Change Management Policy

1. Purpose

To ensure changes to code and production systems are made in a controlled, reviewed, and reversible way.

2. Scope

All changes to application code, infrastructure, and production configuration.

3. Process

1. Changes are tracked in version control and tied to an issue or task.
2. Changes are made on branches and submitted as pull requests.
3. Each change is peer-reviewed and must pass automated checks (linting, type checks, tests, dependency scanning) before merge.
4. Production deployments are performed through automated pipelines.
5. Significant or risky changes are scheduled and communicated.

4. Rollback

Deployments must be reversible. If a change causes issues, it is rolled back and investigated.

5. Separation of environments

Development, staging, and production are kept separate. Production access is limited and logged.

6. Review

This policy is reviewed at least annually.