Overall Guidance

The assessment mechanism described below is intended to be risk based and several factors should be considered whilst undertaking a review:

Consider the service level and business criticality i.e. simple noncritical applications which may be poorly designed or have poor architecture processes may present a low impact of failure to users and therefore remediation actions should be considered appropriately.

Measuring adherence to the requirement is not binary and will have an unavoidable level of subjectivity. A product may achieve one requirement well in some places and not in others. Exercise cautious pragmatism when undertaking a review.

When doing reviews consider the solution, but also as a set of components. For example, the overall solution may be considered well architected however a single critical component maybe very weak and therefore present significant risk to the overall solution

Ensure the right people are involved in the review

Ensure continuous engagement with product development teams to ensure continued adherence to principles