A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Aspect | 0 | 1 | 2 | 3 | Current Rating & Reasons | ||||||||||||||||||||
2 | Audit | Auditability of the application has not been considered. | Key aspects of the system have been identified for auditability, but may require manual data querying. | Key aspects of the system have been identified for auditability, and there is an easy / secure way for internal employees to access the audit information. | Key aspects of the system are auditable, and there is an easy / secure way to access the records. Records have a retention policy identified, and the archival process is automated. Retrieval of archived records is possible. | |||||||||||||||||||||
3 | Availability / Scale | Availability / Scale of the application has not been considered. | Availability and scaling SLAs have been identified, but not yet implemented. | Availability SLAs have been created, and are actively monitored. Scaling approaches have been identified. | Availability is actively monitored, and application can scale automatically under high demand (or has enough overhead to meet expected peak demand). | |||||||||||||||||||||
4 | Compliance | Compliance requirements have not been considered. | Compliance research has been done, and possible compliance work has been identified. | The app complies with most necessary compliance. Any compliance gaps are documented and exist in work backlog. | App is compliant with all all mandatory policies. Process is in place to ensure continued compliance with those policies. | |||||||||||||||||||||
5 | Customer Data | How sensitive customer data is handled has not been considered. | Sensitive customer data has been identified. | Sensitive customer data has been identified, and policies / practices have been implemented to keep it secure. | Processes have been documented for what to do if there is a leak of customer data. | |||||||||||||||||||||
6 | Data - Backup / Restore | Backup and restore of data has not been considered. | Manual backups of data are available in a secure manner. | Automated backups are run in production, and a restore process has been documented. | Automated backups are available, and the restore process has been documented, and executed in a test environment. | |||||||||||||||||||||
7 | Infrastructure - Environments | Infrastructure has not been considered. | App is deployable to one or more non-local environment. | Application is deployable to production. | New environments can be stood up quickly, and in an automated / repeatable fashion. | |||||||||||||||||||||
8 | Infrastructure - Deployments | Deployment has not been considered. | App is manually deployable to an environment. | App is automatically deployable to production, and a rollback process has been identified and exercised. If a deploy causes downtime or interruptions to end users, these must be documented. | App is able to be deployed with zero downtime or interruption to end users. | |||||||||||||||||||||
9 | Infrastructure - Security | Security has not been considered. | Basic security has been considered, and implemented. (port blocking, IAM role evaluations) | Process for continual evaluation of infrastructure security is created, and performed. VMs and libraries are patched in a timely manner if exploits are identified. | Automated testing/monitoring of infrastructure level security is implemented.3rd party evaluation of security is routinely done. Software to monitor and alert on intrusions, or exploitable images / libraries is used. | |||||||||||||||||||||
10 | Observability | Observability of the application has not been considered. | System is observable in manual, and tedious ways, such as remote shell sessions. May require logging into a specific environment. | System is observable using ancillary tools such as aggregated logging, and it’s easy to search across services and environments. | System is observable, and utilizes distributed tracing across services, and includes infrastructure, cloud based services. | |||||||||||||||||||||
11 | Performance | Performance of the application has not been considered. | The projected usage of the system has been documented, but no performance / load testing have been completed. | A performance / load test has been established, and has been performed. | Performance / load testing is part of regression testing. SLAs on performance have been established, and are actively enforced. | |||||||||||||||||||||
12 | Performance Monitoring | Performance Monitoring of the application has not been considered | Key performance metrics have been identified, but no way to effectively measure them has been implemented. (or vice versa) | Capability exists to monitor performance but key metrics have not been identified. | Capability to monitor key metrics exists, and key metrics are captured and available (dashboard / alerting) | |||||||||||||||||||||
13 | Quality Assurance | The quality of the application has not been considered. | Basic unit / integration tests exist. Majority of QA is manually performed by engineers / other employees. | Some QA is automated, mostly happy path flows. Manual QA is managed by a test case / test suite manager like Test Rail for repeatability. | Regression and key user flows have automated test suites that alert / block deploys on failure. | |||||||||||||||||||||
14 | ||||||||||||||||||||||||||
15 | ||||||||||||||||||||||||||
16 | ||||||||||||||||||||||||||
17 | ||||||||||||||||||||||||||
18 | ||||||||||||||||||||||||||
19 | ||||||||||||||||||||||||||
20 | ||||||||||||||||||||||||||
21 | ||||||||||||||||||||||||||
22 | ||||||||||||||||||||||||||
23 | ||||||||||||||||||||||||||
24 | ||||||||||||||||||||||||||
25 | ||||||||||||||||||||||||||
26 | ||||||||||||||||||||||||||
27 | ||||||||||||||||||||||||||
28 | ||||||||||||||||||||||||||
29 | ||||||||||||||||||||||||||
30 | ||||||||||||||||||||||||||
31 | ||||||||||||||||||||||||||
32 | ||||||||||||||||||||||||||
33 | ||||||||||||||||||||||||||
34 | ||||||||||||||||||||||||||
35 | ||||||||||||||||||||||||||
36 | ||||||||||||||||||||||||||
37 | ||||||||||||||||||||||||||
38 | ||||||||||||||||||||||||||
39 | ||||||||||||||||||||||||||
40 | ||||||||||||||||||||||||||
41 | ||||||||||||||||||||||||||
42 | ||||||||||||||||||||||||||
43 | ||||||||||||||||||||||||||
44 | ||||||||||||||||||||||||||
45 | ||||||||||||||||||||||||||
46 | ||||||||||||||||||||||||||
47 | ||||||||||||||||||||||||||
48 | ||||||||||||||||||||||||||
49 | ||||||||||||||||||||||||||
50 | ||||||||||||||||||||||||||
51 | ||||||||||||||||||||||||||
52 | ||||||||||||||||||||||||||
53 | ||||||||||||||||||||||||||
54 | ||||||||||||||||||||||||||
55 | ||||||||||||||||||||||||||
56 | ||||||||||||||||||||||||||
57 | ||||||||||||||||||||||||||
58 | ||||||||||||||||||||||||||
59 | ||||||||||||||||||||||||||
60 | ||||||||||||||||||||||||||
61 | ||||||||||||||||||||||||||
62 | ||||||||||||||||||||||||||
63 | ||||||||||||||||||||||||||
64 | ||||||||||||||||||||||||||
65 | ||||||||||||||||||||||||||
66 | ||||||||||||||||||||||||||
67 | ||||||||||||||||||||||||||
68 | ||||||||||||||||||||||||||
69 | ||||||||||||||||||||||||||
70 | ||||||||||||||||||||||||||
71 | ||||||||||||||||||||||||||
72 | ||||||||||||||||||||||||||
73 | ||||||||||||||||||||||||||
74 | ||||||||||||||||||||||||||
75 | ||||||||||||||||||||||||||
76 | ||||||||||||||||||||||||||
77 | ||||||||||||||||||||||||||
78 | ||||||||||||||||||||||||||
79 | ||||||||||||||||||||||||||
80 | ||||||||||||||||||||||||||
81 | ||||||||||||||||||||||||||
82 | ||||||||||||||||||||||||||
83 | ||||||||||||||||||||||||||
84 | ||||||||||||||||||||||||||
85 | ||||||||||||||||||||||||||
86 | ||||||||||||||||||||||||||
87 | ||||||||||||||||||||||||||
88 | ||||||||||||||||||||||||||
89 | ||||||||||||||||||||||||||
90 | ||||||||||||||||||||||||||
91 | ||||||||||||||||||||||||||
92 | ||||||||||||||||||||||||||
93 | ||||||||||||||||||||||||||
94 | ||||||||||||||||||||||||||
95 | ||||||||||||||||||||||||||
96 | ||||||||||||||||||||||||||
97 | ||||||||||||||||||||||||||
98 | ||||||||||||||||||||||||||
99 | ||||||||||||||||||||||||||
100 |