Our philosophy is that all configuration should be source controlled and encapsulated as a deployable, repeatable artifact, just as it is with application code.
A great question that can ascertain an organisation's DevOps maturity model is "How does your organisation push out Sitecore security hotfixes?" and see if the answer is anything but scripted, repeatable, and centrally managed.
Infrastructure as code (IaC)
We work within industry IaC best practices to ensure repeatability and consistency.
All our Sitecore platform infrastructure is source-controlled, versioned, and release managed. The base templates and scripts for this are not available to customers to modify, however we do have a process to patch into these for customer specific requirements and configuration and can provide visibility of this.
Sitecore platform configuration
It is important that all environments, including developer local environments, receive the same platform configuration and Sitecore updates so that security and functionality is consistent and there are no surprises when releasing.
Dataweavers applies our standard platform configuration, optimizations, and Sitecore hotfixes to the customer's Sitecore platform application repository. This also enables greater visibility on any required Production vs Non-Production configuration that will be applied on environments.
Extending Sitecore configuration
Many customers and developers need to modify and extend Sitecore configuration.
Our approach is to allow you to apply your own Sitecore configuration changes (including Pipelines), within reason, through strict configuration management, according to Helix principles.
Should an extension of this nature cause an adverse effect on the environment, or worse, affect the SLAs, Dataweavers will work with you (through the support desk) to achieve the desired outcome.