Release Governance¶
Example purpose¶
This artifact defines how LMU/COICP release decisions are governed.
Release governance ensures that internal review, pilot, deployment, deferral, or expansion decisions are based on evidence and accountable risk judgment.
Project¶
LMU Campus Operations and Incident Coordination Platform
Document control¶
| Field | Value |
|---|---|
| Artifact owner | LMU COICP Product Owner |
| Primary reviewers | Architecture Review Board chair, IT security reviewer, AI reviewer, Compliance reviewer, Product Engineer, Campus Operations lead, Campus Safety liaison |
| Status | Accepted for internal-review release governance |
| Last updated | 2026-07-06 |
| Repository target | docs/project-workspace/governance/release_governance.md |
| Related scope | Release, pilot, and release-expansion governance |
Release decision types¶
| Decision Type | Meaning |
|---|---|
| Release | Approved for intended release scope. |
| Limited pilot | Approved for limited real users, data, features, duration, and monitoring. |
| Internal review only | Approved for internal engineering or stakeholder review only. |
| Release with conditions | Approved only if stated conditions are met. |
| Defer | Not approved until additional work is complete. |
| Reject | Not approved and not expected to proceed in current form. |
Current release decision¶
LMU-COICP-RC-001 is approved for internal engineering review only.
It is not approved for operational pilot.
Release evidence required¶
| Evidence | Source |
|---|---|
| Testing summary | docs/project-workspace/testing/testing_readiness_summary.md |
| Defect log | docs/project-workspace/testing/defect_log.md |
| Guardrail verification | docs/project-workspace/testing/guardrail_verification.md |
| AI verification | docs/project-workspace/testing/ai_verification_record.md |
| Release candidate summary | docs/project-workspace/release/release_candidate_summary.md |
| Release decision record | docs/project-workspace/release/release_decision_record.md |
| Release conditions | docs/project-workspace/release/release_conditions.md |
| Operations readiness summary | docs/project-workspace/operations/operational_readiness_summary.md |
| Deployment readiness summary | docs/project-workspace/deployment/deployment_readiness_summary.md |
| Monitoring summary | docs/project-workspace/monitoring/operations_monitoring_summary.md |
| Stewardship summary | docs/project-workspace/stewardship/stewardship_summary.md |
Release authority¶
| Role | Authority |
|---|---|
| Product Owner | Owns final scope decision for internal review or pilot. |
| Architecture Review Board | Can block release on evidence, handoff, architecture, or guardrail integrity concerns. |
| IT Security Reviewer | Can block release on access-control concerns. |
| AI Reviewer | Can block release of AI functionality. |
| Compliance Reviewer | Can block release involving real, sensitive, or production-like data. |
| Campus Safety Liaison | Can block pilot if emergency-boundary wording or behavior is unsafe. |
Release-blocking conditions for pilot¶
- Evidence write failure behavior not verified.
- Handoff evidence gaps unresolved.
- Access-control role matrix incomplete.
- Invalid status transition defect unresolved.
- Emergency-boundary wording not strengthened and retested.
- AI Incident Summary enabled without full AI readiness cycle.
- Real or sensitive data use without data governance, retention, and cleanup readiness.
- No repeated ES-110 release readiness after remediation.
Conditional release rules¶
- Conditions must be explicit.
- Scope limits must be operationally enforceable.
- Accepted risks must have owners.
- Deferred items must remain visible to stewardship.
- Scope expansion requires repeating release and operational readiness.
- Internal-review acceptance cannot be reused as pilot approval.
- Pilot approval requires new evidence after remediation.
Pilot reconsideration criteria¶
Before LMU/COICP can reconsider pilot:
- B-001 evidence write failure simulation completed.
- B-002 access-control role matrix tests completed.
- B-003 invalid status transition fixed and retested.
- B-004 handoff evidence gaps fixed and retested.
- B-008 emergency-boundary warning revised and retested.
- Data cleanup procedure defined.
- Retention expectations defined for any production-like data.
- AI Incident Summary remains disabled unless separately approved.
- ES-110 Release Readiness repeated.
- ES-111 Operational Readiness repeated if scope expands.
Release governance decision¶
LMU/COICP is governed for continued internal engineering review.
LMU/COICP is not governed or approved for operational pilot.