What does the team need to effectively own and operate services already in production, regardless of new development work on those services?
The team has codified the creation of new services to their agreed standards. Compliance controls are managed and verifiable through change control. Quality of service is monitored, reviewed, and managed proactively.

Templates & Golden Paths πŸ”—

A comprehensive set of helpers, templates and accelerators that expedite development and ensure consistent implementation of best practices across our common component types. Component / Project templates implement blueprints in preferred architectures, coding conventions and engineering standards. Accelerators combine templates into workflows to scaffold, build, test and deploy new services in under an hour.

πŸ’Ž Benefit: Automated standardisation of agreed best practices and compliance across common component types.

πŸ“Ά Signal(s): New components or projects can be created and deployed to production in under an hour. Regular contributions to the shared templates and accelerators from Communities of Practice or specialist groups. It is easy to transfer ownership of components or projects between teams.

Continuous Integration πŸ”—

All code changes are continually merged to the main branch (trunk/main) several times a day. Test-driven development (TDD) and behavior-driven development (BDD) practices are diligently followed by team members. TDD ensures that tests are written before the code, promoting a thorough understanding of requirements and facilitating comprehensive test coverage. BDD focuses on defining system behavior through scenarios and specifications, improving collaboration between stakeholders and developers. The team may also practice Trunk-based development (TBD) or non-blocking pull requests where Engineers work on a single branch as much as possible to encourage continuous integration. Pushing changes directly to trunk or main is made safe with mature TDD and quality engineering practices.

πŸ’Ž Benefit: Ensure main branch is always in a releaseable state. Forced automation of essential quality controls. Smaller batch sizes reduce the risk of integration issues.

πŸ“Ά Signal(s): Green-build confidence; Successful builds are safe deploy to production without further inspection. At least one build per active contributor per day.

Compliance as Code πŸ”—

My team incorporates compliance requirements as code, automating compliance checks and ensuring adherence to regulatory standards. Compliance rules and checks are codified, allowing for automated enforcement during the development and deployment process. By treating compliance as code, the team can efficiently implement and maintain compliance controls, reducing human error, enhancing auditability, and minimising the time and effort required to maintain regulatory compliance.

πŸ’Ž Benefit: To ensure that the team incorporates compliance requirements as code, automating compliance checks and ensuring adherence to regulatory standards.

πŸ“Ά Signal(s): Audit-related requests for information are straightforward, and largely self-serve. My team incorporates compliance requirements as code, automating compliance checks and ensuring adherence to regulatory standards.

Incident Mgmt πŸ”—

The incident management process on my product is robust and well-structured, enabling swift response and minimising the impact of incidents. The team follows established incident response procedures, including incident identification, communication, prioritisation, and resolution. Clear roles and responsibilities are defined, ensuring effective coordination and collaboration during incident handling.

πŸ’Ž Benefit: Team is competent and confident to respond to inevitable incidents.

πŸ“Ά Signal(s): Incidents are raised, and resolved regularly and without panic. Incidents are lead by a variety of individuals. Interesting incidents are investigated and knowledge is shared with leadership and other teams.

SLIs, SLOs πŸ”—

There are clear service level objectives (SLOs) and service level indicators (SLIs) that help measure performance, ensuring the product consistently meets the defined quality and reliability standards. These SLOs and SLIs define synthetic tests of primary workflows and key metrics, such as response time, availability, and error rates.

πŸ’Ž Benefit: The team can monitor and continuously improve the product's performance against established benchmarks and commitments made to customers.

πŸ“Ά Signal(s): The team is aware of a baseline level of performance for their key services over the past 3-6 months.

APIs & SDKs πŸ”—

The team provides well-designed APIs and software development kits (SDKs) that facilitate integration and extensibility. The APIs offer clear documentation, well-defined contracts, and consistent interfaces, enabling seamless interaction with the product's services and functionalities. The SDKs provide comprehensive tooling, libraries, and code examples, simplifying the development process for external and internal consumers. Internal publishers support fake or mock implementations of their APIs to help consuming teams automate testing.

πŸ’Ž Benefit: To ensure that the team provides well-designed APIs and software development kits (SDKs) that facilitate integration and extensibility.

πŸ“Ά Signal(s): The team provides well-designed APIs and software development kits (SDKs) that facilitate integration and extensibility. The APIs offer clear documentation, well-defined contracts, and consistent interfaces, enabling seamless interaction with the product's services and functionalities. The SDKs provide comprehensive tooling, libraries, and code examples, simplifying the development process for external and internal consumers. Internal publishers support fake or mock implementations of their APIs to help consuming teams automate testing.

Eventing πŸ”—

The ability to coordinate functionality across distributed systems and services using events. Common conventions to publish system and user events for analytics and observability.

πŸ’Ž Benefit: Customer solutions and analytics can be implemented as composable, extendable and highly decoupled implementations. Increased team decoupling and independence.

πŸ“Ά Signal(s): Standard patterns, SDKs and tooling to publish, store, subscribe and consume events across APIs, workers, Web and mobile clients. Schema validation is in place to block foreign or malformed events.

Static Analysis πŸ”—

The team integrates static analysis tools that effectively identify code issues, potential vulnerabilities, and maintain code quality standards. These tools automatically analyse code, check for common programming errors, and enforce coding conventions. Tools run locally and as part of automated builds to detect and resolve new issues as early as possible. Data on software composition & supply chain is available centrally to manage licensing and security vulnerability risk.

πŸ’Ž Benefit: Proactively detect and resolve code issues, potential vulnerabilities and enforce coding conventions.

πŸ“Ά Signal(s): Tools run locally and as part of automated builds to detect and resolve new issues as early as possible. Detected issues are triaged by team members regularly. Security and Quality representatives curate filters and criteria.