| Category |
Activity |
Scope |
Status of the internal audit |
| Product Development Environment |
Product Team Workstations |
- Updated Virus Protection
- Full Disk Encrytion
- No unauthorized access
|
Product Team Workstations
We have validated the notebooks of all of our 25 product team members. |
| Source Code Management System |
- Login access is restricted only to authorized persons
- Only minimal permissions are granted
- No unauthorized access
|
Bitbucket Cloud - META-INF
Source code management and Build system to store and build the code of our applications.
Permissions
- Admin : Can create, delete repositories and modify repository settings.
- Write : Can push and merge source code modifications and trigger manual build pipelines.
- Read : Can pull source code, read build logs and pull requests.
Repository1
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
1 Support Agent
1 CEO
Repository2
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
1 Support Agent
1 CEO
Repository3
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
1 Support Agent
1 CEO
Repository4
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
1 Support Agent
1 CEO
Repository5
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
1 Support Agent
1 CEO
Repository6
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
1 Support Agent
1 CEO
Repository7
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
1 Support Agent
1 CEO
Repository8
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
9 Software Developer ( 2 Contractor )
3 Test Engineer
1 Support Agent
2 Atlassian Consultant
1 Technical Account
1 CEO
- Read
1 Software Developer ( 1 Contractor )
Repository9
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
9 Software Developer ( 2 Contractor )
3 Test Engineer
1 Support Agent
1 Technical Account
1 CEO
Repository10
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
3 Test Engineer
1 Support Agent
1 Technical Account
1 CEO
Repository11
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
3 Test Engineer
1 Support Agent
1 Technical Account
1 CEO
Repository12
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
3 Test Engineer
1 Support Agent
1 Technical Account
1 CEO
Repository13
- Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
- Write
7 Software Developer
3 Test Engineer
1 Support Agent
1 CEO
|
| Artifact Management System |
- Login access is restricted only to authorized persons
- Only minimal permissions are granted
- No unauthorized access
|
Jfrog Artifactory
Artifact management system to store the build logs and artifacts of your application.
Permissions
- Admin : Can create, delete repositories and modify repository settings.
- Write : Can upload, delete, overwrite (in snapshot repositories) artifacts.
- Read : Can list, download artifacts.
Repository1
- Admin
1 DevOps Engineer
- Write
1 Technical Account
- Read
8 Software Developer
2 Test Engineer
1 Product Owner
Repository2
- Admin
1 DevOps Engineer
- Write
1 Technical Account
- Read
8 Software Developer
2 Test Engineer
1 Product Owner
|
| Staging Environment |
AWS Staging Environment |
- Cloud Console access is restricted only to authorized persons
- SSH access is protected by keys and MFA
- Database access is possible only from the internal network
- Kubernetes access is possible only from the internal network
- Only minimal permissions are granted
- No unauthorized access
|
AWS Stage
Separated AWS Account for the Stage resources.
Permissions
- StageAdmins : Can list, create, delete, modify AWS resources.
- StageContainerImageAdmins : Can list, create, delete, modify (in snapshot repositories) Docker images.
- StageContainerImageReaders : Can list Docker images.
- StageSupport : an list, create, delete, modify Kubernetes resources and list Docker images.
- InfraBackup : Can list, create, delete, modify items in the Backup S3 Bucket.
- StageEticmaTechUsers : Can list, create, delete, modify ETICMA app related resources w/o MFA.
- StageAdmins
1 DevOps Engineer
3 Infrastructure Engineer ( 3 Contractor )
1 Software Developer
- StageContainerImageAdmins
1 Technical Account
- StageContainerImageReaders
1 Technical Account
- StageSupport
3 Software Developer
- InfraBackup
1 Technical Account
- StageEticmaTechUsers
1 Technical Account
AWS Stage Bastion
EC2 instance to access the Stage internal network and databases.
Permissions
- Root : Can administer Linux OS.
- User : Can log in and access the internal network of the Staging environment.
- Root
1 DevOps Engineer
3 Infrastructure Engineer ( 3 Contractor )
1 Software Developer
- User
3 Software Developer
|
| Production Environment |
AWS Production Environment |
- Cloud Console access is restricted only to authorized persons
- SSH access is protected by keys and MFA
- Database access is possible only from the internal network
- Kubernetes access is possible only from the internal network
- Only minimal permissions are granted
- No unauthorized access
|
AWS Prod
Separated AWS Account for the Prod resources.
Permissions
- Admins : Can list, create, delete, modify AWS resources.
- BillingAdmins : Can view billing details, costs, invoices.
- ContainerImageAdmins : Can list, create, delete, modify Docker images.
- Support : an list, create, delete, modify Kubernetes resources and list Docker images.
- Admins
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer
- BillingAdmins
1 DevOps Engineer
- ContainerImageAdmins
1 Technical Account
- Support
3 Software Developer
AWS Prod Bastion
EC2 instance to access the Prod internal network and databases.
Permissions
- Root : Can administer Linux OS.
- User : Can log in and access the internal network of the Production environment.
- Root
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer
- User
3 Software Developer
|
| Log Analysis and Monitoring |
Datadog Loggin and Monitoring System |
- Login access is restricted only to authorized persons
- Only minimal permissions are granted
- No unauthorized access
|
Datadog EU
Log management and monitoring tool for our staging and production applications.
Permissions
- Admin : Can administer all resources. Can not delete logs.
- Write : Can read, create, delete, modify monitors, dashboards. Can read logs.
- Read : Can read monitors, dashboards, logs.
- Admin
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer
1 Product Owner
1 Technical Account
- Write
1 Software Developer
1 Atlassian Consultant
- Read
6 Software Developer
3 Test Engineer
3 Support Agent
1 Product Owner
1 CEO
Datadog US
Log management and monitoring tool for our staging and production applications.
Permissions
- Admin : Can administer all resources. Can not delete logs.
- Write : Can read, create, delete, modify monitors, dashboards. Can read logs.
- Read : Can read monitors, dashboards, logs.
- Admin
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer
1 Product Owner
1 Technical Account
- Write
1 Software Developer
1 Atlassian Consultant
- Read
6 Software Developer
3 Test Engineer
3 Support Agent
1 Product Owner
1 CEO
|
