Enterprise Engineering Standards & Best Practices¶
Status: 🟢 Active | Owner: Architecture Team | Last Reviewed: 2025-Q4
Welcome¶
This portal is the single authoritative source of truth for how we design, build, test, secure, deploy, and operate software across the organisation. It exists because great engineering at scale is not accidental — it is the product of deliberate, documented, and consistently applied standards.
Whether you are a new engineer joining your first team, a tech lead bootstrapping a new service, an architect evaluating a technology choice, or a platform engineer building shared capabilities, this portal has been written for you.
Every standard documented here reflects a deliberate organisational decision. Where a choice exists between multiple reasonable approaches, we have made a call and documented the rationale. You may disagree with some of these choices — and that is healthy. The right response is to engage with the governance process, not to quietly diverge. Divergence from standards should be explicit, approved, and time-bounded.
New to the portal?
Start with Getting Started to understand governance, how to contribute, and what the page status badges mean.
Standards are living documents
Every page carries an owner, a status badge, and a last-reviewed date. If you find content that is outdated, incomplete, or incorrect, please raise a contribution via the Contribution & Review Process.
Why Engineering Standards Matter¶
Without shared standards, engineering organisations accumulate inconsistency silently and at pace. The consequences compound over time:
- Onboarding slows as new engineers must discover team-specific conventions rather than apply known patterns.
- Code review becomes subjective, with reviewers bikeshedding on style rather than focusing on logic and correctness.
- Security posture degrades as teams make independent decisions about authentication, secrets handling, and dependency management.
- Operational burden increases as every service has a different deployment model, logging format, and alerting convention.
- Reuse becomes difficult as libraries built to different interfaces cannot be composed.
Good standards solve these problems by creating a shared engineering language — a common foundation from which every team builds. They do not eliminate autonomy or creativity. They free engineers from relitigating solved problems so they can focus on the problems that are genuinely novel.
Guiding Principles of This Portal¶
The standards documented here have been developed and are maintained according to the following principles:
Opinionated where it matters, flexible where it doesn't. We take strong positions on the things that affect security, reliability, and team interoperability. We leave teams flexibility in areas that are genuinely preference-driven and low-risk.
Rationale over rules. Every standard includes the reasoning behind it. An engineer who understands why a standard exists is far more likely to apply it correctly in novel situations than one who is simply following a rule.
Enforced by tooling, not by process. Where possible, standards are enforced automatically — by linters, CI quality gates, pre-commit hooks, and policy-as-code — rather than relying on manual review or human memory.
Continuously improved. Standards decay. The technology landscape shifts, lessons are learned, and better approaches emerge. This portal has a defined governance process for proposing, reviewing, and adopting changes. No standard is sacred; all can be improved.
Owned, not orphaned. Every page has a named owner — a team or guild responsible for keeping it accurate and current. Pages without active owners are marked for review or deprecation.
Portal Domains¶
| Domain | Intent |
|---|---|
| 1. Getting Started | Portal navigation, governance, contribution, and roles |
| 2. Development Best Practices | Universal coding, design, architecture, and testing standards |
| 3. Programming Languages | Approved languages, per-language standards, and governance |
| 4. Required Developer Tooling | Every approved tool from IDE to AI assistant |
| 5. CI/CD & Delivery | Pipeline design, deployment strategies, release management |
| 6. Cloud & Infrastructure | Cloud providers, IaC, containers, networking, FinOps |
| 7. Security Engineering | SDL, OWASP, authentication, secrets, and compliance |
| 8. Data Engineering | Data modeling, database selection, governance, and migration |
| 9. Observability & Operations | Logging, metrics, tracing, alerting, SLOs, and incidents |
| 10. AI / ML Engineering | AI-assisted development, ML standards, MLOps, responsible AI |
| 11. Inner Source & Reuse | Shared libraries, golden paths, open source policy |
| 12. Engineering Culture & Process | Definition of Done, agile norms, production readiness |
| Appendices | Glossary, technology radar, templates, exemption process |
Page Status Legend¶
| Badge | Meaning | Enforcement |
|---|---|---|
| 🟢 Active | Approved, current, and enforced | Required for all teams |
| 🟡 Draft | In progress — not yet enforced | Feedback welcome |
| 🔵 Under Review | Active but currently under revision | Follow until superseded |
| 🔴 Deprecated | Superseded — do not follow | See linked replacement |
Quick Links¶
- 🚀 New Joiner Setup Checklist
- 📋 Production Readiness Checklist
- 📡 Technology Radar
- 📝 Standard Templates
- 🔑 Standards Exemption Process
Last reviewed: 2025-Q4 | Owner: Architecture Team