Go-Live Checklist
What to confirm before moving WatchTower from sandbox validation into production traffic.
Security ready
Confirm MFA, role access, API key handling, audit logs, and environment separation.
Integration ready
Validate payloads, idempotency, duplicate behavior, error handling, and decision mapping.
Operations ready
Test alerts, cases, notifications, reports, SLA, and support escalation before traffic expands.
Section
Access and security
- first admin has accepted the invite
- analysts and risk leads have correct roles
- MFA is enabled for admins and risk leads
- password reset and invite flows have been tested
- production API key is stored server-side
- sandbox and production credentials are separate
- IP allowlisting is configured where used
- audit logs are accessible to admins
Section
Integration readiness
- payload contract is stable
- required fields are present
- idempotency keys are implemented
- duplicate retry behavior is tested
- client timeout behavior is defined
- malformed payload handling is tested
- normal, review, and block-style test scenarios have been run
Section
Operations readiness
- alert inbox workflow is tested
- case assignment and status transitions are tested
- notes, mentions, and attachments are tested where enabled
- notification channels are configured
- email notifications are tested for assignment or mention flows
- SLA settings are reviewed
- support contacts and escalation path are known
Section
Reporting and audit readiness
- reports show expected transaction and alert activity
- CSV exports are reviewed where required
- audit logs capture sensitive changes
- daily review process is agreed for the first production week
Section
Recommended rollout pattern
- simulator or sandbox traffic
- limited production traffic
- daily monitoring and support review
- controlled traffic ramp-up
- wider tenant or channel rollout
Next UpFirst POC Rollout
Continue Through The DocsWatchTower Integration Guides