OPEN PROTOCOL · v1.0 · CC BY 4.0

The Concordance Framework

50 protocols across 6 stages. The open, evidence-based protocol for measuring engineering practice maturity. No surveys. No self-assessments. No six-month audits. Scores are derived from real artifacts in your toolchain — commits, PRs, tickets, pipelines, and incident history.

In an era where AI can generate code faster than teams can review it, the practices around that code — how it's reviewed, tested, released, and operated — matter more than ever. The framework that governs your SDLC is now the bottleneck, not the code itself.

Read our thesis on why this exists, or how we score each protocol.

Adopt The Concordance Framework

The framework is open (CC BY 4.0) and free to use as your organization's SDLC protocol. No procurement, no vendor assessment, no security review. Link to this page, adapt what you need, and start measuring today.

ENTERPRISE & REGULATED
Fortune 500, post-M&A, multi-vendor
Silos everywhere, shadow IT, inconsistent practices across FTEs, MSPs, and consultants. No unified view of engineering maturity. Frequent Sev1/2 incidents. You need a protocol everyone can rally around — without a 6-month consulting engagement to define it.
YOUR MOVE
Link this page as your engineering SDLC protocol. Set a target maturity level (3 “Defined” is the professional baseline). Hold every team — internal and vendor — to the same 50 protocols. Measure manually now, automate with the tool when procurement clears.
GROWING STARTUP
Series A/B, 15-100 engineers, scaling fast
You've outgrown “move fast and break things.” An enterprise customer just asked about SOC 2. Your first Sev1 hit on a Friday night and nobody knew the runbook. You hired engineer #20 and realized there's no documented process for anything.
YOUR MOVE
You don't need consultants or a 3-month wiki project. Adopt the 50 protocols that matter at your stage. Connect GitHub and see where you stand in minutes. Use the gaps to prioritize what to fix first. Grow into the rest as you scale.
Get started in 30 minutes
1
Browse the 50 protocols below. Identify the phases most relevant to your pain — incidents? quality? traceability?
2
Self-assess your teams against the maturity levels (1–5). Be honest — the gaps are the value.
3
Share the results with your engineering leadership. Set a target maturity level (3 "Defined" is the professional baseline).
4
Make it policy. Add the framework to your engineering handbook. Reassess quarterly and track the trend.

The 50 Protocols

The complete reference. Click any protocol to see scoring rubric (1–5), evidence sources, and how to improve.

1
Reactive
No defined process. Ad hoc. Depends on heroics.
2
Emerging
Some practices exist but inconsistently applied.
3
Defined
Processes documented and followed. Professional baseline.
4
Managed
Measured and actively improved. Data-driven.
5
Optimizing
Continuous improvement embedded in culture.
Showing 50 of 50 protocols
📋Requirements8 protocols
🏗️Design6 protocols
💻Development11 protocols
🧪Testing9 protocols
🚀Release8 protocols
📡Operations8 protocols
Sample policy statement
Copy, adapt, and add to your engineering handbook
Effective [DATE], engineering practices at [COMPANY] are aligned to The Concordance Framework v1.0 (https://getconcordance.com/framework). All teams — internal, vendor, and contract — must target a minimum maturity level of 3 ("Defined") across all 50 protocols within [TIMEFRAME]. Priority areas: Operations (incident response, postmortems, runbooks), Testing (CI gating, security scanning), and Requirements (traceability, acceptance criteria). Exceptions require written approval from [ROLE]. Progress will be reviewed [quarterly/monthly].

See how your team scores against these protocols

Connect GitHub and Jira/Linear. Concordance scans all 50 protocols in minutes with real evidence.

Get Your Concordance Score →
MACHINE-READABLE

All 50 protocols are available as structured JSON — no authentication required. Suitable for agent workflows, CI tooling, and automated governance checks.

curl https://getconcordance.com/api/framework/protocols

# Velocity Governance protocols only
curl https://getconcordance.com/api/framework/protocols \
  | jq '[.protocols[] | select(.velocityGovernance == true)]'

CC BY 4.0 · github.com/getConcordance/concordance-framework

COMPLIANCE MAPPING

See how these 50 protocols map to SOC 2 Trust Services Criteria and ISO 27001:2022 Annex A controls.

View Compliance Mapping →

Are you a consultant or fractional CTO? Teams use The Concordance Framework to standardize client assessments. Get in touch →

OPEN PROTOCOL · FREE TO USE

The Concordance Framework v1.0 is licensed under Creative Commons Attribution 4.0 (CC BY 4.0)

Published by Concordance Labs. Free to adopt, adapt, and share with attribution. © 2026 Concordance Labs LLC