Deployment correctness, environment and configuration hygiene, infrastructure hardening, health checks, runbook readiness, and rollback capability.
The deployment / runtime-posture layer: can this system be reliably deployed, operated, and recovered?
In scope. Deployment configuration (environment variables, feature flags, migration ordering relative to deploy), infrastructure hardening (OS / container baseline, network policy, secrets manager integration), health checks, zero-downtime deploy mechanics, rollback capability, disaster recovery procedures, runbooks, production-parity of lower environments, bootstrap / shutdown ordering, backup / restore procedures (as distinct from backup correctness).
Not in scope. Supply-chain integrity of the artifacts being deployed — that's supply-chain. Runtime observability of the deployed system — observability. Resilience patterns in application code — error-resilience. Cost controls — cost-efficiency.
Distinct because. The defect is can this thing be shipped, operated, recovered at the system / environment level — not the code level. A pattern about "no rollback plan documented" is operational-readiness. A pattern about "health check endpoint returns 200 even when DB is down" is operational-readiness (the check is broken) and error-resilience (the system doesn't represent its health honestly).
Conceptual sub-structure. Deployment mechanics, environment hygiene, infrastructure hardening, health / liveness, disaster recovery.