Foundation

A single, enforced approach to how code is stored, branched, reviewed, and merged, applied consistently across every team.

When every team has its own branching model and merge rules, automation breaks, audits fail, and onboarding is a guessing game. The rest of your platform is built on top of this. If it's inconsistent, everything above it will be too.

Pick a branching strategy (trunk-based development is the right default for most teams) and document it. Enforce branch protection rules. Define PR review requirements and commit message standards. Run one enablement session. Measure compliance.

One shared pipeline template that every team uses for building, testing, and deploying, not a different homegrown setup per team.

Ten different pipelines mean ten different quality gates, ten different security scanning configurations, and ten times the work when something needs to change platform-wide. You can't enforce consistency or improve things at scale without a shared baseline.

Build a reusable pipeline template as a shared library or reusable workflow. Include build, test, security scan, and deploy stages. Onboard all teams to it. Track adoption. Make it easier to use than not to.

Documented, reusable ways to provision common infrastructure (containers, databases, networking) so teams start from a known good baseline instead of from scratch.

Every team provisioning infrastructure their own way guarantees configuration drift, security gaps, and knowledge locked in people's heads. When one of those people leaves, you find out the hard way.

Identify the 3-5 most common infrastructure needs across teams (containerised app, managed database, VNet setup are usually top of the list). Write IaC templates for each. Publish with docs. Make them the required starting point for new projects.

Every production service emits structured logs and key metrics to a central place, with alerts that fire before a customer notices something is wrong.

Teams running blind spend hours diagnosing incidents that a dashboard would have caught in minutes. Without a minimum observability standard, every outage is a forensics exercise and on-call is a punishment.

Define a minimum standard: structured log format, three key metrics per service, one health alert. Create a shared dashboard template. Require all production services to meet it. Review compliance in your next incident retrospective.

A defined process for who owns what, how incidents are declared, how they're worked, and how the team learns from them. Written down, not improvised each time.

Without a shared incident process, every outage is chaos. The same mistakes happen repeatedly. The same people get paged. Nobody learns. A lightweight process, even a one-page runbook, breaks the cycle.

Start with service ownership: every production service has a named owner. Add a simple severity classification (P1/P2/P3 is enough). Write a one-page incident runbook. Run your first blameless post-mortem after the next incident. Use an on-call tool so rotation is fair.