This standard ensures guardrails are embedded in delivery workflows to guide safe, high-quality engineering decisions without slowing teams down. They provide proactive, automated checks that prevent issues before they reach production.
Aligned to our "Guardrails, Not Gates" policy, this standard enables autonomy with confidence. Without it, teams rely on manual oversight or overly restrictive gates-leading to delays, frustration, or increased risk.
Clearly defined impacts of meeting this standard include improved delivery flow, reduced risk, higher system resilience, and better alignment to business needs. Over time, teams will see reduced rework, faster time to value, and stronger system integrity.
Level 1 – Initial: Risk controls are manual and inconsistently applied.
Level 2 – Managed: Some teams use static checks or basic policies.
Level 3 – Defined: Guardrails are defined and integrated into standard delivery workflows.
Level 4 – Quantitatively Managed: Guardrail effectiveness and coverage are measured.
Level 5 – Optimising: Guardrails are continuously evolved based on feedback and incidents. Controls are integrated into pipelines and tooling to support safe decision-making without creating bottlenecks.