Central Governance Repository

This repository is the concrete public instance of the organization's central governance system. It functions as a Governance-as-Code infrastructure, providing both the live operating model and a reusable library of technical standards.

Table of Contents

• Central Governance Repository
  • Table of Contents
  • Governance Compass (Executive Index)
  • Governance Operating Model
    • Repository Architecture
    • How to navigate
  • Quick Start: Project Onboarding
• Public Document Map (The Corpus)
  • Primary Source Frameworks
  • Governance Stewards & Support
  • License & Usage
  • Source Attribution

---

Governance Compass (Executive Index)

The governance corpus is organized into 10 logical dimensions that follow the industrial technical lifecycle.

Section	Governance Dimension	Focus Area	Status	Reusable Library
01	Governance & Method	Foundation & Norms	✅ Ready	artifacts/01_Governance_Method/
02	Discovery & Planning	Ideation & Framing	✅ Ready	artifacts/02_Discovery_Planning_Early_Learning/
03	Architecture & Security	Design & Decision	✅ Ready	artifacts/03_Architecture_Security_Decision/
04	Quality & Review	Assurance & Ownership	✅ Ready	artifacts/04_Quality_Review_Control/
05	Delivery & Readiness	Change & Release	✅ Ready	artifacts/05_Delivery_Change_Readiness/
06	Platform & AI Ops	Automation & AI Execution	✅ Ready	artifacts/06_Platform_Delivery_Automation_AI_Operations/
07	Operations & Incidents	Execution & Continuity	✅ Ready	artifacts/07_Operations_Incidents_Continuity/
08	Knowledge & Learning	Evolution & SRE	✅ Ready	artifacts/08_Knowledge_Documentation_Continuous_Improvement/
09	Project & Portfolio	Strategy & Value	✅ Ready	artifacts/09_Project_Portfolio_Service_Governance/
10	Risk & Traceability	Control & Exceptions	✅ Ready	artifacts/10_Risk_Exceptions_Traceability/

---

Governance Operating Model

The organization follows a lifecycle-oriented governance flow, where every project or service evolves through these standard gates.

graph LR
    A[01. Governance] --> B[02. Discovery]
    B --> C[03. Architecture]
    C --> D[04. Quality]
    D --> E[05. Delivery]
    E --> F[06. Platform]
    F --> G[07. Operations]
    G --> H[08. Knowledge]
    H --> I[09. Portfolio]
    I --> J[10. Risk]
    J --> A
    
    subgraph "The Feedback Loop"
    G -.-> B
    H -.-> C
    end

Loading

Repository Architecture

Layer	Purpose	Location
Repository Instance	Concrete documents and GitHub-native files operating this repository	Root and /.github/
Artifact Library	Reusable standards, templates, schemas, and workflows for downstream projects	artifacts/
Private Workspace	Internal rationale and drafts not intended for publication	/.private/

How to navigate

• Physical structure: The artifacts/ directory is organized into 10 numbered sections (01 to 10) matching this map.
• Governance Enforcement: Standards are enforced via deterministic validation. Refer to scripts/validate_governance_artifacts.py.
• Public provenance: Source manifests live under sources/manifests/ and are the public basis for bounded, inspectable attribution when their scope aligns with each artifact's declared source basis.
• AI contribution policy: Public AI and agent contribution rules live in AI_AGENT_POLICY.md.
• Provider patterns: Gemini reusable workflow patterns live in the artifact library and are not active by default in this repository instance.
• Exceptions & Deviations: Recorded via the Exception / Deviation Record.

---

Quick Start: Project Onboarding

To adopt this governance framework in a new repository, follow these three steps:

1. Initialize Metadata: Copy the Pull Request Template and Issue Forms to your .github/ folder.
2. Dimension Selection: Identify which Governance Dimensions (01-10) apply to your project. Instantiate the corresponding Normative policies.
3. Validate Compliance: Run the Deterministic Validator locally or integrate it into your CI/CD pipeline.

---

Public Document Map (The Corpus)

Click on a dimension to explore its associated policies, standards, and templates. Each section includes the canonical catalog and, where relevant, a supporting-artifact table so the public index covers both primary anchors and secondary reusable assets.

01. Governance & Method (Foundation & Norms)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
README / Repository Overview	Normative	Presents the purpose and navigation	GitHub Docs	Public	Artifact
GOVERNANCE.md / Governance Overview	Normative	Explains how the system evolves	GitHub Docs	Public	Artifact
Engineering Handbook	Normative	Anchor document for the operating model	Scrum Guide	Public	Artifact
Workflow Definition	Normative	Defines dev, review, and delivery flows	GitHub Docs	Public	Artifact
Contribution Guidelines	Normative	Explains how to submit changes	GitHub Docs	Public	Artifact
Code of Conduct	Normative	Defines behavioral standards	GitHub Docs	Public	Artifact
Coding Standards	Normative	Defines technical consistency standards	Microsoft Learn	Public	Artifact
Definition of Done / Quality Gates	Normative	States minimum completion criteria	Scrum Guide	Public	Artifact
Documentation Policy	Normative	Defines level of rigor for documentation	Diataxis	Public	Artifact
ADR Policy	Normative	Defines when a formal record is required	AWS Docs	Public	Artifact
Incident Management Policy	Normative	Defines severity, roles, and governance	NIST	Public	Artifact
Release & Versioning Policy	Normative	Defines release and versioning rules	Google SRE	Public	Artifact
Knowledge Lifecycle Policy	Normative	Defines creation and archival of knowledge	Diataxis	Public	Artifact

Supporting Artifacts

Artifact	Role	Maturity	Catalog role	Primary link
ADR Standard	Governs how ADR templates and accepted decisions interact	Public	Supporting standard	Link
Automation & AI Execution	Defines deterministic versus AI-assisted execution behavior	Public	Supporting standard	Link
Document Conventions	Defines placeholders, frontmatter, and writing rules	Public	Supporting standard	Link
Source Attribution Standard	Governs traceable attribution blocks and alignment modes	Public	Supporting standard	Link
Architecture Decision Record Template	Reusable ADR body template for downstream repositories	Public	Supporting template	Link
Decision Log Entry Template	Reusable decision entry template aligned with the public decision log	Public	Supporting template	Link
GitHub-native Pull Request Template	Ready-to-copy PR template for downstream repositories	Public	Supporting GitHub-native template	Link
Source Attribution Partial	Reusable attribution footer partial for template composition	Public	Supporting partial	Link
Repository-health README Template	Reusable instance README baseline for downstream repositories	Public	Supporting instance template	Link
Repository-health GOVERNANCE Template	Reusable instance governance baseline for downstream repositories	Public	Supporting instance template	Link
Repository-health CONTRIBUTING Template	Reusable instance contribution baseline for downstream repositories	Public	Supporting instance template	Link
Repository-health CODE_OF_CONDUCT Template	Reusable instance conduct baseline for downstream repositories	Public	Supporting instance template	Link
Repository-health SECURITY Template	Reusable instance security baseline for downstream repositories	Public	Supporting instance template	Link
Repository-health SUPPORT Template	Reusable instance support baseline for downstream repositories	Public	Supporting instance template	Link

02. Discovery, Planning & Early Learning (Ideation & Framing)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
Discovery Brief / Problem Framing	Instantiable	Frames problem, goal, and constraints	Continuous discovery + user story mapping	Public draft	Artifact
Product Goal / Outcome Statement	Instantiable	States the target product goal	Scrum Guide	Public draft	Artifact
Product Backlog	Instantiable	Inventory of prioritized future work	Scrum Guide	Public	Artifact
Planning Record	Instantiable	Records cycle goal and scope decisions	Scrum Guide	Public	Artifact
Research / Experiment Log	Instantiable	Records hypotheses and observations	Lean Startup	Public draft	Artifact
Assumptions Register	Instantiable	Makes unvalidated assumptions explicit	PMI + Lean Startup	Public draft	Artifact
Technical Retrospective	Instantiable	Reviews an iteration or phase of work	Scrum Guide + Norm Kerth retrospectives	Public draft	Artifact
Pre-mortem / Failure Scenario Review	Instantiable	Anticipates failure modes and impact	Google SRE	Public draft	Artifact
FMEA / Failure Mode Analysis	Instantiable	Preemptively analyzes mitigation	NIST	Public draft	Artifact

03. Architecture, Security & Decision (Design & Decision)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
Architecture Decision Record (ADR)	Instantiable	Records hard-to-reverse decisions	AWS Docs	Public	Artifact
Design Rationale	Evidence	Preserves reasoning behind decisions	Microsoft Learn	Public	Artifact
Trade-off Analysis	Instantiable	Compares options with costs and risks	AWS Docs	Public	Artifact
Architecture Review Record	Evidence	Records formal architecture review	Microsoft Learn	Public	Artifact
Threat Model	Instantiable	Models threats and defensive priorities	Microsoft Learn	Public	Artifact
Security Requirements Record	Instantiable	Links requirements to mitigations	Microsoft Learn	Public	Artifact

04. Quality, Review & Control (Assurance & Ownership)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
Review Ruleset / Merge Policy	Normative	Formalizes checks and merge policies	GitHub Docs	Public	Artifact
CODEOWNERS / Ownership Map	Normative	Defines code and doc ownership	GitHub Docs	Public	Artifact
Issue Forms / Issue Templates	Operational	Standardizes intake of requests	GitHub Docs	Public	Artifact
Pull Request Template	Operational	Standardizes context and validation	GitHub Docs	Public	Artifact
Security Policy	Normative	Defines vulnerability reporting	GitHub Docs	Public	Artifact
Test Strategy / Verification Policy	Normative	Explains validation criteria	Google SRE	Public	Artifact
Operational / Production Readiness	Instantiable	Verifies change or service safety	Google SRE	Public	Artifact
Support Guidelines	Normative	Explains where to ask for help	GitHub Docs	Public	Artifact

05. Delivery, Change & Readiness (Change & Release)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
Release Plan / Rollout Plan	Instantiable	Defines order and rollout criteria	Google SRE	Public	Artifact
Release Checklist	Operational	Mandatory checks before publishing	GitHub Docs	Public	Artifact
Rollback / Backout Plan	Operational	Defines how to safely revert	Google SRE	Public	Artifact
Change Record	Instantiable	Records approved change and impact	NIST	Public	Artifact
Change Log / Release Notes	Evidence	Communicates what changed	Keep a Changelog + Conventional Commits	Public	Artifact
Change Communication	Instantiable	Defines message and channels	Google SRE	Public	Artifact
Post-Implementation Review (PIR)	Evidence	Evaluates real outcomes	GOV.UK PIR + ITIL 4	Public	Artifact

06. Platform Delivery, Automation & AI Operations (Automation & AI Execution)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
CI/CD Policy	Normative	Defines automation behavior	GitHub Docs	Public	Artifact
CI Workflow Record	Operational	Records automated build flows	GitHub Docs	Public	Artifact
CD / Deployment Record	Operational	Records automated deployment flows	Microsoft Learn	Public	Artifact
Environment Promotion Policy	Normative	Defines promotion rules across envs	Microsoft Learn	Public	Artifact
Deployment Configuration Record	Instantiable	Captures environment variables	GitHub Docs	Public	Artifact
Infrastructure as Code Baseline	Instantiable	Records platform baseline patterns	OpenGitOps	Public	Artifact
Artifact / Build Provenance	Evidence	Preserves traceability of artifacts	GitHub Docs	Public	Artifact
GitOps Policy	Normative	Defines declarative delivery rules	OpenGitOps	Public	Artifact
GitOps Environment Definition	Instantiable	Defines desired state for workloads	Flux / Argo CD	Public	Artifact
MLOps / GenAIOps Policy	Normative	Defines model lifecycle governance	Google Cloud	Public	Artifact
Model Registry Record	Evidence	Tracks model versions and lineage	Microsoft Learn	Public	Artifact
Dataset / Training Data Record	Evidence	Tracks data lineage and suitability	Microsoft Learn	Public	Artifact
Evaluation Suite / Benchmark	Instantiable	Defines metrics and comparison logic	OpenAI Docs	Public	Artifact
Prompt / Instruction Registry	Instantiable	Tracks production prompts	OpenAI Docs	Public	Artifact
Model Release / Serving Record	Instantiable	Records rollout and rollback context	Google Cloud	Public	Artifact
Model Monitoring / Drift Report	Evidence	Records operational signals after deploy	Microsoft Learn	Public	Artifact
AI Safety / Guardrail Policy	Normative	Defines operational guardrails	OpenAI Docs	Public	Artifact

07. Operations, Incidents & Continuity (Execution & Continuity)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
Service Overview / Fact Sheet	Instantiable	Summarizes operational context	AWS Docs	Public	Artifact
Incident Response Plan	Normative	Defines process, roles, and escalation	NIST	Public	Artifact
Incident Report	Evidence	Records facts and impact	NIST	Public	Artifact
Incident Timeline	Evidence	Preserves the chronology of events	Google SRE	Public	Artifact
Playbook	Operational	Guides triage and decision-making	AWS Docs	Public draft	Artifact
Runbook	Operational	Guides mitigation and recovery	Google SRE	Public draft	Artifact
SOP (Standard Op. Procedure)	Operational	Standardizes stable processes	Google SRE	Public draft	Artifact
Incident Communications Plan	Operational	Defines channels and stakeholders	Google SRE	Public draft	Artifact
On-call & Escalation Guide	Operational	Explains handoffs and response	Google SRE	Public draft	Artifact
Service Continuity Plan / DR	Operational	Defines recovery and ISCP	ISO 22301	Public draft	Artifact
Exercise / Drill Record	Evidence	Records drills and extracted lessons	NIST	Public	Artifact

Supporting Artifacts

Artifact	Role	Maturity	Catalog role	Primary link
Incident Response Policy	Governs incident process expectations behind the plan and report set	Public	Supporting policy	Link
Incident Playbook Standard	Defines the common structure for specialized incident playbooks	Public	Supporting standard	Link
Business Impact Analysis Standard	Governs how BIAs are authored and refreshed	Public	Supporting standard	Link
Contingency Planning Standard	Governs contingency plan scope and review expectations	Public	Supporting standard	Link
Business Impact Analysis Template	Reusable BIA template that feeds continuity planning	Public	Supporting template	Link
Contingency Plan Template	Reusable contingency planning template for downstream repositories	Public	Supporting template	Link
Escalation Playbook	Specialized playbook for escalation sequencing and ownership	Public draft	Supporting playbook	Link
Incident Communications Playbook	Specialized playbook for stakeholder messaging during incidents	Public draft	Supporting playbook	Link
Incident Coordination Playbook	Specialized playbook for coordination mechanics during active response	Public draft	Supporting playbook	Link
Service Recovery Playbook	Specialized playbook for recovery sequencing and restoration control	Public draft	Supporting playbook	Link

08. Knowledge, Documentation & Continuous Improvement (Evolution & SRE)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
Postmortem	Evidence	Blameless analysis of improvements	Google SRE	Public	Artifact
Root Cause Analysis (RCA)	Evidence	Identifies explicit causes	NIST	Public	Artifact
Lessons Learned	Evidence	Consolidates reusable lessons	Google SRE	Public	Artifact
Corrective Action Register	Evidence	Tracks owner and due date	NIST	Public	Artifact
Knowledge Base Article	Instantiable	Reusable reference for knowledge	GitHub Docs	Public	Artifact
Service Review / Reliability	Instantiable	Reviews health and improvement	Google SRE	Public	Artifact
SLO / Error Budget Policy	Normative	Formalizes service objectives	Google SRE	Public	Artifact
Documentation Architecture	Normative	Organizes information model	Diataxis	Public	Artifact
Documentation Style Guide	Normative	Standardizes voice and structure	Microsoft Learn	Public	Artifact
Ownership Matrix	Normative	Assigns review cadence to corpus	GitHub Docs	Public draft	Artifact
Deprecation & Archival Policy	Normative	Regulates document sunset	Diataxis	Public	Artifact
Decision Log	Evidence	Records official decisions	GitHub Docs	Public	Artifact

Supporting Artifacts

Artifact	Role	Maturity	Catalog role	Primary link
Error Budget Policy	Reliability companion policy used by service reviews and SLO governance	Public	Supporting policy	Link
Postmortem Standard	Defines how postmortems should be authored and evaluated	Public	Supporting standard	Link
Production Readiness Standard	Defines how readiness evidence should be interpreted across services	Public	Supporting standard	Link

09. Project, Portfolio & Service Governance (Strategy & Value)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
Business Case / Value Case	Instantiable	Justifies initiative value and risk	PRINCE2	Public	Artifact
Project Charter / Brief	Instantiable	Frames authority and scope	PMI	Public	Artifact
Project Management Plan	Instantiable	Consolidates baseline approach	PRINCE2	Public	Artifact
Stakeholder Register	Instantiable	Records key stakeholders and roles	PMI	Public	Artifact
Communications Plan	Instantiable	Defines objectives and channels	PMI	Public	Artifact
Issue Log / Register	Evidence	Tracks issues requiring action	PRINCE2	Public	Artifact
Status / Highlight Report	Evidence	Periodic visibility into health	PRINCE2	Public	Artifact
Exception / Escalation Report	Evidence	Records deviations beyond tolerances	PRINCE2	Public	Artifact
Benefits Review Record	Evidence	Reviews if benefits were achieved	PMI	Public	Artifact
Service Catalog	Instantiable	Defines the service value proposition	ITIL	Public	Artifact
Service Level Policy / SLA	Normative	Formalizes SLAs and commitments	ITIL	Public	Artifact
Service Request Model	Operational	Optimizes delivery through request models	ITIL	Public	Artifact
Problem Management Policy	Normative	Practice for reducing incident recurrence	ITIL	Public	Artifact
Known Error Record	Evidence	Preserves diagnosed workarounds	ITIL	Public	Artifact
Service Configuration Asset	Evidence	Maintains traceable service components	ITIL	Public	Artifact

10. Risk, Exceptions & Traceability (Control & Exceptions)

Document	Nature	Public role	Primary source basis	Maturity	Canonical primary artifact
Risk Register	Evidence	Tracks risks, impact, and mitigation	NIST RMF + Microsoft governance	Public	Artifact
Exception / Deviation Record	Evidence	Records deliberate policy deviations	NIST control exception handling + Microsoft governance	Public	Artifact
Security Advisory Record	Evidence	Records public advisories and remediation	GitHub Docs	Public	Artifact
Audit Trail Policy	Normative	Defines minimum traceability rules	NIST auditability / log management	Public	Artifact
Metrics & Review Cadence	Normative	Establishes review moments for governance	Scrum Guide	Public	Artifact

---

Primary Source Frameworks

This governance system is a hybrid synthesis of the following official source families:

• GitHub Docs - Community health files, repository governance, issue forms, pull request templates, workflows, and security reporting surfaces.
• Scrum Guide - Planning, backlog management, iteration cadence, and retrospectives.
• Diataxis - Documentation architecture and information design.
• NIST / CISA - Incident response, risk management, auditability, and continuity-aligned governance.
• Google SRE - Postmortems, error budgets, operational readiness, and reliability learning loops.
• AWS Well-Architected - Architecture trade-offs, reliability, and operational readiness.
• Microsoft Learn - Platform delivery, security, architecture, and operational practice guidance.
• OpenAI Docs - AI operations, evaluation, prompt lifecycle, and safety guidance.
• PMI - Project framing, stakeholder and communications governance.
• PRINCE2 - Business case, project governance, and exception reporting.
• ITIL / PeopleCert - Service catalog, service levels, requests, change enablement, and problem management.

Public source manifests for the currently adopted source families are published in sources/manifests/.

Governance Stewards & Support

This repository is maintained through pull requests, deterministic validation, and curator review by the repository maintainer.

• Support: Open an Investigation Request for framework guidance.
• Reporting: Use Incident Report for governance breaches.

---

License & Usage

This governance corpus is licensed under the MIT License. Reusable artifacts are provided as-is for organizational instantiation.

Source Attribution

• Source manifests: governance__github_docs.md, platform__aws_well_architected.md, platform__microsoft_architecture.md
• Primary source basis: GitHub Docs community governance guidance plus industrial technical frameworks.
• Alignment mode: hybrid-synthesis
• Reviewed on: 2026-03-28