# Governance and Assurance ### Overview Governance ensures that delivery remains controlled, visible and aligned to agreed outcomes. Assurance ensures that the work is fit for purpose and risks are understood. Governance should help delivery. It should not create unnecessary delay or paperwork. ### Governance Layers We use four governance layers. ### 1. Team Governance Daily and weekly management of work. Includes: * stand-ups * sprint planning * backlog refinement * retrospectives * technical reviews * risk reviews ### 2. Delivery Governance Management of delivery progress, milestones, blockers and dependencies. Includes: * weekly delivery review * customer checkpoint * milestone review * acceptance review * change review ### 3. Commercial Governance Management of commercial position. Includes: * Statement of Work alignment * payment milestones * change control * assumptions and dependencies * supplier commercial position * IP position ### 4. Assurance Governance Management of quality, security, data, technical and operational readiness. Includes: * architecture review * security review * data review * test review * accessibility review * live readiness review ### Core Governance Artefacts Every engagement should maintain: * delivery plan * roadmap * backlog * RAID log * decision log * change log * dependency log * milestone tracker * acceptance register * evidence register * commercial tracker ### Decision-Making Material decisions should record: * decision made * date * decision owner * context * options considered * evidence used * impact * follow-up actions ### Risk and Issue Management A risk is something that may happen. An issue is something that has happened. Each risk or issue should have: * description * owner * impact * probability where relevant * severity * mitigation or action * due date * status * escalation route ### Change Control Change control is required where a proposed change affects: * scope * deliverables * acceptance criteria * timeline * cost * resourcing * risk * security * data * IP * supplier obligations ### Assurance Gates Assurance gates are used where the team needs confidence before proceeding. Examples: * discovery exit review * alpha exit review * beta live readiness review * security review * architecture review * release approval * retirement approval ### Assurance Evidence Evidence may include: * research findings * prototypes * test results * accessibility checks * architecture decisions * security review records * data protection assessments * operational readiness checklists * deployment logs * acceptance certificates ### Governance Rule No governance meeting should exist without a decision, risk, dependency, milestone, acceptance or assurance purpose. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://framework.aic.io/agile-delivery-playbook/delivery-system/governance-and-assurance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.