Client-Facing Guides
Handover and adoption guides delivered to clients per milestone (Definition of Done #10). These are written for the client's team, not for internal use — they describe what was delivered, how to operate it, how it maps to compliance frameworks, and how to exit cleanly.
Guides by Package / Milestone
| Guide | Package / Milestone | Audience |
|---|---|---|
| Quick-Win Quality Gates | Quick-Win [QW] / M1 |
Any prospect or Day-30 client — self-service, zero cloud |
| M2a Greenfield Baseline Handover | Baseline [B] / M2a |
Day-0 greenfield Azure client — infrastructure + identity |
| M2b Compliance Monitoring Handover | Baseline [B] / M2b |
Same client — monitoring, DR, evidence, docs |
| Brownfield Adoption | M3 | Day-30/90 clients with existing IaC or Azure DevOps |
| Brownfield In-Place Strategy | M3 (companion) | Deep mechanics: layering modules onto existing configs |
Not Yet Covered
- Advanced "Certification-Ready"
[A]/ M4 — automated evidence platform (Vanta/Drata), SIEM, trust center, vendor/HR controls. Guide to be written when the M4 assets ship.
Conventions
- Each guide names real on-disk module/workflow paths under
modules/,apps/, and.github/workflows/. - Every module reference a client adopts must be pinned to a semver tag via the F11 registry — never
ref=main. - Each guide includes a compliance mapping (cross-referenced to
compliance/*/control-mapping.md), verification checklist, failure modes, and a removal / offboarding path — reflecting the ownership taxonomy (§3.7:[SO]/[CO]/[CA]/[SH]).