Change mgmt · proceso público
Change management policy
4 risk tiers diferenciados · approval matrix 10 escenarios típicos · deploy windows por riesgo · audit trail mandatory · CAB (Change Advisory Board) planned post-tracción primer 5 clientes. Velocity sin sacrificar safety.
4 risk tiers · approval + testing + rollback
| Tier | Ejemplos | Approval | Testing | Deploy window | Rollback |
|---|---|---|---|---|---|
| Tier 1 · Standard low-risk | Landing copy changes · blog posts · documentation · cosmetic CSS · non-functional refactor | Self-approved founder via PR + tests pass + 1 review (ChatGPT auditor) | Build OK + claims policy scanner + smoke staging | Anytime · auto-deploy main | git revert + auto-redeploy (≤15min) |
| Tier 2 · Feature additions | New page · new blog post · new ADR · catalog entry · sitemap addition · footer link addition | Self-approved founder + tests pass · ChatGPT auditor reviews weekly batch | Build OK + tests passing + claims scanner + 0 type errors | Anytime · auto-deploy main on merge | git revert + verify build (≤30min) |
| Tier 3 · Functional changes (medium risk) | API endpoint addition · admin.ts logic change · DB schema migration · new dependency · vendor swap · process-message.ts modification | Founder + tests positive+negative+regression + ADR si decision irreversible + staging smoke test | Full test suite passing + staging end-to-end + manual smoke + rollback rehearsed | Business hours weekday · NOT weekend · NOT friday afternoon | Documented per-change rollback runbook + DB migration reversible + 1h max |
| Tier 4 · High-risk irreversible | Production DB DELETE/DROP · cross-tenant data migration · secret rotation · WhatsApp Meta production change · Stripe live mode change · breaking API change with active clients | Founder explicit per-action + dry-run executed + rollback script tested + checklist signed-off + 24h notice clients afectados | Staging full validation + dry-run prod with snapshot + rollback script tested + clients communication prepared | Pre-scheduled maintenance window · client notification 24-72h advance · monitoring active during change | Pre-tested rollback script + DB snapshot taken pre-change + client communication ready |
Approval matrix · 10 escenarios típicos
| Tipo cambio | Approval requerido |
|---|---|
| Landing copy change (1-3 lines) | Founder self-approved + build OK · NO tests needed if cosmetic |
| New blog post | Founder self-approved + claims scanner + build OK + brand voice check |
| New manual page (trust/conversion) | Founder self-approved + ChatGPT auditor weekly review + build OK + sitemap+footer wired |
| Bug fix backend (≤50 LOC) | Founder + tests added (positive+negative+regression) + staging smoke + ADR si decision pattern |
| Refactor (>200 LOC OR cross-module) | Plan-mode approval upfront + tests maintained + staging full validation + ADR mandatory |
| DB migration | Founder + migration script + rollback script + tests positive+negative + staging applied first + production scheduled window |
| Secret rotation | Founder + runbook /rotate-secret + blue-green tested + audit access logs + ADR si changes governance |
| External vendor swap | Founder + Vendor Risk Management score + DPA signed + exit plan documented + ADR mandatory + 30d migration window |
| Production data delete (single row) | Founder explicit approval per-action + WHY documented + audit log + reversibility plan (backup) |
| Production data delete (bulk OR table) | BLOCKED · requires written approval Jonatan + dry-run + snapshot + rollback tested + scheduled maintenance |
Deploy windows · 6 reglas
- Tier 1+2 · Anytime · auto-deploy main · zero windows (low risk = high velocity)
- Tier 3 · Business hours Lunes-Jueves 09-18 Madrid · NOT viernes >15:00 · NOT weekends · NOT festivos
- Tier 4 · Pre-scheduled maintenance window · cliente notification 24-72h advance · ideally Tuesday-Wednesday 10-14 Madrid
- Hotfix · cualquier ventana si fixes production incident P0/P1 · founder approval + minimal scope + rollback ready + postmortem mandatory
- Freeze periods · 7d antes/después major holiday (Navidad · Semana Santa · Agosto) · NO Tier 3+ changes · Tier 1+2 OK
- Code freeze pre-Enterprise demo · si cliente Enterprise demo programado · 48h code freeze pre-demo · post-demo refresh
Audit trail · 6 requirements
- Cada PR linked a issue/ADR · WHY documented · NOT just WHAT changed
- Each tier 3+ change · ADR mandatory si decision pattern · git history immutable record
- Rollback evidence · rollback script committed alongside change · tested staging pre-merge
- Deploy logs preserved · Cloudflare Workers logs + Sentry deployment markers + git tag per release
- Post-incident · related PRs traced · timeline events · contributing changes identified
- Quarterly audit · ChatGPT external auditor reviews change patterns · identifies risk drift
CAB (Change Advisory Board) · post-tracción
CAB formal NO existe actualmente · solo founder + ChatGPT auditor adversarial. Cuando team crezca post-tracción primeros 5-10 clientes · CAB formal con: founder + co-founder técnico + customer advisor (clínica Enterprise) + external auditor. Trigger CAB review: Tier 4 changes · architectural decisions · vendor changes mayor.
Mientras CAB no exists · proceso compensatorio: ChatGPT auditor adversarial weekly · ADR mandatory irreversible decisions · postmortems públicos forced rigor self-imposed.
¿Tu compliance team necesita change mgmt detallado?
Para Enterprise procurement · CAB structure + sample ADRs + sample change tickets + audit trail demo disponibles bajo NDA. Útil ITIL/COBIT compliance review.