O Olinske

2026-06-06

Chapter 10: Reliability Execution and the Next Quarter

Closing chapter of the Reliability Survival Guide. Converts doctrine into a reliability week, a quarterly operating plan, and an executive conversation model.

Last reviewed: 2026-06-06

cloud-architecturereliabilityleadershipoperations

The book should not end with principles. It should end with a plan.

Chapter 9: Governance | Chapter 12: Reliability Pricing and the SaaS Margin Trap →

This chapter exists to convert all the earlier doctrine into a practical operating cadence that leaders and engineering teams can use immediately.

Quarterly reliability execution rhythm

Reliability week

The five-day reliability week is the most concentrated way to turn the earlier chapters into action.

Day 1: business criticality and tiering

Day 2: dependency and control-plane mapping

Day 3: runbook and playbook hardening

Day 4: timed simulation

This is the day the book becomes real. The simulation is a structured, timed exercise in which your team executes recovery for a declared failure scenario against a Tier 1 service. The goal is not to cause a real outage. The goal is to measure your P95 recovery time under conditions that are as close to real as you can safely create.

For teams with chaos engineering tooling in place (Azure Chaos Studio, AWS Fault Injection Service, LitmusChaos, or Gremlin), Day 4 is where those tools run. A chaos experiment is not a random destructive act. It is a hypothesis: “We believe our system recovers from X failure class within Y minutes, with Z impact to customers.” The experiment either confirms or refutes it. Both outcomes are useful. Most teams discover that their runbook assumptions, their detection latency, or their communication paths underperform the declared recovery time. That is the finding Day 4 is designed to produce.

Teams without formal chaos tooling can still run Day 4. Manually terminating a replica, blocking a dependency call, or simulating an identity outage in a staging environment with production topology is a valid simulation. The tool is not the exercise. The measurement is the exercise.

Day 5: executive decision package

The purpose is not theater. The purpose is to make hidden reliability assumptions visible in one focused cycle.

Simulation quality requires pass and fail criteria.

Minimum pass rule for Tier 1 scenarios:

  • measured P95 recovery time is within target plus or minus 20%
  • customer journey success returns to target band within declared BR target

If criteria are missed, the scenario is a fail and remediation work is scheduled before the next major release window.

The quarterly operating rhythm

Teams do not need a heroic permanent war footing. They need a reliable cadence.

A survivable quarter usually includes:

  • monthly leading-indicator review
  • one simulation exercise
  • one ADR review for major services or changed assumptions
  • one executive scorecard refresh
  • one decision package that names funded versus unfunded reliability work
  • one repeated architecture review using a standard question set so the team can compare this quarter’s answers against the last one instead of starting from zero

If a team skips two consecutive required reliability activities, unresolved risk is escalated to product and finance leadership with explicit acceptance or funding decision.

This is how reliability moves from incident-driven emotion to managed operating rhythm.

Time and the execution budget

The quarterly rhythm is constrained by how quickly your systems detect and recover from failures.

If your average time-to-detect is 30 minutes and your average time-to-recover is 2 hours, each incident consumes roughly 2.5 hours of operational budget. That incident also delays planned reliability work for the rest of the day.

If you have one incident every two weeks, that is 2 incidents per month, 24 hours per month spent on incidents, roughly 300 hours per year. That is equivalent to the full availability of one engineer.

The quarterly reliability plan must account for this: the faster your detection and recovery, the more time is available for planned resilience work instead of reactive incident management.

The useful leadership conversation is not “Should we fund reliability?” It is “What risk are we accepting, what does it cost, and who owns it?”

That is a very different conversation.

It removes vague support for resilience and forces real decisions on priority, premium, and exposure.

The board-level model

The board does not need every technical detail. It needs a compact operating picture.

The most useful one-page view includes:

  • revenue at risk per hour on the top paths
  • error budget burn by tier
  • tested failover coverage
  • backup operator coverage
  • P95 recovery time versus target
  • change failure rate
  • top concentration risks
  • major reliability debt exposure

That is enough to move reliability into governance instead of leaving it as engineering prose.

Practical checklist

What to do next quarter

  1. Tier the top 20 products.
  2. Price one hour of outage for the top three revenue paths.
  3. Run one timed end-to-end recovery exercise.
  4. Record one explicit reliability trade-off in an ADR.
  5. Re-run one structured reliability review questionnaire and compare the answers to the previous quarter.
  6. Build one board-ready reliability scorecard.

Bottom line

If the book is a survival guide, the final chapter has to leave the reader with action rather than admiration. The right close is not inspiration. It is a practical next quarter.

The next step is execution on calendar, with explicit owners and measurable outcomes.

Use the companion appendix for drop-in templates, burn-rate gates, and scorecard artifacts: content/posts/000028-reliability-operating-artifacts-and-policy-templates.md.