Skip to content

12.3 Templates

These templates are copy-paste-ready starting points. Lift any template into your wiki, repository, or ticketing system and fill in the bracketed placeholders. Italicized notes and inline comments explain what belongs in each section; delete them once the section is filled. Keep templates lightweight: a template that is faster to skip than to complete will not be used. Adapt headings and sections to your organization, but preserve the intent of each part.

A few conventions used below:

  • Text in [square brackets] is a placeholder to replace.
  • Text in italics or <!-- comments --> is guidance to delete.
  • Keep the finished document as short as it can be while still answering its questions.

Architecture Decision Record (ADR)

# ADR [NNNN]: [Short title of the decision]

- Status: [Proposed | Accepted | Deprecated | Superseded by ADR-XXXX]
- Date: [YYYY-MM-DD]
- Deciders: [names or roles]
- Consulted: [names or roles]

## Context

<!-- What is the problem, force, or constraint driving this decision?
     State the facts and requirements neutrally. Include only what a
     future reader needs to understand why a decision was necessary. -->

## Decision

<!-- State the choice in one or two clear sentences: "We will ..." -->

## Alternatives considered

<!-- List the realistic options you weighed and why each was or was
     not chosen. At least two alternatives should appear here. -->

- Option A: [summary]; rejected because [reason].
- Option B: [summary]; rejected because [reason].
- Chosen option: [summary]; chosen because [reason].

## Consequences

<!-- Honest results of the decision, both good and bad. -->

- Positive: [benefits gained]
- Negative: [costs, risks, or limitations accepted]
- Follow-up: [migrations, new work, or decisions this triggers]

## Related

<!-- Links to prior ADRs, RFCs, tickets, or docs this relates to. -->

RFC / design doc

# RFC: [Title]

- Author(s): [names]
- Status: [Draft | In review | Approved | Rejected | Implemented]
- Reviewers: [names or roles]
- Created: [YYYY-MM-DD]
- Last updated: [YYYY-MM-DD]
- Ticket / tracking: [link]

## Summary

<!-- One paragraph: what this proposes and why it matters. A reader
     should grasp the essence from this section alone. -->

## Problem and motivation

<!-- What problem are we solving? Who is affected? What happens if we
     do nothing? Include relevant background and constraints. -->

## Goals and non-goals

- Goals: [what success looks like, measurable where possible]
- Non-goals: [explicitly out of scope, to prevent scope creep]

## Proposed design

<!-- The core of the document. Describe the approach, architecture,
     data model, interfaces, and key flows. Use diagrams where they
     clarify. Explain how it works, not just what it is. -->

## Alternatives considered

<!-- Other approaches and why they were not chosen. Shows the reader
     the design space was explored. -->

## Impact and risks

- Security and privacy: [implications and mitigations]
- Performance and scale: [expected load and behavior]
- Operability: [monitoring, failure modes, rollout, rollback]
- Cost: [infrastructure or licensing impact]
- Backward compatibility: [migration and deprecation]

## Testing and rollout plan

<!-- How the change will be validated and released safely. -->

## Open questions

<!-- Unresolved issues you want reviewers to weigh in on. -->

Postmortem / incident review (blameless)

# Postmortem: [Incident title]

- Incident ID: [ID]
- Date of incident: [YYYY-MM-DD]
- Authors: [names]
- Status: [Draft | Final]
- Severity: [SEV1 | SEV2 | SEV3]

> This review is blameless. We focus on systems and contributing
> factors, not on individuals. The goal is to learn and to prevent
> recurrence.

## Summary

<!-- Two or three sentences: what happened, the impact, and the
     resolution, readable by a non-expert. -->

## Impact

- Duration: [start time to recovery time, with timezone]
- Users affected: [scope and number]
- Business impact: [revenue, SLA, reputation, or other]

## Timeline

<!-- Timestamped, factual sequence of events. Include detection,
     escalation, key actions, and recovery. -->

- [HH:MM] [event]
- [HH:MM] [event]

## Contributing factors

<!-- The chain of conditions that led to the incident. Prefer
     "contributing factors" over a single root cause. -->

## Detection and response

- How was it detected? [alert, customer report, etc.]
- What helped the response?
- What slowed the response?

## What went well

<!-- Recognize effective actions and safeguards that worked. -->

## Action items

<!-- Specific, owned, and dated. Address prevention, detection, and
     mitigation. Track these in the normal backlog. -->

| Action | Owner | Due date | Type (prevent/detect/mitigate) | Ticket |
|--------|-------|----------|--------------------------------|--------|
| [action] | [name] | [date] | [type] | [link] |

## Lessons learned

<!-- What the wider organization should take away. -->

Threat model (STRIDE-based)

# Threat model: [System or feature name]

- Author(s): [names]
- Date: [YYYY-MM-DD]
- Reviewers: [security contact, owners]
- Scope: [what is and is not covered]

## System overview

<!-- Brief description of the system, its purpose, and its users. -->

## Assets

<!-- What is worth protecting: data, credentials, functionality,
     reputation. Note the sensitivity of each. -->

## Trust boundaries and data flow

<!-- Describe or diagram components, data stores, external entities,
     and the boundaries where trust changes. -->

## Threats (STRIDE)

<!-- For each element, consider the STRIDE categories. Record each
     credible threat, its risk, and the mitigation or accepted risk. -->

| Threat | STRIDE category | Affected element | Risk (L/M/H) | Mitigation | Status |
|--------|-----------------|------------------|--------------|------------|--------|
| [threat] | Spoofing | [element] | [risk] | [control] | [open/mitigated/accepted] |
| [threat] | Tampering | [element] | [risk] | [control] | [status] |
| [threat] | Repudiation | [element] | [risk] | [control] | [status] |
| [threat] | Information disclosure | [element] | [risk] | [control] | [status] |
| [threat] | Denial of service | [element] | [risk] | [control] | [status] |
| [threat] | Elevation of privilege | [element] | [risk] | [control] | [status] |

## Assumptions and dependencies

<!-- Security assumptions relied upon and external controls trusted. -->

## Open issues and follow-up

<!-- Threats needing further work, tracked as tickets. -->

Runbook

# Runbook: [Task or scenario name]

- Service: [service name]
- Owner: [team]
- Last reviewed: [YYYY-MM-DD]
- Related alerts: [alert names]

## Purpose

<!-- When to use this runbook and what it accomplishes. -->

## Prerequisites

<!-- Access, tools, and permissions needed before starting. -->

## Detection / symptoms

<!-- What the operator observes: alerts, error signatures, dashboards. -->

## Diagnosis

<!-- Step-by-step checks to confirm the problem and narrow the cause.
     Include the exact commands, queries, or dashboard links. -->

1. [step and expected result]
2. [step and expected result]

## Resolution

<!-- Concrete, ordered steps to fix or mitigate. Note any step that is
     risky or irreversible, and how to verify success. -->

1. [step]
2. [verify recovery]

## Rollback

<!-- How to undo the actions if resolution makes things worse. -->

## Escalation

<!-- Who to contact and when to escalate. Secondary on-call, owning
     team, and vendor contacts. -->

## References

<!-- Dashboards, related runbooks, architecture docs. -->

Service README / service catalog entry

# [Service name]

- Owner team: [team]
- On-call: [rotation link]
- Tier / criticality: [Tier 1 | 2 | 3]
- Repository: [link]
- Status: [Active | Deprecated]

## What it does

<!-- One paragraph on the service's responsibility and its consumers. -->

## Architecture

<!-- Key components, dependencies (upstream and downstream), and a
     link to the design doc or diagram. -->

## Interfaces

- APIs / endpoints: [link to spec]
- Events published / consumed: [topics]
- Data stores: [databases, caches, buckets]

## Runtime and deployment

- Environments: [dev, staging, prod]
- How to deploy: [pipeline link and process]
- Configuration and feature flags: [where and how]

## Observability

- Dashboards: [links]
- Alerts: [links]
- Logs: [where to find them]
- SLOs: [link]

## Operations

- Runbooks: [links]
- Common tasks: [scaling, restart, backfill]
- Known issues and limitations: [notes]

## Getting started (for new contributors)

<!-- How to build, test, and run locally. -->

## Contacts

- Slack / chat channel: [link]
- Escalation: [path]

SLO / error-budget policy

# SLO and error-budget policy: [Service or journey name]

- Owner: [team]
- Effective date: [YYYY-MM-DD]
- Review cadence: [e.g. quarterly]

## Service level indicators (SLIs)

<!-- Define each SLI precisely: the measured quantity, how it is
     measured, and from where (ideally the user's perspective). -->

| SLI | Definition | Data source |
|-----|-----------|-------------|
| Availability | [e.g. successful requests / total requests] | [source] |
| Latency | [e.g. proportion of requests under Xms] | [source] |

## Objectives (SLOs)

| SLI | Target | Measurement window |
|-----|--------|--------------------|
| Availability | [e.g. 99.9%] | [e.g. rolling 28 days] |
| Latency | [e.g. 95% under 300ms] | [rolling 28 days] |

## Error budget

<!-- The allowed unreliability: 100% minus the target, over the
     window. State the budget in concrete terms (e.g. minutes/month). -->

- Budget: [derived allowance]

## Policy when the budget is exhausted

<!-- The agreed consequences. Make them concrete and enforceable. -->

- [e.g. Freeze non-critical feature releases until the budget recovers.]
- [e.g. Prioritize reliability work in the next planning cycle.]
- [e.g. Escalate to engineering leadership if breached two windows running.]

## Policy when the budget is healthy

<!-- What extra risk the team may take, e.g. faster rollouts. -->

## Alerting

<!-- Burn-rate alerts and thresholds tied to this SLO. -->

Risk register entry

## Risk: [Short risk title]

- Risk ID: [ID]
- Date raised: [YYYY-MM-DD]
- Owner: [name or role responsible for managing this risk]
- Category: [security | operational | compliance | financial | delivery | vendor]
- Status: [Open | Mitigating | Accepted | Closed]

### Description

<!-- State the risk as: cause -> event -> consequence. What could
     happen, and why it matters. -->

### Assessment

- Likelihood: [Low | Medium | High]
- Impact: [Low | Medium | High]
- Overall rating: [derived from likelihood x impact]

### Current controls

<!-- What already reduces this risk today. -->

### Mitigation plan

<!-- Planned actions to reduce likelihood or impact, with owners and
     dates. If accepting the risk, record who accepted it and why. -->

| Action | Owner | Due date | Status |
|--------|-------|----------|--------|
| [action] | [name] | [date] | [status] |

### Review

- Next review date: [YYYY-MM-DD]
- Decision / notes: [any acceptance sign-off or change]

Project one-pager / product brief

# [Project or product name]: one-pager

- Sponsor: [name]
- Lead: [name]
- Date: [YYYY-MM-DD]
- Status: [Idea | Approved | In progress | Shipped]

## Problem

<!-- One paragraph: the customer or business problem, and evidence it
     is real and worth solving. -->

## Audience

<!-- Who has this problem and who benefits from solving it. -->

## Proposed solution

<!-- A short description of what we will build or change. Keep it at
     the level of intent, not implementation detail. -->

## Why now

<!-- The reason to do this now rather than later. -->

## Success metrics

<!-- How we will know it worked. Prefer measurable outcomes. -->

- [metric and target]

## Scope

- In scope: [what we will do]
- Out of scope: [what we will not do]

## Risks and open questions

<!-- Main uncertainties and dependencies. -->

## Rough plan and milestones

<!-- High-level phases and approximate timing. -->

## Cost and resources

<!-- People, time, and budget required. -->

On-call handoff notes

# On-call handoff: [YYYY-MM-DD]

- Outgoing: [name]
- Incoming: [name]
- Service(s): [names]

## Overall status

<!-- One line: quiet, noisy, or ongoing issue. -->

## Open incidents

<!-- Any active or recently resolved incidents the next responder
     must know about, with links. -->

- [incident, status, and what remains]

## Ongoing or planned changes

<!-- Deploys, migrations, maintenance windows, or experiments in
     flight that could cause alerts. -->

## Noisy or flaky alerts

<!-- Alerts that fired and their real meaning, so the next person is
     not misled. Note any temporary silences and their expiry. -->

## Watch items

<!-- Metrics or systems trending in a concerning direction. -->

## Pending follow-ups

<!-- Tasks handed to the next shift, with links to tickets. -->

## Notes

<!-- Anything else useful: access quirks, vendor issues, context. -->

Change request (for regulated change control)

# Change request: [Change title]

- Change ID: [ID]
- Requester: [name]
- Date submitted: [YYYY-MM-DD]
- Type: [Standard | Normal | Emergency]
- Priority: [Low | Medium | High]
- Status: [Submitted | Approved | Rejected | Implemented | Closed]

## Description of change

<!-- What is changing and why. Reference the ticket or requirement. -->

## Systems and components affected

<!-- Services, data, environments, and users impacted. -->

## Justification and business impact

<!-- The reason for the change and the impact of not doing it. -->

## Risk assessment

- Risk level: [Low | Medium | High]
- Potential impact if the change fails: [description]
- Impact on security, privacy, or compliance: [description]

## Implementation plan

<!-- Ordered steps, responsible parties, and timing. -->

## Test and validation plan

<!-- How success will be verified before and after the change. -->

## Backout / rollback plan

<!-- How to reverse the change if it fails, and the recovery time. -->

## Schedule

- Proposed window: [start and end, with timezone]
- Expected downtime: [duration or none]

## Approvals

| Role | Name | Decision | Date |
|------|------|----------|------|
| Change owner | [name] | [approve/reject] | [date] |
| Technical reviewer | [name] | [approve/reject] | [date] |
| Change advisory board | [name] | [approve/reject] | [date] |

## Post-implementation review

<!-- Outcome, issues encountered, and whether backout was needed. -->

Data Protection Impact Assessment (DPIA) outline

# Data Protection Impact Assessment: [Processing activity name]

- Assessor: [name]
- Date: [YYYY-MM-DD]
- Reviewers: [DPO / privacy contact]
- Status: [Draft | Reviewed | Approved]

## 1. Description of the processing

<!-- What personal data is processed, how, by whom, and for what
     purpose. Include data flows from collection to deletion. -->

- Data subjects: [who the data is about]
- Data categories: [types of personal data, note any special categories]
- Purposes: [why the data is processed]
- Recipients and processors: [who receives or handles the data]
- Retention period: [how long data is kept and deletion method]
- International transfers: [destinations and transfer mechanism]

## 2. Necessity and proportionality

<!-- Is the processing necessary for the purpose? Is it the least
     intrusive option? What is the lawful basis or authority? -->

- Lawful basis / authority: [basis for each purpose]
- Data minimization: [why each field is necessary]
- Accuracy and retention justification: [notes]
- How data subject rights are supported: [access, deletion, etc.]

## 3. Consultation

<!-- Stakeholders, and where relevant data subjects, consulted. -->

## 4. Risks to individuals

<!-- Identify privacy risks and rate each. -->

| Risk to individuals | Likelihood | Severity | Overall |
|---------------------|-----------|----------|---------|
| [e.g. unauthorized access to sensitive data] | [L/M/H] | [L/M/H] | [rating] |

## 5. Measures to reduce risk

<!-- For each risk, the mitigation and residual risk after it. -->

| Risk | Measure | Residual risk | Accepted by |
|------|---------|---------------|-------------|
| [risk] | [control] | [L/M/H] | [name] |

## 6. Outcome and sign-off

- Residual risk acceptable: [Yes | No]
- Measures approved by: [name, role]
- Consultation with supervisory authority required: [Yes | No]
- Review date: [YYYY-MM-DD]