Our questionnaire will help you find out. Based upon DevOps best practices and metrics, this infrastructure audit checklist identifies all important aspects of a secure and resilient system and helps to discover bottlenecks. Use it to diagnose your infrastructure efficiency!
The infrastructure audit questionnaire consists of 12 questions. The first four represent DORA metrics – key parameters to measure software development and delivery performance as defined by Google’s DevOps Research and Assessment (DORA) team. The DORA metrics questions are based on Google’s Accelerate State of DevOps Report 2021.
The remaining questions relate to DevOps best practices and the level of their implementation in a company.
Upon completion, you will receive a detailed conclusion and recommendations from our DevOps experts on improving your infrastructure.
This metric measures how often a company deploys code for a particular application, for example, once per week or month. The higher this measure is, the better your product performs.
How often does your company release new changes? Please choose one of the answers below.
This metric measures the time for committed code to reach production. The metric indicates the velocity of deployment: the lower its value, the better it is for the manufacturer.
How long does it take in your company for code changes to reach production? Please choose one of the answers below.
This metric captures the percentage of code changes that resulted in incidents, rollbacks, or any type of production failure. The Change Failure Rate indicates the quality of deployed software: the lower the average is, the fewer errors a code contains.
How often do changes in your code lead to critical production issues? Please choose one of the answers below.
The Mean Time to Recover metric measures the average time required to troubleshoot a component or recover a system after failure. Effective DevOps reduces this metric.
How would you assess a Mean Time to Recover in your company? Please choose one of the answers below.
Infrastructure as code (IaC) is an approach to set up, provision, and deploy IT infrastructures by describing their resources in code. Implementing the IaC practice allows you to automate deployments, trace and validate infrastructure changes, and deploy environment configurations to create identical environments as often as needed.
Technologies: Terraform, Pulumi, AWS CloudFormation.
Do you follow the Infrastructure as Code approach? Please choose your answer. You can supplement your answer with an additional option (+) if it is relevant to your organization.
Containerization is the practice of packaging an application code with all its related files, libraries, and dependencies within a standardized unit, or ‘container.’ Once workloads are containerized, they can run on any platform, be independent of one another in terms of languages or frameworks, and managed collectively with container orchestration tools.
Technologies: Docker, Kubernetes, Rancher, Docker Swarm, OpenShift, EKS, and AWS Fargate.
Do you leverage the advantages of containerization technology? Please choose one of the answers below.
A measure to indicate how much infrastructure corresponds to the latest technology trends and whether it is ready for future challenges. Regular technology updates allow companies to remain technologically advanced and ahead of the competition.
Technologies: vary on performance level.
Is your infrastructure stack modern enough? Please choose one of the answers below.
Continuous Integration (CI) and Continuous Deployment (CD) are the DevOps practices of automated building, testing, and deployment of code to target environments. Implementation of CI/CD enables automation of repetitive tasks, provides for a faster deployment pace, shorter release cycles, early detection of erroneous code and quick fixes, and improves overall code quality.
Technologies: GitLab, GitHub, Argo CD, Bitbucket, and Jenkins.
Which of the CI/CD processes are established in your company? Please choose one or more answers.
Security is a set of specific guidelines and best practices to protect information, systems, and assets against potential attacks. Effective security strategy mitigates the risks of your data assets being compromised, prevents security breaches and data leakage, and enhances the overall reliability and availability of services.
Techniques and technologies: Threat modeling, risk assessment, Defense in Depth (DiD) approach, security by design principles, and Application Security (AppSec) tools.
Which of the following security practices are implemented in your company? Please choose one or more answers.
Backup and Disaster Recovery (DR) are DevOps strategies for restoring infrastructure or system components after failover with minimum downtime and data loss. Effective backups and recovery strategies imply redundancy of information and data assets, so you will always have a copy of your data available elsewhere when a disaster strikes.
Technologies: dedicated backup software (Veeam Backup & Replication, Velero, Rsnapshot, FSBackup), snapshots, and BaaS for cloud services.
How much is your business secured against force majeure? Please choose one or more answers.
Observability is a DevOps practice of measuring a system’s current state based on the data it generates, including logs, metrics, and traces. Observability makes infrastructure processes visible, allows for data visualization and analysis, and enables effective code debugging and timely troubleshooting of issues.
Technologies: Grafana, Prometheus, Alertmanager, ELK, AWS CloudWatch, Jaeger, and Datadog.
How effective is observability in your company? Please choose one or more answers
Documentation is an effective way to keep internal processes and procedures systemized and available for future reference. Detailed and accurate documentation is a centerpiece of all your must-know information and an advisory for new employees.
Technologies: documentation management systems (Confluence, Nuclino, Read the Docs), GitHub Pages, and Continuous Documentation tools.
How good is your documentation? Please choose one or more answers.