify functionality in production is also not a valid option, as testing and verification should be done in a lower environment before deploying to production, and the responsibility of testing and verifying functionality in production should be assigned to a different team than the development team. See Application Lifecycle and Deployment for more details.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit