Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is planning for a DevOps solution. It conducts a nightly build for integration testing. If it completes successfully, other automated tests continue. If everything goes well, the software solution will be deployed to the production system automatically. As the COO with reliability and availability at priority, which of the following best addresses your concern?
A. Deploy after conducting more testing to ensure software quality
B. Ask for manual deployment by the operation team to enforce separation of duty
C. Require the deployment be conducted after approval
D. Upgrade to cutting edge DevOps product to avoid vulnerabilities
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Require the deployment be conducted after approval.
- An information system shall be certified and authorized (accreditated) to be deployed into the production system.
- To ensure software quality, enforce separation of duty, and avoid vulnerabilities are part of certification concerns.