Security review schedule — REDIRECTED
This document has been absorbed into the development-lifecycle spine doc (NQU-698).
The substance is now hosted in two places:
- Weekly rotating focus areas (Auth W1, Errors W2, Tests W3, Compliance W4) →
docs/reference/process/development-lifecycle.md§3 (Recurring rhythms) - Quarterly deep dive (Semgrep,
npm audit, IAM, Cognito password policy, S3 encryption + lifecycle, RDS backups, CloudTrail review) →docs/reference/process/development-lifecycle.md§5 (Anti-entropy mechanisms) and Appendix A (Pre-prod cutover gate).
What used to live here
Per-area checklists for Auth & Authorization, Error Handling, Test Coverage, Compliance, and the Quarterly Deep Dive — plus escalation and review-log instructions. The per-area checklists are preserved at their original level of detail in this file's git history:
git log --follow docs/admin/security/review-schedule.md
git show <pre-redirect-commit>:docs/admin/security/review-schedule.md
No information is lost; only the source of truth has moved.
Why
This file pre-dated the development-lifecycle methodology spine doc (NQU-698, ratified 2026-04-29). NQU-698 §10 disposition table designated this file as ABSORBED — the substance belongs in the spine doc so there is one place to look. Maintaining two locations would re-introduce the fragmentation the spine doc exists to prevent.
Redirect created 2026-05-25 per NQU-705.