Verify the Design
When developing a solution, we should always validate that the solution adheres to the design. If it deviates, we must either correct the solution or update the design.
Manage
When the solution is designed, developed, and deployed, another job begins that may be a bit unfamiliar to many: Management. Regardless of how much development is happening, we still have a responsibility to manage what we roll out into production (or to other environments).
These need to be monitored, we must ensure we have regular backups _that also need to be tested_, that we have up-to-date disaster recovery plans, follow up on vulnerable dependencies, and much more.
Audit or Review of Project or Delivery
Customer or recipient may require an audit of the delivery. The team must then be able to document requirements, design choices, security measures, and how these have actually been followed up in practice.
Logging and Monitoring
When a solution is in operation, logging is one of the most important tools we have. Collecting information is critical to gaining insight into what is happening with the solution and responding to events, but only if we monitor it.
Dependency Management
The status of the dependencies we have will change over time, and it is inevitable that vulnerabilities will be discovered that we must mitigate. This job can be as simple as updating to a new version, but may also require more significant changes to the application.
Preparedness
The team must be able to restore services and data after destructive events. This article is about practical recovery: plans, exercises, and verification that restoration actually works.
Contingency Plans and Incident Response
The team must know which requirements apply to security incidents, who is responsible, and how notifications and escalation should be handled. This article covers governance, compliance, and coordination.