Consistency

Establishing consistency between your cloud hosting related to the operational management of an environment, application, or workload. IT teams often provide monitoring of applications, workload, and asset performance. They also commonly execute the tasks required to meet scale demands, remediate performance service-level agreement (SLA) violations, and proactively avoid performance SLA violations through automated remediation. The resource Consistency discipline ensures resources are consistently configured in such a way that they can be discoverable by IT operations, are included in recovery solutions and can be onboarded into repeatable operations processes.

The following policies will be implemented:

deployed assets must be tagged with the minimum following values:

• cost centre
• workload name
• workload criticality
• environment type
• governance tooling must validate tagging related to cost, criticality, workload, and environment. All values must align to predefined values managed by NHS or healthcare organisation governance teams

Creation of new subscriptions or management groups for any mission-critical applications or protected data will require a review from the cloud governance team.

Tooling must enforce that automatic updates are enabled on all deployed virtual machines. Violations must be reviewed with operational management teams and remediated in accordance with operations policies. Assets that are not automatically updated must be included in processes owned by IT operations.

The following policies will be implemented:

• deployment tooling must be approved by the cloud governance team to ensure ongoing governance of deployed assets.

• deployment scripts must be maintained in a central repository accessible by the cloud governance team for periodic review and auditing

The following policies will be implemented:

• governance tooling must validate that all assets are included in monitoring for resource depletion, security, compliance, and optimisation.
• governance tooling must validate that the appropriate level of logging data is being collected for all applications and data

All mission-critical applications and protected data must have backup and recovery solutions implemented to minimise the business impact of outages or system failures.