The Odoo community is relatively young, fast but sometimes somewhat immature when dealing with the security of Odoo ERP systems.
This webpage catalogs a few do's and don'ts, which you can cross-check with your Odoo implementation partner. Or let us know, and we can help you too.
Use a GIT-Repo
Using a GIT-repo should be obligatory for all developers contributing to your ERP instance, even if you are working in a multi-developer mode, including:
(Outsourcing) Module developers from apps.odoo.com
Developers of your implementation partner
Using a GIT-repo avoids unforeseeable conflicts between new and existing source-code. Testing new features on a Staging server ensures avoidable surprises and down-time on your production system.
Separate PROD and STAG
Automate backups of your Odoo instance on production systems. In case of a blackout, you can recover by..
restoring the backup of specific databases, and restore the modules and core-code from a GIT-repo (assuming you are using one). If you are not using a GIT-repo, your only resort in case of a fatal crash would be to restore code from a test machine, or a developer's local programming environment.
restore a snapshot of the virtual machine, in case your VMs are being backed-up. (We use this method on our server-infrastructure)
Allow Kubernetes or a similar container-orchestration system to recover automatically.