Software Development Life Cycle (SDLC) Procedure

1. Purpose and Scope

This document outlines the formal process for the development, implementation, and maintenance of Tracelight applications and supporting AWS infrastructure. This procedure ensures that all changes are authorised, tested, and reviewed to mitigate the risk of unauthorised changes or malicious code.

2. Development Framework

  • Environment Separation: Tracelight maintains strictly separate environments for development/testing and production.

  • In-House Development: All Tracelight web applications and the Microsoft Excel add-in are developed in-house by our internal engineering team.

  • Secure Coding: Engineers are trained in secure coding practices to ensure the robustness and security of the product.

3. Change Management Process

  • Code Review: Code repository branch rules are configured so that every merge request to the production environment requires review and approval from an authorised engineer.

  • Testing: Changes are thoroughly tested in a separate development or test environment to verify functionality and security before being promoted to production.

4. Deployment and Production Access

  • Least Privilege: Admin access to the production environment is limited to the CTO and a restricted group of authorised Engineering personnel.

  • Deployment Restrictions: Developers are prohibited from making direct changes to application code in the production environment.

  • Traceability: All source code changes are logged, time-stamped, and attributed to the specific author in the version control system.

5. Emergency Changes

  • Accelerated Timeline: Emergency hotfixes follow a documented accelerated timeline.

  • Approval: A limited subset of engineers are authorised to bypass this standard process in emergency situations with retrospective review.

6. Vulnerability Remediation SLAs

As part of our continuous improvement, identified vulnerabilities are remediated according to the following defined timelines: Critical: 14 Days; High: 30 Days; Medium: 90 Days

Approved By: Aleksander Misztal, CTO

Effective Date: May 27, 2025

Follow

Follow

PRODUCT

PRODUCT

Security

Security

Pricing

Pricing

Features

Features

RESOURCES

RESOURCES

Company

Company

Careers

Careers

Blog

Blog

USE CASES

USE CASES

AI for Excel

AI for Excel

AI for Financial Modelling

AI for Financial Modelling

AI for Spreadsheets

AI for Spreadsheets

© 2026 Tracelight

© 2026 Tracelight

Privacy Policy

Privacy Policy

Terms & Conditions

Terms & Conditions

Contact Us

support@tracelight.ai