Change Management Policy
CustomHub.io

Effective Date: 01/01/2025
Last Updated: 01/01/2025

1. Introduction

CustomHub.io is committed to maintaining the integrity, security, and reliability of its systems, including its integration with Amazon’s Selling Partner API (SP-API). This Change Management Policy defines the responsibilities, processes, and access controls for testing, verifying, and approving changes before they are deployed.

2. Scope

This policy applies to all changes affecting CustomHub.io’s software, infrastructure, and Amazon Information. This includes:

  • Code updates and feature releases.
  • Security patches and infrastructure modifications.
  • Changes to data processing and retention policies.
  • System configuration updates.

3. Change Management Process

Step 1: Change Request & Documentation

  • All changes must be documented in a change request ticket in the project management system (e.g., Jira, GitHub Issues).
  • The request must include:
    • A description of the change.
    • Expected impact and risk assessment.
    • Testing and rollback plan.
    • Assigned developer and reviewer.

Step 2: Code Development & Testing

  • Changes are implemented in a development branch and must follow best coding practices.
  • Unit and integration tests are executed to verify functionality.
  • Security vulnerabilities are checked as part of the CI/CD pipeline.

Step 3: Code Review & Approval

  • All changes require a peer review via GitHub pull requests before merging into the main branch.
  • At least one senior developer or DevOps engineer must approve the changes.

Step 4: Pre-Production Testing

  • Approved changes are deployed to a staging environment for functional and regression testing.
  • Security compliance checks and performance benchmarks are conducted.

Step 5: Approval for Deployment

  • The final approval for production deployment is given by the CTO or designated senior engineer.
  • Major changes require a change approval meeting to assess risks.

Step 6: Deployment & Monitoring

  • Changes are deployed using an automated CI/CD pipeline.
  • Post-deployment monitoring is conducted to detect any issues.
  • A rollback plan is in place to revert changes if needed.

4. Access Control & Restrictions

  • Role-Based Access Control (RBAC) ensures that only authorized personnel can deploy changes.
  • Production deployments are restricted to senior DevOps engineers and administrators.
  • Audit logs track all modifications to infrastructure and application code.

5. Emergency Change Process

  • Emergency fixes (e.g., security patches) follow an accelerated review and approval process.
  • The CTO or designated security officer must authorize emergency deployments.
  • Post-deployment review and documentation are required.

6. Compliance & Security

CustomHub.io adheres to:

  • Amazon’s SP-API Data Protection Policy.
  • General Data Protection Regulation (GDPR).
  • California Consumer Privacy Act (CCPA).
  • Industry best practices for software security and change management.

7. Policy Updates

This policy will be reviewed and updated periodically to ensure continued compliance with industry standards and Amazon’s requirements.

8. Contact Information

For inquiries regarding this policy, contact:

Email: support@customhub.io
Address: 1911 Ball Rd, Anaheim, CA, 92805