Production stand-up (early in the engagement). Create the production AWS account in the Canadian region (ca-central-1), organizationally separate from staging, with Organization-level federation. This requires AWS Organization administrator credentials Parx alone cannot exercise Apply the Parx-built Terraform modules to the production account: baseline service-control policies (data residency, root denial, multi-factor authentication, public-S3 denial, security-service denial), customer-managed KMS keys, least-privilege IAM roles, CloudWatch alarms and log shipping, S3 with seven-year Object Lock retention, AWS Secrets Manager with rotation lambdas Activate the CI/CD production pipeline with environment-gated deploys (manual approval required for production) Production deployment of the signed-receipt KMS asymmetric migration (already validated in dev and staging) Production deployment of the operational key-custody infrastructure (already validated in dev and staging): rotating service keys for the application layer, validator keys for the permissioned blockchain nodes, and privacy keys for the private-transaction layer Validate the Parx-drafted production runbooks against the live environment; revise where production behaviour differs from staging Live vendor cutover (sequenced through the active window). (KYC) - swap the Parx-built adapter from mock mode to live Persona sandbox credentials in dev and staging, then production cutover Comply Advantage (sanctions, politically-exposed-person, adverse-media screening) - same pattern, sandbox then production Balance Custody (qualified custodian, multi-party-computation 2-of-3 architecture) - testnet integration (target end of June 2026); production cutover at the production key ceremony Production cutover and hyper-care (S-anchored).