@cloudstreamsoftware/claude-tools 1.0.0 → 1.1.0

package/skills/compliance-patterns/soc2/change-management.md

@@ -0,0 +1,403 @@
+# SOC 2 Change Management
+
+## Overview
+
+Zoho Creator does **NOT** have native change management capabilities. There is no built-in version control, no approval workflow for schema changes, and no automatic change tracking for form/workflow modifications. SOC 2 Trust Service Criteria CC8.1 requires that changes to infrastructure, data, software, and procedures are authorized, tested, and approved before implementation.
+
+This document defines the custom change management process CloudStream builds for SOC 2-compliant Creator implementations.
+
+> **WARNING**: Every change to a production Creator application must go through this process. "Quick fixes" deployed directly to production are SOC 2 audit failures -- no exceptions.
+
+---
+
+## Custom Change Management Workflow
+
+### Process Flow
+
+```
+Change Identified
+    |
+    v
+Change Request Form Submitted (Requester)
+    |
+    v
+Initial Triage (IT Admin, < 4 hours)
+    |
+    +-- Incomplete --> Return to requester for more info
+    |
+    v
+Technical Review (Developer/Reviewer)
+    |
+    +-- Rejected --> Notify requester with rationale
+    |
+    v
+Testing in Dev/Staging Environment
+    |
+    v
+Test Results Documented
+    |
+    v
+Approval (Change Approver - NOT the developer)
+    |
+    +-- Denied --> Return for rework
+    |
+    v
+Scheduled Deployment Window
+    |
+    v
+Production Deployment (by authorized deployer)
+    |
+    v
+Post-Implementation Verification
+    |
+    v
+Change Record Closed
+```
+
+---
+
+## Change Request Form Design
+
+### Creator Form: Change_Requests
+
+```
+Fields:
+  - CR_ID (Auto-number, format: CR-YYYY-####)
+  - Request_Date (DateTime, auto-populated)
+  - Requester (Lookup to Employees)
+  - Change_Type (Picklist):
+      - New Feature
+      - Enhancement
+      - Bug Fix
+      - Configuration Change
+      - Security Patch
+      - Emergency Fix
+  - Priority (Picklist: Low/Medium/High/Critical)
+  - Title (Single Line, required)
+  - Description (Multi Line, required)
+  - Business_Justification (Multi Line, required)
+  - Affected_Forms (Multi Select Lookup to Form_Inventory)
+  - Affected_Workflows (Multi Line)
+  - Risk_Assessment (Picklist: Low/Medium/High)
+  - Rollback_Plan (Multi Line, required)
+  - Testing_Requirements (Multi Line, required)
+  - Target_Date (Date)
+  - Status (Picklist):
+      - Draft
+      - Submitted
+      - In Review
+      - Testing
+      - Approved
+      - Scheduled
+      - Deployed
+      - Verified
+      - Closed
+      - Rejected
+      - Rolled Back
+  - Assigned_Reviewer (Lookup to Employees)
+  - Assigned_Approver (Lookup to Employees)
+  - Assigned_Deployer (Lookup to Employees)
+  - Review_Notes (Multi Line)
+  - Approval_Date (DateTime)
+  - Deployment_Date (DateTime)
+  - Verification_Date (DateTime)
+  - Related_Ticket (Single Line - link to support ticket/Jira)
+  - Client_ID (Lookup to Clients)
+```
+
+---
+
+## Approval Workflow (Requester -> Reviewer -> Approver)
+
+### Role Definitions
+
+| Role | Responsibility | Cannot Also Be |
+|---|---|---|
+| **Requester** | Submits change request, provides justification | Approver for same change |
+| **Reviewer** | Technical review, validates testing | - |
+| **Approver** | Authorizes production deployment | Requester or Developer for same change |
+| **Deployer** | Executes production deployment | Developer for same change (separation of duties) |
+
+### Approval Workflow Deluge Script
+
+```deluge
+// On Change_Request status change
+// Enforce separation of duties and routing
+
+on workflow "CR_Status_Change" for Change_Requests
+
+if (input.Status == "Submitted") {
+    // Auto-assign reviewer based on affected forms
+    reviewer = getReviewerForForms(input.Affected_Forms);
+    input.Assigned_Reviewer = reviewer;
+    input.Status = "In Review";
+
+    sendmail [
+        to: reviewer.Email,
+        subject: "Change Request Awaiting Review: " + input.CR_ID,
+        message: "Please review CR " + input.CR_ID + ": " + input.Title
+    ];
+}
+
+if (input.Status == "Approved") {
+    // Validate approver is not the requester
+    if (input.Assigned_Approver == input.Requester) {
+        alert "Approver cannot be the same person as the Requester (Separation of Duties)";
+        input.Status = "In Review";
+        return;
+    }
+
+    input.Approval_Date = zoho.currenttime;
+
+    // Log approval in audit trail
+    insert into HIPAA_Audit_Log [
+        Action_Type = "Change Approved",
+        User_Email = zoho.loginuserid,
+        Form_Name = "Change_Requests",
+        Record_ID = input.ID,
+        Justification = "CR " + input.CR_ID + " approved for deployment"
+    ];
+}
+```
+
+---
+
+## Testing Requirements Before Promotion
+
+### Minimum Testing Checklist
+
+| Test Type | Required For | Evidence |
+|---|---|---|
+| Unit testing | All code changes | Test results documented |
+| Integration testing | Multi-form changes | End-to-end test results |
+| Regression testing | Any workflow changes | Existing functionality verified |
+| User acceptance testing | New features | Client sign-off |
+| Security testing | Permission changes | Access matrix validated |
+| Performance testing | Bulk data changes | Load test results |
+| Rollback testing | All changes | Rollback procedure verified |
+
+### Test Documentation Template
+
+```
+## Test Results for CR-2025-0042
+
+### Test Environment
+- Organization: dev-client-org
+- Date: 2025-02-10
+- Tester: developer@cloudstreamsoftware.com
+
+### Tests Performed
+1. [PASS] New field displays correctly for Admin role
+2. [PASS] New field hidden for Standard User role
+3. [PASS] Workflow triggers on field update
+4. [PASS] Existing approval workflow still functions
+5. [PASS] Export includes new field for authorized roles
+6. [PASS] Rollback: removing field does not corrupt existing data
+
+### Test Data
+- Records tested: 50 (synthetic data)
+- Edge cases: Empty values, max-length strings, special characters
+
+### Recommendation
+Ready for production deployment.
+```
+
+---
+
+## Rollback Procedures
+
+### Pre-Deployment Rollback Preparation
+
+Before ANY production deployment:
+
+1. **Document** current state of all affected forms/workflows
+2. **Export** current form configuration (screenshots + field list)
+3. **Backup** any data that will be migrated/modified
+4. **Test** the rollback procedure in staging
+5. **Define** rollback trigger criteria (what constitutes a failed deployment)
+
+### Rollback Decision Matrix
+
+| Severity | Condition | Action | Timeline |
+|---|---|---|---|
+| Critical | Data loss or corruption | Immediate rollback | < 15 minutes |
+| High | Core functionality broken | Rollback within 1 hour | < 1 hour |
+| Medium | Non-critical feature broken | Assess fix-forward vs rollback | < 4 hours |
+| Low | Cosmetic/minor issues | Fix-forward in next change | Next business day |
+
+### Rollback Documentation
+
+```deluge
+// When rollback is executed, log it
+if (input.Status == "Rolled Back") {
+    input.Rollback_Date = zoho.currenttime;
+    input.Rollback_Reason = input.Rollback_Notes;
+
+    insert into HIPAA_Audit_Log [
+        Action_Type = "Change Rolled Back",
+        User_Email = zoho.loginuserid,
+        Form_Name = "Change_Requests",
+        Record_ID = input.ID,
+        Justification = "Rollback: " + input.Rollback_Notes
+    ];
+
+    // Notify stakeholders
+    sendmail [
+        to: input.Requester.Email + "," + input.Assigned_Approver.Email,
+        subject: "ROLLBACK: " + input.CR_ID + " has been rolled back",
+        message: "Change " + input.CR_ID + " was rolled back. Reason: " + input.Rollback_Notes
+    ];
+}
+```
+
+---
+
+## Emergency Change Process
+
+> **WARNING**: Emergency changes still require documentation -- they just follow an accelerated timeline. "We'll document it later" is an audit failure. Document in real-time.
+
+### Emergency Change Criteria
+
+An emergency change is ONLY justified when:
+- Production system is DOWN and users cannot work
+- Active security breach requiring immediate remediation
+- Data loss is actively occurring
+- Regulatory deadline will be missed
+
+### Emergency Change Process
+
+| Step | Standard Process | Emergency Process |
+|---|---|---|
+| Request | Full form | Abbreviated (title + description + justification) |
+| Review | Technical reviewer | Verbal approval from on-call lead |
+| Testing | Full test suite | Smoke test only |
+| Approval | Formal approver sign-off | Verbal + post-hoc written |
+| Deployment | Scheduled window | Immediate |
+| Documentation | Pre-deployment | Within 24 hours post-deployment |
+| Post-review | Standard | Mandatory within 48 hours |
+
+### Emergency Change Form Fields (Minimum)
+
+```
+- ECR_ID (Auto-number: ECR-YYYY-####)
+- Title (Single Line)
+- Description (Multi Line)
+- Justification (Multi Line)
+- Verbal_Approver (Single Line)
+- Deployed_By (auto: current user)
+- Deployed_At (auto: current timestamp)
+- Post_Hoc_Review_Due (auto: deployed_at + 48 hours)
+- Full_Documentation_Due (auto: deployed_at + 24 hours)
+- Status (Picklist: Deployed/Documented/Reviewed/Closed)
+```
+
+---
+
+## Change Log Retention
+
+### Retention Requirements
+
+| Record Type | Retention Period | Storage Location |
+|---|---|---|
+| Change Requests | Duration of SOC 2 audit period + 1 year | Creator + BigQuery archive |
+| Test Results | Same as Change Request | Attached to CR record |
+| Approval Evidence | Same as Change Request | CR audit trail |
+| Deployment Logs | Same as Change Request | CR + system logs |
+| Rollback Records | Same as Change Request | CR record |
+| Emergency Changes | Same + additional scrutiny | CR with ECR flag |
+
+---
+
+## Linking Changes to Tickets/Requests
+
+### Required Traceability
+
+Every change MUST link to a business justification:
+
+```
+Support Ticket / Feature Request / Bug Report
+    |
+    +--> Change Request (CR-YYYY-####)
+              |
+              +--> Git Commits (if applicable)
+              |
+              +--> Test Results
+              |
+              +--> Deployment Record
+              |
+              +--> Verification
+```
+
+### Linking in Practice
+
+```deluge
+// Validate that every CR has a related ticket
+on validate "Change_Requests"
+
+if (input.Related_Ticket == null || input.Related_Ticket == "") {
+    if (input.Change_Type != "Emergency Fix") {
+        alert "A related ticket/request number is required for all non-emergency changes.";
+        return false;
+    }
+}
+```
+
+---
+
+## Post-Implementation Review
+
+### Review Checklist (Within 5 Business Days of Deployment)
+
+- [ ] Deployment completed successfully (no rollback)
+- [ ] All test cases pass in production
+- [ ] No unexpected errors in application logs
+- [ ] Performance metrics within acceptable range
+- [ ] User feedback collected (if applicable)
+- [ ] Access permissions correct post-change
+- [ ] Audit logging captures new/modified actions
+- [ ] Documentation updated (architecture, runbook, API docs)
+- [ ] Change request record fully completed and closed
+- [ ] Lessons learned documented (if applicable)
+
+### Post-Implementation Review Meeting (For Major Changes)
+
+Attendees: Requester, Developer, Reviewer, Approver, Client Stakeholder
+
+Agenda:
+1. Change summary and business outcome
+2. Deployment experience (smooth vs. issues)
+3. Anything that should be done differently
+4. Follow-up items identified
+5. Close the change request
+
+---
+
+## Audit Trail of All Changes
+
+### What Auditors Will Request
+
+SOC 2 auditors will ask for:
+
+1. **Complete list** of all changes in the audit period
+2. **Sample selection** (typically 25-30 changes) for detailed review
+3. **Evidence** of approval for each sampled change
+4. **Evidence** of testing for each sampled change
+5. **Evidence** of separation of duties
+6. **Emergency change** review and post-hoc documentation
+7. **Rollback** instances and root cause analysis
+
+### Audit-Ready Report Query
+
+```deluge
+// Generate change log report for audit period
+auditStart = "2024-01-01";
+auditEnd = "2024-12-31";
+
+changes = zoho.creator.getRecords("app", "Change_Requests",
+    "(Request_Date >= \"" + auditStart + "\" && Request_Date <= \"" + auditEnd + "\")",
+    1, 200);
+
+// Export as CSV with all required fields for auditor review
+```
+
+> **WARNING**: Run this report quarterly to ensure data is complete and no changes were missed. Do not wait until the audit to discover gaps in your change log.