Standard : Guardrails are co-designed by those closest to delivery
Purpose and Strategic Importance
This standard ensures guardrails are co-designed by the people closest to the work, making them relevant, effective, and trusted. It fosters shared responsibility for safety without imposing top-down controls.
Aligned to our "Guardrails, Not Gates" policy, this standard strengthens autonomy, builds alignment, and increases adoption of safety practices. Without it, guardrails risk being ignored, misaligned, or seen as blockers.
Strategic Impact
- Guardrails feel supportive, not restrictive
- Better alignment to context and domain-specific needs
- Higher adoption and lower overhead in compliance
- Greater trust in governance mechanisms
Risks of Not Having This Standard
- Low adoption due to perceived irrelevance or rigidity
- Shadow processes or workarounds emerge
- Slow evolution of safety practices
- Safety becomes disconnected from delivery
CMMI Maturity Model
Level 1 – Initial
| Category |
Description |
| People & Culture |
Guardrails are perceived as external constraints.
Teams are not consulted or involved. |
| Process & Governance |
Controls are imposed top-down with little transparency. |
| Technology & Tools |
Tools enforce rules without flexibility or context. |
| Measurement & Metrics |
No measurement of guardrail effectiveness or acceptance. |
Level 2 – Managed
| Category |
Description |
| People & Culture |
Some teams provide input but lack decision-making power. |
| Process & Governance |
Guardrails may be adjusted by request but with limited visibility. |
| Technology & Tools |
Modifiable templates exist but are not well understood. |
| Measurement & Metrics |
Basic feedback is collected on guardrail usage and pain points. |
Level 3 – Defined
| Category |
Description |
| People & Culture |
Delivery teams participate in defining and evolving guardrails. |
| Process & Governance |
Guardrail design is part of standard delivery rituals (e.g. retros, reviews). |
| Technology & Tools |
Teams can tailor controls based on known patterns and guardrails are versioned. |
| Measurement & Metrics |
Usage, overrides, and satisfaction with guardrails are tracked. |
Level 4 – Quantitatively Managed
| Category |
Description |
| People & Culture |
Teams treat guardrail design as part of their delivery excellence. |
| Process & Governance |
Governance includes feedback loops and community design forums. |
| Technology & Tools |
Guardrail impact is modelled, and exceptions trigger learning cycles. |
| Measurement & Metrics |
Impact on velocity, quality, and safety is quantified and shared. |
Level 5 – Optimising
| Category |
Description |
| People & Culture |
Guardrail co-design is embedded in engineering culture.
Shared ownership drives refinement. |
| Process & Governance |
Guardrails evolve continuously based on real-world signals and team input. |
| Technology & Tools |
Self-service tools enable dynamic configuration and contextualisation. |
| Measurement & Metrics |
Guardrails are tied to team health, engineering effectiveness, and risk trends. |
Key Measures
- % of teams contributing to guardrail design
- Feedback score on usefulness and usability of guardrails
- Number of successful delivery cycles without gate-driven delay
- Ratio of self-service configuration vs centrally enforced controls
- Guardrail iteration frequency based on real delivery data