Keeping everything up to date
We do monthly upgrades to keep everything working and secure with the latest stable patches. Customers and their end users are informed in advance, usually 1-2 weeks prior to scheduled service breaks. Notifications are delivered via email, tool specific notification banners and a maintenance page in case of larger changes. Check out our Maintenance process for more detailed information.
Eficode teams systematically follows security patch releases and other security announcements related to all software products and solutions in our offerings. We also have an automated process of gathering and distributing information on relevant security notices and releases.
Reliable log management
We send logs to multiple places to avoid single source of destruction. In addition, we back up the logs to be able to recover from possible tampering attempts. We use Eficode ELK stack to analyze logs for securitu breaches and unusual behaviour that shouldn't be happening, for example Eficode account logging into server in the middle of the night without any reason.
Controlled change management
All configurations and related changes are managed as code and under version control. We track changes in an issue tracking system and follow them through to production. When implementing changes, they are first deployed to a generic test environment, then to customer specific test environment(s) if necessary. After extensive testing, the new, changed configurations are installed in customer specific production environments during the next available service break. Changes are merged back to the master configuration code line and used as part of the new base configuration.
Code review practises
All changes go through a peer review process before being released to production. Critical security related fixes may momentarily bypass the peer review process before being released. In these rare cases, the changes are reviewed retrospectively.
Performance and service monitoring
We monitor services and environments pre-emptively and create test sets that match the actual usage patterns of the services. Our monitoring stack tests basic features as smoke test and gives us a picture of the system's running status. We constantly improve our monitoring as part of our service to help us notice issues faster and to help us react faster to issues.
We believe in working with the DevOps way. This means our systems are defined and code and solutions we make are planned with automation and reusability in mind. We want to offer our customers the best services and keep our solutions reusable. We take pride in modular solutions that can be improved over time.