Drupal maintenance — controlled updates and technical ownership

What maintenance actually covers

Drupal core and module security updates arrive on a regular basis. Each update can affect custom code, theme or integrations — which is why we do not simply apply them automatically.

Our maintenance rhythm:

• Security updates — we monitor Drupal security advisories and apply critical patches as a priority.
• Version management — composer-based dependency management, tested in a development environment before going live.
• Automated tests — critical user flows covered with Playwright tests so updates do not break existing functionality.
• Monitoring — uptime monitoring, error reporting and log review.
• Change log — we maintain a platform history so the state of the system and the reasoning behind decisions is always clear.

When maintenance matters most

• The previous developer has left and the system has no technical owner.
• Security updates have not been applied for several months.
• The site has recurring errors with no known cause.
• A larger change or migration is planned — the system needs to be in good shape first.
• A business-critical platform where downtime costs more than maintenance.

How we start

We begin with a platform review — checking version, modules, code risks and current maintenance state. This gives a clear picture of what to address immediately and what to plan for the longer term.

Briefly describe the situation: website address, main concerns, when updates were last done and whether code and server access is available.