Development and Acquisition c/o Jideo Pena (Unlicensed) Medel Vecina (Unlicensed)
Systems Development
Development standards
System control standards
Quality assurance standards
Standard procedures for spreadsheet/database reports
Programming standards
Systems Acquisition
Proper software composition analysis
Defined guidelines and procedures on installation, use, maintenance and retirement (a.k.a. playbooks or run books)
Systems Change Management (related to IT Ops, but focuses on build releases not deployment to production)
Standard change management procedure
Authorization and approval procedure
Change report
Audit trails for any type of change
Procedures for emergency changes
System Testing
Standard acceptance process
Standard System, User Acceptance, and Performance testing
System Migration (System Update)
Secured library of package updates
Standard package integrity check procedure
Standard version control process
Application build and source code maintenance
Standard building procedure
Access control in building process
Escrow agreements for applications without copy of source code.
Systems Documentation
User manuals
Documentation standard process
Access control to documents
Disposal
Standard disposal procedures for surplus or obsolete software, hardware or data
Retention policies for disposed items
Data and Information destruction process
IT Operations (IT Ops) c/o Lucky La Torre (Unlicensed) User 6e250 User c613f
Technology Inventory
Hardware
Software
For SRE/DevOps - create an inventory of open source software installed and running in GKE. Example like opensource apps that we integrate in our systems - Monitoring and Observability Stack, Sonarqube etc. Inventory should include column if software is saas or paas or opensource
Network Components and Topology
Data Flow Diagram
This is for SRE - (e.g. Cloudflare → Tyk → Load balancer → Istio → Microservice → Databases)
Media
Preventive Maintenance
Standard procedure for preventive maintenance
Operations Change Management (related to system change management but focuses on deployment to production)
Minimum standards governing a change process
For SRE, briefly explain the CICD Process to Production
Change management framework
Explain how DevOps Framework is used as a guiding framework.
Patch Management
For SRE, this is done using Terraform versioning. PR Approval, applying of Terraform plans. More on maintenance e.g. GKE Upgrade, Database version upgrade
Patch testing procedures
Implementation procedures
Version control procedures
Conversions
Standard conversion guidelines
Conversion process
Network Management Controls
Network guidelines and standard procedures
Network monitoring, analysis, and controls.
Disposal of Media
Disposal and destruction of media procedure
Imaging
Standard imaging process
Event / Problem Management
Day to day event / problem manage procedures
For SRE, how we will utilize Pagerduty for Incident Response Management.
Machine triggered and human triggered incidents (triggered by Monitoring, how ticket will be created and who will be assigned)
Event response escalation procedures
For SRE, how will the dev and incident will be escalated? Where?
BCP
For SRE, how is HA setup for crucial services?
How will we utilize repeatable code using IAC ? e
Day to day operation audit trails
For SRE, post mortem procedures for SRE
User Support / Help Desk
User Support and Help Desk Processes
Record and Track Procedures
Issue management
Knowledge base
Access control to users
Scheduling
Policies and procedure for job schedules
Prioritization of job stream process
Systems and Data Back-up
Back up standard procedures
For SRE, how are the data backed up in Google Cloud?
Back up management process
Disposal of backup processes
Systems Reliability, Availability and Recoverability
Systems Availability Guidelines
For SRE, are we using high availability procedures in GKE? How reliable are the apps in terms of latencies/uptime?
For SRE, define RTO, RPO.
Technology Recovery Plan
SRE Playbooks.
Recovery Site
Site in context, is pertaining to which provider and region we will recover.
Disaster Recovery Testing
How often and what are the processes for DR exercise, for SRE?
Information Security (IT Cybersecurity) c/o User b6b4a
IT Governance / Management c/o Ion Mudreac Jideo Pena (Unlicensed)
IT Governance Policy
IT Management structure
Roles, Responsibilities and Expectations per squads
Delineation of functions per squads
IT Management Policy
IT KPI
OKR
Operational Management
Reference: https://morb.bsp.gov.ph/148-information-technology-risk-management/
Call User b6b4a for guidance, questions, inquiries, and violent reactions 😂