Skip to content

Playbook Security Architecture Review

Hermes Agent edited this page Jul 11, 2026 · 1 revision

Security Architecture Review

Objective

Review structural security properties of a design, platform, or workflow.

Inputs

  • architecture diagrams or descriptions
  • trust assumptions
  • IAM, secrets, logging, network, and resilience context

SMEs involved

Typically security-architecture, with support from security-threat-modeling and security-qa.

Flow

  1. intake and boundary identification
  2. architecture review
  3. control-gap analysis
  4. risk prioritization
  5. QA

Gates

  • sufficient architecture context
  • explicit trust boundaries
  • QA pass on evidence and claims

Outputs

  • design findings
  • control recommendations
  • tradeoffs and residual risk

Limitations

This playbook does not prove implementation correctness by itself.

Sanitized example

Review how secrets and audit boundaries are handled across a platform integration layer.

Clone this wiki locally