We follow these principles:
We use source control tools to record changes to our software and configuration during development so that our source code and source data is uniquely identifiable.
Our deployable software is created by repeatable and automated builds.
We identify every item of source code and data used to create our deployable artefacts.
We provide a cryptographic checksum of all files we release.
We generate deployable software that is uniquely identified and self-identifying. No two artefacts we generate have the same identification.
We create software products whose environment configuration is externalised hence absent from the deployable software artefacts.
We provide a baseline of the unique identifiers for all parts of a delivery to our customers including software releases, test or production environments, hardware, data or any other delivery.
We record the all changes we make to our test and production environments, including software deployments, configuration changes, and hardware changes.
We only test software artefacts that are uniquely identifiable.
We only test software in environments whose hardware. and software components configurations are fully documented.