There are many benefits to establishing common platforms in large organizational ecosystems. As we’ve discussed previously, platforms are a powerful way to enable the reuse of services and separation of technical responsibilities within an organization. This power plays out in how platforms can be used to scale usability, security, and inclusive practices across an organization’s customer experience (CX). This is where platform governance comes in — and it’s just as important a component to plan for and scale as the technology that underpins it.
Governance is the set of standards, tools, and processes used to enforce policies on products the organization develops. It can be used for everything from ensuring 508 compliance and security processes are followed to establishing a consistent visual design and vocabulary in a user-facing product. Governance is typically thought of as a way to control and ensure compliance and manage risks, but it can be more broadly defined as the process of managing decision making and implementation within an ecosystem.
The success or failure of a platform will hinge on how you implement that governance. With thoughtful governance, a platform can be an enticing draw for developers that both accelerates development and ensures the quality of applications across your organization’s products. However, poorly implemented governance can easily backfire. If application developers are unclear as to the expectations or feel like governance is an unnecessary hurdle, you can end up with frustrated application teams and slower software delivery.
The strategic play is to find the sweet spot that avoids giving teams too much autonomy or weighing them down with strict compliance hurdles. This sweet spot should make building the right thing the easiest thing. To do that, we benefit from taking a human-centered and Agile product management approach to governance within a platform – implementing it as features of the platform and iterating over time.
What is a platform?
For our purposes, we’ve defined a platform as “a cohesive set of tooling, infrastructure, or services that are reused across multiple products.” A platform becomes a product when a concrete set of “building blocks” is assembled and offered to application teams with documentation, support, and governance. As a product, then, we also expect that it will be iterated and improved upon by a centralized team.
A platform may be designed to support different levels of business needs within the software stack, which means a well-designed technology ecosystem may contain “platforms all the way down.” An infrastructure platform may support an API platform and an application platform, which may in turn provide services for a web content platform or a data platform.
What is platform governance?
Governance deals with the messiness of human behavior, regardless of where in the stack it’s applied. Each platform has unique components that require their own best practices and quality standards when using them — requiring a set of governance processes for success. But unlike the objectivity of technical systems, governance aims to manage human behavior. Governance defines incentives, influences people’s priorities, and makes them consider things they wouldn’t have otherwise — all of which can have unanticipated consequences. So we find that we can apply many of the same strategies to implementing human-centered governance to any flavor of platform.
While governance is typically thought of as a way to control and ensure compliance and manage risks, its implementation can be broader than that. Governance can also include processes, standards, and practices that ensure a consistent level of quality in delivery.
Platform governance helps ensure that the ecosystem of applications is consistent in ways important to the organization, such as in their quality, security, and maintainability. Some of the common areas of platform governance we see across state and federal organizations include standards and guidelines for:
- Security
- Privacy and user data protection
- Accessibility
- Branding and design consistency
- Code quality
- Response time and performance
- Information architecture
- Readability/plain language
Governance as a product: Finding the right balance
Whether enforcing or encouraging, governance is about influencing human behavior, so there’s a measure of behavioral science involved in its implementation. Britain’s Institute for Government famously has a Nudge Unit to test and iterate on ways they can influence human behavior in a broader governance context, from reducing crime to getting people to file their taxes on time. Software governance benefits from the same approach, where we can iterate on it as a product – testing how well each step influences delivery in the right direction.
The governance toolkit can be organized into three buckets: written standards, automated testing and tooling, and manual reviews. A platform typically uses a mix of all three, though the balance between them may change over time as a platform matures. While all governance should be written and shared widely, you’ll find that the implementation techniques that work best for your organization will vary. To find the right balance, platform teams should regularly review and revise these processes as a core feature of the platform.
We recommend organizations start small, with the simplest implementations that will provide the highest value. Start with a written list of policies, standards, and best-practice guidelines. This is your minimal viable governance, if you will. Then watch how it’s adopted, measure success, iterate, and improve on it.
You can then prioritize further enforcement of written governance based on the impacts that would be felt — either by end users or by the organization — if a team doesn’t follow them. In this way you can mature your governance processes, iterating and evolving the standards with the greatest impacts into a system of manual and automated checks.
Some standards won’t need explicit enforcement — either because the teams are mature enough to self-manage those expectations as part of their process or because the consequences of not following them aren’t dire enough to warrant the time and effort spent enforcing them.
Organizations often find they need to be more heavy handed in enforcing standards in a less mature organization or when the stakes are high — such as in the delivery of government digital services, where poor design and delivery can prevent people from accessing the services they need to live.
But how a team goes about enforcing standards and supporting teams is just as important as the governance itself. Manual reviews and gating processes should be as pain-free as possible for the desired outcomes, and they need to be led with a spirit of collaboration and shared goals. Building relationships with development teams can create space to co-design review processes for successful outcomes and smooth what can otherwise become an antagonistic relationship between development teams and governance enforcers.
In short, we should be on a quest to find the sweet spot between enforcement and incentives. That’s how we make the right thing the easiest thing, and it leads to both higher platform adoption and higher quality delivery.
Governance as a strategy for platform adoption
We find that platform governance and platform adoption are intrinsically linked. We can’t talk about one without the other. A key motivation for getting teams to adopt our platform is because we can scale governance with the platform. So an organization may rely on platform adoption as a way to ensure quality. Conversely, if a platform makes it easy to comply with organizational governance, that can incentivize teams to adopt the platform.
The way you choose to implement governance processes can make or break your platform’s adoption and level of success. If an organization is too restrictive or authoritative in its governance, teams may be blocked from delivering business value altogether. On the other hand, if the organization is too permissive, teams may unintentionally deploy unsecure or poor-quality applications that don’t meet user needs. Each organization needs to figure out the right balance based on its culture and appetite for each trade-off.
There are a variety of tools in a platform’s toolbelt to meet quality standards and incentivize platform adoption. These tools may be used to establish different levels of nuance to ensure delivery quality, and they can be layered to complement each other and improve the process over time. In our next post, we’ll take a closer look at the ways a team can layer written, manual, and automated governance with platform incentives to improve quality and delivery.
