This standard ensures that teams are not only accountable for delivering value, but are also empowered to manage the associated risks and build resilience into their delivery practices. Teams must be able to make local decisions, adapt to emerging challenges, and recover from setbacks without waiting on centralised intervention.
It supports the policies “Create Resilience Through Empowered Teams” and “Build Confidence Through Frequent Releases” by distributing responsibility for safety and responsiveness where it belongs—within the teams closest to the work. Without this empowerment, risk is escalated unnecessarily, agility is reduced, and delivery becomes fragile.
| Category | Description |
|---|---|
| People & Culture | - Teams defer responsibility for risk and recovery. - Delivery failures escalate without local resolution. |
| Process & Governance | - No clear risk ownership within teams. |
| Technology & Tools | - Teams lack visibility into delivery risks or system health. |
| Measurement & Metrics | - Risk is tracked inconsistently, if at all. |
| Category | Description |
|---|---|
| People & Culture | - Teams begin managing some local risks, but confidence is low. - Escalation paths are still primary mechanism for action. |
| Process & Governance | - Some processes for local risk assessment are defined. |
| Technology & Tools | - Basic monitoring and alerting are in place, but siloed. |
| Measurement & Metrics | - Delivery risks are logged, but not proactively addressed. |
| Category | Description |
|---|---|
| People & Culture | - Teams are trained and supported to manage delivery risks. - Clear ownership of incident prevention and response. |
| Process & Governance | - Teams use structured risk reviews and playbooks. - Delivery risk is factored into planning and prioritisation. |
| Technology & Tools | - Dashboards and alerts provide real-time risk visibility. |
| Measurement & Metrics | - % of risks resolved by teams without escalation; incident response time. |
| Category | Description |
|---|---|
| People & Culture | - Teams proactively anticipate, discuss, and mitigate risks. - Psychological safety enables open risk discussion and experimentation. |
| Process & Governance | - Resilience practices are embedded in delivery planning and rituals. - Cross-team sharing of risk mitigation strategies. |
| Technology & Tools | - Integrated observability, release health indicators, and self-healing mechanisms. |
| Measurement & Metrics | - Risk mitigation actions linked to reduction in incidents and outages. |
| Category | Description |
|---|---|
| People & Culture | - Teams continuously refine their approach to risk and resilience. - Risk ownership is seen as a core element of team identity. |
| Process & Governance | - Risk themes inform strategy, architecture, and organisational learning. - Delivery practices evolve based on near misses and systemic insights. |
| Technology & Tools | - Predictive analytics and intelligent automation support preemptive risk management. |
| Measurement & Metrics | - Leading indicators of resilience (e.g. error budgets, time-to-detect) are tracked and improved. |