Skip to main content

Production Readiness Checklist

This checklist is intentionally strict. It is designed to show the difference between "demo-ready" and "production-ready."

Identity and Access

  • User sign-up/login/logout flows are stable in production.
  • Password reset/account recovery is tested.
  • Roles and permissions are defined and enforced.
  • Admin endpoints are protected and audited.

Data and State

  • Database schema migration process is documented.
  • Backups are automated.
  • Restore drills have been tested successfully.
  • Critical writes are idempotent or transaction-safe.

CI/CD and Release Safety

  • Every merge triggers automated tests.
  • Build artifacts are reproducible.
  • Deployments are scripted, not manual copy/paste.
  • Rollback can be executed quickly.

Availability and Reliability

  • Health checks exist for critical services.
  • Uptime/error-rate alerts are configured.
  • Single points of failure are identified and prioritized.
  • Load and stress tests have been run on critical paths.

Observability and Operations

  • Centralized logs are searchable.
  • Dashboards track latency, error rates, and throughput.
  • On-call ownership is clear.
  • Incident response process exists and has been rehearsed.

Security Baseline

  • Secrets are not stored in source control.
  • Data is encrypted in transit and at rest where required.
  • Dependency scanning and patch process are active.
  • Access policies follow least privilege.

Business Continuity

  • Recovery time and recovery point objectives are defined.
  • Vendor/service dependencies and fallback options are documented.
  • Runbooks exist for top failure scenarios.
  • A communication plan exists for customer-facing incidents.

Product Governance

  • Ownership is clear for every critical subsystem.
  • Critical metrics have explicit targets and thresholds.
  • Technical debt backlog is prioritized and reviewed regularly.
  • Release decisions include risk review, not only feature status.

Interpretation

  • If fewer than 60% of items are complete: this is still a pre-production system.
  • If 60-85% are complete: production is possible with managed risk.
  • If above 85% are complete: baseline maturity is strong, but ongoing discipline is still required.