Web Application Setup and Maintenance RACI
Digital Solutions Operating Model
The operating model is designed to create a close partnership between marketing agencies, service partners and Client resources to deliver quality digital products securely and efficiently.
| Roles | Responsibilities |
|---|---|
| Stakeholder | As business lead, provide strategic guidance and ownership Confirm the solution design and operational procedures Obtain appropriate approvals per PRT process |
| Agency | Develops creative strategy, campaign, copy layouts, messaging and style guide Participate in PRT submissions & client reviews |
| I.S / BPS | Manage the digital technology portfolio and applications Develops and supports the digital operating model Participates in status and prioritization meetings Continually evolve the digital technology roadmap |
| Service Partner | Provides the implementation services of the selected solution Documents the implementation process, builds design documents, and functional specs Provide best practices on architecture and act as Subject Matter Expert |
| PRT | Provide review and approval of all promotional material |
New Application RACI
Client BPS | Client IS | Motionstrand | 3rd Party Agencies | Hosting Provider | ||
|---|---|---|---|---|---|---|
| 1 | Hosting Environment | |||||
| 1.1 | Codebase request | C | I | R | I | |
| 1.2 | Codebase request cost approval | A | R | C | I | |
| 1.3 | Codebase provisioning | I | I | R | ||
| 1.4 | Assign codebase access to Motionstrand | I | I | R | ||
| 1.5 | Create team for new agency | A | I | R | C | |
| 1.6 | Assign teams and members to codebase | A | I | R | C | |
| 2 | Drupal Development (Hosting Development Environment) | |||||
| 2.1 | Install and configure Drupal 10 | I | R | |||
| 2.2 | Responsive theming and module development | R | ||||
| 2.2.1 | Non-standard Frontend & Backend development | I | R | I | ||
| 2.3 | Apply Drupal core and contributed module security updates | I | R | |||
| 2.4 | Deploy application to staging environment for review and testing | I | R | |||
| 3 | Quality Assurance (QA) Testing (Hosting Staging Environment) | |||||
| 3.1 | Complete frontend and backend application testing | I | R | R | ||
| 3.2 | Identify and address QA issues | I | I | R | I | |
| 3.3 | Code Review | C | R | |||
| 3.4 | CMS configuration review | I | R | |||
| 3.5 | Hosting Code and configuration audit report | I | I | R | ||
| 3.6 | Application updates to meet Hosting environment best practices and Drupal 10 coding standards | I | I | R | ||
| 3.7 | Revisit QA test plan and confirm release candidate for production | A | I | R | ||
| 3.8 | OWASP top 10 penetration testing | C | R | C | I | |
| 4 | Deployment/Testing (Hosting Production Environment) | |||||
| 4.1 | Setup application domain(s) and SSL certificate | I | C | R | C | I |
| 4.2 | Deploy application to Production environment | A | C | R | C | |
| 4.3 | Configure domain DNS settings | I | R | C | I | I |
| 4.4 | Post deployment QA testing | I | I | R | R | |
| 4.5 | OWASP top 10 penetration testing | C | R | C | C | C |
| 5 | Reporting | |||||
| 5.1 | Functional specification document and/or annotated design/flowchart | A | I | R | ||
| 5.2 | Website tracking and reporting | C | R |
R = Responsible, A = Accountable, C = Consult, I = Inform
Application Maintenance RACI
Client BPS | Client IS | Motionstrand | 3rd Party Agencies | Hosting Provider | ||
|---|---|---|---|---|---|---|
| 1 | Drupal Development (Hosting Development Environment) | |||||
| 1.1 | Responsive theming and module development | R | ||||
| 1.2 | Non-standard Frontend & Backend development | I | R | I | ||
| 1.3 | Apply Drupal core and contributed module security updates | I | I | R | ||
| 1.4 | Deploy application to development environment for review and testing | I | R | |||
| 1.5 | Deploy application to Stage environment for review and testing | I | R | |||
| 2 | Quality Assurance (QA) Testing (Hosting Staging Environment) | |||||
| 2.1 | Complete frontend and backend application testing | R | R | |||
| 2.2 | Identify and address QA issues | I | R | |||
| 2.3 | Code Review | I | R | I | ||
| 2.4 | Drupal configuration review | R | I | |||
| 2.5 | Code and configuration audit report | I | R | C | ||
| 2.6 | Application updates to meet Acquia environment best practices and Drupal 10 coding standards | I | I | R | ||
| 2.7 | Revisit QA test plan and confirm release candidate for production | A | R | |||
| 2.8 | OWASP top 10 penetration testing | C | R | C | I | I |
| 3 | Deployment/Testing (Hosting Production Environment) | |||||
| 3.1 | Deploy application to Production environment | A | I | R | I | |
| 3.2 | Post deployment QA testing | I | R | R | ||
| 3.3 | OWASP top 10 penetration testing | C | R | C | I | I |
| 4 | Reporting | |||||
| 4.1 | Functional specification document and/or annotated design/flowchart | A | I | I | R | |
| 4.2 | Website tracking and reporting | C | I | I | R |
R = Responsible, A = Accountable, C = Consult, I = Inform
Task Details
| Hosting Environment | |
|---|---|
| Hosting environment request | Motionstrand to setup a web application environment to be added to Client Hosting subscription. |
| Identify hosting environment requirements | Motionstrand to determine application upstream type (Drupal, WordPress, or Custom). Review application and production server requirements. Approve associated costs. Site plan - https://pantheon.io/docs/site-plans-faq#plan-resources Custom Upstreams - https://pantheon.io/docs/guides/custom-upstream |
| Hosting environment provisioning | Motionstrand team provisions new environment for use on the Hosting subscription. The production environment will not be activated until the web application is ready for production. No additional costs are associated until the production environment is enabled. |
| Assign developer(s) to environment | MOS hosting administrators will provide developer(s) access to the appropriate Hosting environment. Each developer will need to create their own Hosting account so all changes can be tracked. Shared accounts are not allowed. |
| Web Application Development | |
|---|---|
| Install and configure Drupal, WordPress, or Custom upstream | Begin developing the application within the Hosting development environment. Drupal - https://docs.pantheon.io/drupal-10 or https://docs.acquia.com/acquia-cloud-platform/create-apps/install WordPress - https://pantheon.io/docs/WordPress-best-practices Custom - https://pantheon.io/docs/guides/custom-upstream |
| Frontend & Backend development | All code committed to Hosting is required to meet Client's coding standards documented here. Coding standards apply to all code within the application, its contributed modules/plugins, and custom modules/plugins. |
| Non-standard Frontend & Backend development | Any code that does not meet Client's coding standards and/or Drupal/WordPress development best practices should be identified and include a description detailing the reason for objection. |
| Committing Code | All code must be committed to the Hosting GIT Repository for version control tracking. All code must be committed to a topic branch. All application environments are to be kept in GIT mode. Hosting best practices and Client GIT coding standards are to be followed. https://pantheon.io/docs/code https://docs.acquia.com/acquia-cloud-platform/develop-apps/repository/git |
| Apply security updates | Apply any available Drupal/WordPress core or contributed module/plugin security updates released by the associated security team. https://www.drupal.org/security https://wordpress.org/about/security/ |
| Deploy application to Stage environment for review and testing | Move application to the Hosting Stage environment to conduct quality assurance (QA) testing. |
| Quality Assurance Testing / Updates | |
|---|---|
| Complete frontend and backend application testing | Create an application testing plan in a format that can be easily updated and shared across multiple teams to accommodate current and future application requirement testing. All frontend and backend functional/visual requirements and devices/browsers should be accounted for in the test plan. |
| Identify and address QA issues | Ensure all issues identified have been resolved, tested, and updated within the application test plan. |
| Code Review | Notify Motionstrand to request a review of the application release candidate within the Hosting multidev staging environment. |
| CMS configuration review | Motionstrand to review Drupal or WordPress configuration settings to ensure best practices for applications hosted within the Hosting environment |
| Code and configuration audit report | Motionstrand to provide an audit report identifying any updates required for compliance with Client coding standards and Drupal/WordPress development best practices. |
| Address issues identified within the audit report | Application updates to meet Hosting environment best practices and Client Coding standards. |
| Revisit QA test plan and confirm release candidate for production | If any code or configuration updates were made revisit all tasks within section 3 of the RACI. |
| OWASP top 10 penetration testing | Client IT to initiate OWASP top 10 penetration test and report any issues identified. |
| Deployment/Testing | |
|---|---|
| Setup application domain(s) and SSL certificate | Work with Client IT and ThreatX teams to generate an SSL certificate for production domain(s). Configure domains and install SSL certificate within the Hosting Production environment. |
| Deploy application to production environment | Deploy application to Hosting production environment |
| Configure domain DNS settings | Complete DNS updates to direct domain(s) to the associated Hosting application. |
| Enable server performance monitoring | Enable New Relic server performance monitoring on production environment. |
| Post deployment QA testing | Revisit QA test plan within Hosting production environment. |
| OWASP top 10 penetration testing | Client IT to initiate OWASP top 10 penetration test and report any issues identified. |
| Reporting | |
|---|---|
| Functional specification document and/or annotated design/flowchart | Provide documentation that identifies the application functional and visual configurations in a version controlled format. Any updates to the application should be highlighted and saved as a new version of the document(s). |
| Website tracking and reporting | Website tracking (i.e. Google Analytics and custom event KPI's) scripts are enabled and reporting analytics. |