Platform Operating Model
Team boundaries, golden paths, governance, and adoption criteria for internal platforms.
Platform Operating Model
A platform operating model explains how a team turns shared infrastructure into a reliable product for developers. It should clarify who owns the platform, which workflows are paved roads, how exceptions are approved, and how reliability, cost, security, and adoption are measured.
Use this guide when starting a platform team, formalizing DevOps/SRE retainers, or deciding whether Assistance should operate parts of your delivery platform.
Decision criteria#
Reference architecture#
1Developer teams2 -> Golden paths: app template, CI workflow, IaC module, deployment workflow3 -> Platform APIs: identity, secrets, DNS, certificates, observability, environments4 -> Runtime platforms: Kubernetes, managed databases, runners, cloud accounts5 -> Operating loop: SLOs, incident review, cost review, roadmap, enablementKeep the first version small. A useful platform can begin with one supported application template, one deployment path, one environment model, and clear escalation ownership.
Operating model checklist#
- Define platform customers: product teams, data teams, security, operations, or external tenants.
- Publish a service catalog with supported workflows, maturity level, and support expectations.
- Create golden paths for the most common app types and explicitly label experimental paths.
- Document ownership boundaries for application code, infrastructure, data, secrets, and incidents.
- Establish intake and exception handling for workloads that do not fit the default path.
- Track adoption, deployment lead time, change failure rate, incident load, cost, and developer feedback.
- Review the platform roadmap with engineering leadership at a fixed cadence.
Governance without slowing teams#
Platform governance works best when controls are built into the normal workflow:
- policy-as-code for required tags, regions, encryption, network exposure, and image provenance;
- CI checks for tests, security scanning, dependency review, and artifact publication;
- templates that include observability, rollback, runbooks, and ownership metadata by default;
- exception records with expiry dates and accountable owners;
- dashboards that show adoption, reliability, cost, and risk trends.
Assistance engagement fit#
Evidence to collect#
- current delivery value stream and repeated developer blockers;
- current tool inventory and ownership map;
- platform service catalog draft;
- golden-path backlog and retirement list for unsupported paths;
- quarterly scorecard covering reliability, cost, delivery, security, and adoption.
30-60-90 day rollout#
Keep adoption voluntary until the first golden path is demonstrably easier than custom work. Mandate guardrails only after teams have a supported migration route.
Before expanding scope, publish the support promise for the golden path: response hours, escalation channel, ownership of template defects, and the process for requesting new capabilities.