Every prod release has reviewed PR + passing CI

SOC2.CC8.CHANGE · GLOBAL · operational_security

Severity

high

Cadence

weekly

Region

global

Current status (Apollo Gaming Ltd.)

not evaluated

Requirement

Every commit that reaches production must have been merged via a PR with a passing CI run. Hotfix branches are permitted but must backfill a PR + CI run within 48 hours.

Source: AICPA TSC — CC8 Change Management

Evidence specification

Evidence type	Connector	Spec	Acceptance criteria
`infra_config`	`cloud-aws`	{ "resource_type": "github_release_audit", "required_fields": [ "release_sha", "pr_url", "ci_status", "deployed_at" ] }	`every deployed_at in last 30d has pr_url populated` `every release has ci_status=success`

Recent evaluations (Apollo Gaming Ltd.)

No evaluation history for this control yet.