This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

This policy describes the formal procedures for managing changes and versions within Cenareo.

It ensures the secure and controlled development, testing, deployment, and management of changes to our software applications, systems, and infrastructure.

It is reviewed and updated periodically to reflect technological changes, industry best practices, and regulatory requirements.

Software Development Cycle Standard (SDLC)

Cenareo maintains a documented software development life cycle (SDLC) standard. This standard defines a structured approach for developing, testing, deploying, and maintaining software applications. The SDLC integrates security best practices into all phases of development.

Change control process

A formal configuration management (CM) process governs all changes to hardware, software, and firmware across physical and virtual platforms. This process includes

  • Change request : All proposed changes must be submitted through a formal change request procedure. The request will detail the nature of the change, its purpose, and its potential impact.
  • Impact analysis : The information security team will assess the security implications of the proposed change.
  • Approval process : Changes will be reviewed and approved by a designated Change Approval Committee (CAB), based on risk assessment and alignment with business goals.
  • Implementation and verification : Approved changes will be implemented in accordance with documented procedures and tested extensively to ensure functionality and safety.
  • Documentation and version control : All changes will be documented and monitored as part of a version control system.

Basic configuration management

We maintain documented basic configurations for all critical systems and applications. These basic configurations define the authorized and secure state of the system, integrating security best practices and industry standards. Any deviations from the basic configuration should be justified and approved as part of the change control process.

Secure coding practices

We are committed to secure coding practices.

These include:

  • Static application security testing (SAST) : We use automated SAST tools to identify potential security flaws in the source code during development.
  • Code review : In addition to automated tools, we also use manual code reviews by qualified personnel to detect security flaws and promote secure coding practices within development teams.

Version Management

The versions of new applications and updates are controlled by the following release management process.

This process ensures that testing, packaging, deployment, and rollback procedures are followed appropriately to minimize disruptions and maintain system stability.

Delivery planning

  • Initiation : The product or development team submits a formal release request describing the features, functionality, and expected release date.
  • Review of requirements : The information security team reviews the request to assess the security implications and to ensure that it complies with security policies and standards.

Broadcast planning meeting

A cross-functional team, including development, testing, operations, and security personnel, participates in a production planning meeting to define:

  • Scope and characteristics of the version.
  • Timeline and development milestones.
  • Test strategy and criteria.
  • Deployment plan and rollback procedures
  • Communication plan for stakeholders.

Publishing priorities

Critical security updates or features that have a significant impact on business can be expedited, while lower-risk releases follow a standard schedule.

We set priorities based on the following factors:

  • Security severity of the vulnerabilities addressed.
  • The business impact of new features or updates
  • Dependencies on other versions.

Development and testing

  • Development : Development teams create new features or updates based on the approved release plan.
  • Safety tests :
    • Static Application Security Testing (SAST): SAST's automated tools are used throughout development to identify potential security flaws in code.
    • Dynamic Application Security Testing (DAST): As development progresses, DAST tools are used to simulate real attacks and identify functionality vulnerabilities.
  • Unit test : Developers perform unit tests to ensure that individual code modules work as expected.
  • Integration tests : Integration tests check the functionality of different modules working together.
  • System test : System testing assesses the functionality and overall performance of the release in a simulated production environment.
  • User Acceptance Test (UAT): Where appropriate, UAT involves end users testing the version to ensure that it meets their needs and expectations.
  • Security review : The information security team is conducting a final security review of the candidate release, correcting any vulnerabilities identified prior to deployment.

Preparing for circulation

  • Launch Build : A final version is created, incorporating all approved features and bug fixes.
  • Documentation and release notes : Extensive documentation and release notes are prepared, detailing new features, functionalities, known issues, and upgrade instructions.
  • Pre-deployment review : The cross-functional production team is conducting a final review to ensure that all criteria are met for deployment.

Deployment

  • Deployment window : The versions are deployed during predefined deployment windows in order to minimize disruptions to production systems.
  • Deployment strategy : A staged deployment approach can be used, deploying the release in a limited environment for testing prior to full production deployment.
  • Plan to go back : A rollback plan is in place in case of unexpected issues after deployment.

Post-deployment

  • Follow-up and support : The functionality and performance of the released version are checked. Support channels are available for users who encounter issues.
  • Post-deployment assessment : A post-deployment review is carried out to assess the success of the dissemination, identify lessons learned, and improve future dissemination processes.

Communication and training

The information security team provides ongoing communication and training to developers, system administrators, and other relevant personnel on secure coding practices, change control procedures, and the importance of developing secure software.

Follow-up and improvement

Change and version management processes will be regularly monitored and reviewed for effectiveness. We are constantly working to improve these processes based on lessons learned and industry best practices.

Besoin de nous joindre ?

Contactez nos équipes pour toute question sur ce sujet.

Contactez nous
Cenareo

Change and Release Management Policy

Text Link
Engage your audiences,
become a media.
AUDIENCES
CustomersEmployeesFlowsMarket
SOLUTIONS
Digital signageVideo
Business
CastingAboutContact us
resources
BlogInsightsCustomer storiesVideos
© CENAREO 2025, All rights reserved.
Help centerSupportLegalRGPDCybersecuritySite map
en