Skip to Content
View all events

Governance and Guardrails for AI-Enabled Organizations

Published by O'Reilly Media, Inc.

Deliver fast and stay safe

What you’ll learn and how you can apply it

  • Learn how to set up a governance framework that improves decision-making and reduces risk without creating bottlenecks
  • Build automated guardrails that embed policies into CI/CD pipelines, replacing manual review processes and providing protection when AI tools make everything happen faster
  • Assess your organization’s governance maturity across ownership, enablement, technology choices, and operational practices, and identify the highest-impact areas to improve
  • Implement lightweight governance structures such as technology radars, governance groups, and paved roads that enable team autonomy while maintaining alignment

Course description

Governance matters now more than ever, but most organizations are still doing it badly. Over 90% of engineering teams are using AI tools, and more than 40% of committed code is AI-generated, yet fewer than half of organizations have formal governance policies in place.

Sarah Wells draws on her experience in engineering leadership, running platform engineering and enablement teams, and leading security engineering to show you how to build governance that actually works. You’ll learn how to establish active ownership of your software estate, enable team autonomy without losing alignment, make smart technology choices through lightweight governance structures, and turn policies into automated guardrails embedded in your build and release pipelines. Throughout, you’ll assess your own organization’s governance maturity and identify the highest-impact areas to improve. The practices covered in this course are essential foundations for AI-enabled organizations.

This live event is for you because...

  • You’re a senior or principal engineer who’s responsible for technical direction across teams, and you want practical approaches to governance that engineers will actually follow.
  • You’re an engineering manager or director trying to balance speed of delivery with risk management as your teams adopt AI coding tools.
  • You’re a platform engineer or tech lead who’s building the tools and processes that other teams rely on, and you want to make the right thing the easy thing.
  • You work in an organization that’s grown beyond the point where informal coordination is enough, and you need lightweight structures to keep things from becoming chaotic.

Prerequisites

  • Experience working in a software engineering organization (ideally, one with multiple teams and services)
  • Familiarity with basic CI/CD concepts, deployment pipelines, and microservices or distributed systems
  • No specific tooling or programming language knowledge is required

Recommended preparation:

Think about what governance looks like in your organization: what works, what doesn’t, and where the biggest risks are, including any gaps exposed by your teams’ adoption of AI coding tools

Recommended follow-up:

Schedule

The time frames are only estimates and may vary according to how the class is progressing.

The case for governance (10 minutes)

  • Presentation: What governance is, what it isn’t, and why traditional approaches like change advisory boards don’t work; evidence from the FCA and from Accelerate; reframing governance as the principles, practices, and tools that help teams make safe, consistent decisions; why it matters more now than ever
  • Group discussion: How does governance show up in your organization today?; Is it helpful, or does it mostly feel like overhead?
  • Q&A

Ownership and knowing your estate (20 minutes)

  • Presentation: The spectrum from no ownership to active ownership, illustrated by contrasting the Log4Shell response with the Equifax breach; what active ownership means in practice; why “you build it, you run it” is a governance mechanism; knowing your estate; shadow AI as the new shadow IT; making the invisible visible
  • Q&A
  • Break

Autonomy, alignment, and technology choices (20 minutes)

  • Presentation: High autonomy with low alignment is chaos; high alignment with low autonomy is command-and-control; light-touch governance; what autonomous teams owe the organization; making smart technology choices; the technology radar (Adopt/Trial/Assess/Hold) as a tool for giving engineers a legitimate path to propose something new; the technology governance group; the technology lifecycle—planning for deprecation and migration from the start
  • Q&A

Engineering enablement and paved roads (20 minutes)

  • Presentation: The paved road—templates, libraries, golden paths, and APIs; how platform teams embed governance into the way people work; building for the needs of the majority; key principles; internal developer portals as governance tools; measuring impact
  • Group discussion: What’s the most useful thing your platform team has built?; What do you wish it would build?
  • Q&A
  • Break

Automated guardrails for quality and security (20 minutes)

  • Presentation: Policy → Standard → Guardrail—the hierarchy, with concrete examples; making the right thing the easy thing; building guardrails into your pipeline; turning rules into signals (operability scores, OpenSSF Scorecard); when teams can see a score, they care about the score; testing as governance
  • Q&A

Shipping safely and governing in the AI era (20 minutes)

  • Presentation: Progressive delivery as the ultimate guardrail; canary and gradual rollout replace the CAB; learning from incidents—blameless post-incident reviews as a governance feedback loop; what AI coding tools change and what they don’t; three new challenges (ownership, speed, and security); AI-specific guardrails; friction can be vibe-coded away, but automated guardrails can’t; your enablement work is your AI strategy
  • Q&A

Getting started (10 minutes)

  • Hands-on exercise: Using the governance assessment worksheet, rate your organization across the five areas covered in this course and identify your weakest area
  • Presentation: Good governance is largely invisible, manifesting as helpful automation, clear guidelines, and self-service tools; if developers feel governance as friction, it’s implemented wrong
  • Q&A

Your Instructor

  • Sarah Wells

    Sarah Wells is a technology leader, consultant, and conference speaker with a focus on microservices, engineering enablement, observability, and DevOps. She’s also the author of Enabling Microservice Success (O’Reilly, 2024). Sarah has over 20 years of experience as a developer, principal engineer, and tech director across product, platform, SRE, and DevOps teams. She spent over a decade working at The Financial Times as it transformed, going from 12 releases a year to more than 20,000 and adopting the cloud, microservices, and DevOps.

Skills covered

  • Governance
  • AI Governance