Do you allow root access to production servers? or full sudo access?
Do you allow particular tasks to be run with sudo? Which ones?
Do you grant users temporary superuser permissions?
What do you do in case of emergencies?
Do you completely forbid users from sshing to production servers?
Do you audit/monitor superusers activity?
This would depend on what type of hosting this is for. If this is for a shared hosting setup then customers do not have or need sudo permissions. Either way the only people with sudo should be the top system engineers for emergencies, everyone else can go through the automated security, deployment and testing process from testing, staging and automated tested and verified push to production.