Framework & Methodology
One framework.
Four lenses.
The Concordance Framework is the foundation — 50 protocols, 6 stages, 5 maturity levels. Compliance Signal, Velocity Governance, and Risk Bastion are lenses that apply it to audit evidence, AI governance, and deployment safety respectively.
📐
Concordance Framework
50 protocols · 6 stages · 5 levels
The foundation. Scores engineering teams on practices from Requirements through Operations.
→lens
📊
Compliance Signal
SOC 2 · ISO 27001 · NIS2
Maps Concordance scores to compliance controls — evidence from your existing scan data.
→lens
🛡️
Velocity Governance
10 protocols · activates on AI detection
10 protocols where AI integration raises the stakes. Activates automatically on detection.
→lens
⛔
Risk Bastion
11 gate protocols · deployment safety
Your score measures maturity. Bastion enhances safety. The same 11 protocols — evaluated as gates, not averages.
50 protocols. 6 stages. 5 maturity levels.
Every protocol is scored on a 1–5 scale from Reactive to Optimizing. The framework covers the full engineering lifecycle — from how requirements are captured to how incidents are managed.
Evidence is pulled directly from your SCM and tracker. No surveys. No self-assessment. Observable signals only.
1Reactive
2Emerging
3Defined
4Managed
5Optimizing
Phases & Protocols
📋 Requirements8 protocols
How work items are defined, tracked, and prioritized. Issue tracking, acceptance criteria, estimation, backlog hygiene, and traceability from requirements to code.🏗️ Design7 protocols
How architecture and technical decisions are made and documented. ADRs, technical docs, API contracts, tech debt tracking, dependency management, and design reviews.💻 Development11 protocols
How code is written, reviewed, and merged. Branch protection, PR workflows, commit conventions, linting, secrets management, documentation practices, and tech debt tracking.🧪 Testing9 protocols
How quality is verified before production. CI pipelines, test coverage, security scanning, integration testing, CI reliability, and build performance.🚀 Release8 protocols
How software is packaged, versioned, and shipped. Release cadence, semantic versioning, release notes, change failure rate, and rollback capability.📡 Operations8 protocols
How production systems are monitored, maintained, and recovered. Incident response, postmortems, MTTR, code ownership, SLOs, and review cadence.