Standard : Systems recover quickly and fail safely

Purpose and Strategic Importance

This standard ensures systems are designed to recover quickly and fail safely, reducing the blast radius of incidents and supporting sustainable, high-velocity delivery. It embeds resilience into the architecture, not just the process.

Aligned to our "Resilience Over Uptime" and "Balance Sustainability with Speed" policies, this standard protects user experience and team wellbeing during failure scenarios. Without it, systems become brittle, outages last longer, and recovery depends on manual intervention.

Strategic Impact

Clearly defined impacts of meeting this standard include improved delivery flow, reduced risk, higher system resilience, and better alignment to business needs. Over time, teams will see reduced rework, faster time to value, and stronger system integrity.

Risks of Not Having This Standard

  • Reduced ability to respond to change or failure
  • Accumulation of technical debt or friction
  • Poor developer experience and morale
  • Decreased confidence in releases and features
  • Misalignment between technical implementation and business priorities

CMMI Maturity Model

  • Level 1 – Initial: Recovery processes are manual and rely on individual heroics.

  • Level 2 – Managed: Basic monitoring and rollback mechanisms exist.

  • Level 3 – Defined: Recovery patterns (e.g. failover, auto-rollback) are documented and applied.

  • Level 4 – Quantitatively Managed: Recovery performance (e.g. MTTR) is measured and improved.

  • Level 5 – Optimising: Resilience is engineered into systems and validated continuously through operational data.

Key Measures

  • Adoption metrics relevant to the standard (to be defined)
  • Quality, throughput, and system health metrics aligned to capability
  • Maturity scores based on structured assessment