View on Github
Deployment Approvals

Deployment Approvals #

Control ID: SDLC-CTRL-0010 | Type: Preventive

Summary #

All deployments to production are approved by someone other than the person making the change, meeting segregation of duties requirements.

Mitigates Risk

SDLC-RISK-0002:
Insider Threat
SDLC-RISK-0003:
Unauthorised Deployment
SDLC-RISK-0006:
Audit and Compliance Failure

Description #

Segregation of duties is a common requirement in regulated or high-security development environments. It means that a developer cannot deploy their own changes without approval from someone who both understands what is changing and accepts the risk of the change.

Deployment approval controls form a key role in the secure software development lifecycle. Their purpose is to ensure that risks around change are managed and that change is an active decision. In highly sensitive software systems, more than one approver may be required.

Deployment Approvals

Requirements #

  • All deployments to production MUST be approved by at least one person other than the author of the change
  • The approver MUST understand the nature and scope of the change
  • Deployment approvals MUST be recorded in an audit trail
  • Approval evidence MUST be linked to the specific artefact being deployed
  • For highly sensitive systems, more than one approver SHOULD be required

How we implement this control #

  • We use git tags to trigger and record deployment approvals
  • CI/CD pipelines generate attestations for Kosli approvals

Compliance Frameworks #

NIST SP 800-53 Rev. 5
  • CM-3 — Configuration change control — requires formal approval of changes before deployment to production.
  • AC-5 — Separation of duties — the person approving deployment must be different from the person making the change.
  • CM-5 — Access restrictions for change — limits who can authorise and execute deployments to production.
  • AU-12 — Audit record generation — deployment approvals must be recorded as part of the change audit trail.
  • CA-7 — Continuous monitoring — deployment approval is a gate in the continuous assurance process.
SOC 2 Type II
  • CC8.1 — Requires changes to be authorised before migration to production; deployment approvals enforce formal sign-off prior to release.
  • CC3.4 — Requires evaluation of changes for risks; deployment approval gates ensure compliance checks pass before production deployment.
The Secure SDLC Process Template is maintained by
© Kosli 2026, all rights reserved
CCPA Do not sell my info