# 90-day platform maturity upgrade (template)

Use after scoring with [`maturity-scorecard.csv`](maturity-scorecard.csv). Pick **one
level jump on one capability** per quarter — not seven parallel initiatives.

## Quarter goal

| Field | Value |
|-------|-------|
| Current overall level (honest) | L_ |
| Target level (end of quarter) | L_ |
| Primary capability | e.g. `cicd_delivery` |
| Executive sponsor | |
| Platform DRI | |

## Week 1–2 — Baseline (no new tooling yet)

- [ ] Export current state: deploy frequency, mean time to restore, % resources with required tags
- [ ] Name steady-state metric for tier-1 service (latency, success rate, or orders/min)
- [ ] Inventory: which accounts deploy from console vs pipeline vs GitOps controller
- [ ] Document top 3 incidents in last 90 days — which maturity gap contributed?

## Week 3–6 — Minimum viable upgrade

Map your chosen capability to AWS anchors:

| Capability | L2 → L3 typical move | AWS services |
|------------|---------------------|--------------|
| `cicd_delivery` | Remove `kubectl apply` from CI; GitOps or CodePipeline with approval | EKS + Argo CD/Flux, or CodePipeline + CodeDeploy |
| `observability` | Install ADOT EKS add-on; export to CloudWatch + X-Ray | ADOT, CloudWatch Application Signals |
| `resilience` | One FIS scenario with CloudWatch alarm stop condition | FIS, EventBridge Scheduler |
| `multi_account` | Attach baseline SCPs at workload OU; no exceptions without RFC | Organizations, Control Tower |
| `finops_platform` | Enforce `Environment` + `CostCenter` tags via tag policy | Organizations tag policies, Cost Explorer |

Deliverable: one **working** change in non-prod, measured against baseline metric.

## Week 7–10 — Expand blast radius

- [ ] Roll upgrade to one production workload (tag-scoped)
- [ ] Run tabletop: "pipeline is down" — can team deploy via documented fallback?
- [ ] Update internal runbook with new golden path

## Week 11–12 — Prove and communicate

- [ ] Re-score scorecard row(s) — did level actually change?
- [ ] Present delta to leadership: metric before/after, not tool names
- [ ] Queue **next quarter's** single capability (do not add scope mid-quarter)

## Stop conditions (abandon upgrade if…)

- Steady-state metric regresses >10% for 48h after change
- Team bypasses new process >3 times/week (process too heavy — simplify)
- No executive sponsor after week 4 (maturity programs without sponsorship stall at L2)