Lessons Learned¶
Example purpose¶
This artifact records lessons learned from the LMU/COICP internal engineering review.
Lessons are useful only if they change the next engineering cycle. Each lesson below has a route, owner, and action.
Project¶
LMU Campus Operations and Incident Coordination Platform
Document control¶
| Field | Value |
|---|---|
| Artifact owner | LMU COICP Product Owner |
| Primary reviewers | Campus Operations lead, IT security reviewer, Architecture Review Board chair, AI reviewer, Compliance reviewer |
| Status | Accepted with actions routed |
| Last updated | 2026-07-06 |
| Related Engineering Stage | ES-114 — Stewardship |
| Project workspace target | docs/project-workspace/stewardship/lessons_learned.md |
Lesson register¶
| ID | Lesson | Evidence Source | Engineering Implication | Action | Owner | Route |
|---|---|---|---|---|---|---|
| L-001 | LMU internal-review scope can be maintained when limits are explicit and repeated. | transition communication, monitoring log, user feedback | Future deployments need direct review-only language. | Keep scope message and repeat at each review session. | Product Owner | ES-112 |
| L-002 | Evidence creation on normal incident intake is visible and valuable. | monitoring log, guardrail monitoring | Evidence-centered architecture is working on the normal path. | Preserve normal-path evidence design. | Architecture Review Board | ES-108 / ES-109 |
| L-003 | Handoff evidence is not yet dependable enough for pilot. | MON-OBS-003, operational event log | Cross-office workflows need stronger evidence completeness. | Fix and retest handoff evidence behavior. | Product Engineer / Architecture Review Board | ES-107 / ES-109 |
| L-004 | Evidence write failure behavior remains the highest trust risk. | DEF-003, guardrail monitoring | Auditability cannot be trusted under failure until verified. | Build failure simulation or manual test harness. | Architecture Review Board | ES-109 |
| L-005 | Access-control approach cannot move to pilot without full role-matrix testing. | DEF-002, access/data monitoring | Approved reviewer access is not equivalent to real-user authorization maturity. | Build and execute access-control matrix tests. | IT Security Reviewer | ES-109 |
| L-006 | AI-disabled status is manageable when directly checked. | AI monitoring record | AI can remain out of scope when monitored explicitly. | Keep AI Incident Summary disabled. | AI Reviewer | ES-110 |
| L-007 | Campus Safety boundary scenario worked but needs stronger wording. | COICP-SYN-322, feedback log | Boundary language must be unambiguous before pilot. | Revise emergency-boundary warning text. | Product Owner / Campus Safety | ES-105 / ES-107 |
| L-008 | Reviewers need field-level examples for closure rationale. | Campus Operations feedback | Workflow quality depends on user guidance. | Add closure rationale examples. | Product Engineer | ES-105 / ES-107 |
Lessons with no immediate action¶
| Lesson | Rationale |
|---|---|
| No operational incidents occurred. | Useful evidence, but not operational readiness proof because review scope was limited. |
Stewardship interpretation¶
LMU learned enough to improve COICP, but not enough to expand it. The next cycle should close trustworthiness gaps before pilot discussion resumes.