Verify the Design
When developing a solution, we should always validate that the solution adheres to the design. If it deviates, we must either correct the solution or update the design.
Manage
When the solution is designed, developed, and deployed, another job begins that may be a bit unfamiliar to many: Management. Regardless of how much development is happening, we still have a responsibility to manage what we roll out into production (or to other environments).
These need to be monitored, we must ensure we have regular backups _that also need to be tested_, that we have up-to-date disaster recovery plans, follow up on vulnerable dependencies, and much more.
Audit or Review of Project or Delivery
Regardless of our own controls, we sometimes find ourselves in situations where the customer or recipient wants to review the quality and procedures of what is being delivered. Security and quality in a solution require different measures than the functional aspects, which are typically easier to verify against customer requirements.
Logging and Monitoring
When a solution is in operation, logging is one of the most important tools we have. Collecting information is critical to gaining insight into what is happening with the solution and responding to events, but only if we monitor it.
Dependency Management
The status of the dependencies we have will change over time, and it is inevitable that vulnerabilities will be discovered that we must mitigate. This job can be as simple as updating to a new version, but may also require more significant changes to the application.
Preparedness
An untested backup is worthless, and the same applies to all disaster recovery plans unless they are tested. The team must verify backups and plans regularly so that everyone knows what needs to happen.
Contingency Plans and Incident Management
When an incident occurs, it is important to be prepared to avoid wasting valuable time on activities that should have been ready in advance. Who should be notified, who is responsible, and who can help?