Quarterly Checklist Update Procedure
CYC Assess version-pins the ARC checklist JSON files. This runbook covers the quarterly update process.
Schedule
Run this procedure within the first two weeks of each quarter (January, April, July, October).
Steps
1. Fetch Latest Checklists
Download the latest GA checklist JSON files from the ARC repository for all seven checklists used by CYC Assess:
alz, aks, avd, sap, cost, network_appdelivery, multitenancy
2. Run Structural Diff
Compare new files against the pinned versions:
- New items added (new GUIDs not in current mapping)
- Items removed (GUIDs in current mapping not in new files)
- Items with changed GUIDs (same
idbut different GUID) - Schema changes (new fields, renamed fields)
3. Update the ID Mapping Table
Per the rules in ID Stability Contract:
| Change type | Action |
|---|---|
| New item | Assign new CYC ID at end of relevant bucket. Add to cyc_id_mapping.json. |
| Removed item | Mark CYC ID as deprecated: true in mapping. Do not reassign sequence. |
| Changed GUID | Update internal_ref.guid in mapping. CYC ID unchanged. |
| Changed ARC Short ID | Update internal_ref.arc_id in mapping. CYC ID unchanged. |
4. Validate Graph Queries
For any items where the GUID changed or a new graph query was added:
- Run the new graph query against the CYC sandbox tenant
- Verify it returns
{id, compliant}fields as expected - Confirm the compliance determination logic is correct
5. Deploy
- Update pinned checklist files in the CYC codebase
- Update
cyc_id_mapping.jsonin the database - Deploy to staging, run full assessment against sandbox tenant
- Verify scoring and findings are correct
- Deploy to production
6. Notify Affected Clients (if items deprecated)
If any checklist items were deprecated:
- Identify clients who had that CYC ID as
non_compliantin their most recent assessment - Include a note in their next drift report: "Item CYC-XXX-YYY-Z-NNN was removed from the assessment framework in this update"