# Production Readiness Security Checklist > **Intro:** This checklist asks whether a service is safe to operate in production, not only whether the code compiles and tests pass. ## Best time to use this checklist Use it before first production launch, before moving from pilot to broad availability, and before handing service ownership to another team. ## Stop-the-line conditions * the service has no clear owner or on-call path; * high-value actions are not logged; * no tested recovery or rollback path exists; * sensitive data handling is undefined or contradictory. ## Text-first review prompts * Who owns the service, the secrets, the identities, and the deployment path? * Which security events must be visible on day one? * How does the service recover from bad config, bad deploy, or abuse? * What minimum hardening baseline is expected for this runtime? * How are dependencies, images, or packages trusted and updated? * What unresolved risk is being accepted at launch? ## Evidence table | Control area | What to verify | Typical evidence | | --------------- | -------------------------------------------------------- | --------------------------------- | | Ownership | Service, runtime, and escalation ownership is documented | service catalog, runbook | | Security events | High-value auth, admin, and data events are visible | logging schema, dashboard | | Recovery | Rollback, fail-safe, or break-glass procedures exist | runbook, incident drill notes | | Baseline | Runtime and deployment meet agreed minimum controls | YAML, Dockerfile, baseline review | | Residual risk | Known gaps are documented and owned | risk record, launch review | ## Common misses * assuming SAST/DAST alone means production-ready; * ignoring emergency-access paths or support tooling; * launching without denial logs or admin action logs; * treating shared ownership as the same thing as actual ownership. ## Related pages * [Pre-Release Security Checklist](/learning-labs-interview-and-templates/index-3/pre-release-security-checklist.md) * [Secret Handling Checklist](/learning-labs-interview-and-templates/index-3/secret-handling-checklist.md) * [Kubernetes Deployment Review Checklist](/learning-labs-interview-and-templates/index-3/kubernetes-deployment-review-checklist.md) \---*Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/learning-labs-interview-and-templates/index-3/production-readiness-security-checklist.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.