Handbook for Operational Excellence

Toolkit

Toolkit

Architecture without tools remains theory. This module provides the concrete building blocks for implementing technological strategy. It consolidates proven methods, technical standards, legal frameworks, and software evaluations into an action-oriented reference. The focus is on standardisation (boring technology) to reduce cognitive load in engineering teams and ensure compliance.

This module acts as a technical encyclopaedia for day-to-day operations. It provides clear decision support when selecting software licences, programming languages, and infrastructure services.

The Four Categories of the Toolkit

The toolkit is divided into four operational areas:

  • Methods: Process frameworks (C4 Model, DDD, SRE) that define how we design, build, and operate systems.
  • Standards: Legal and regulatory requirements (nFADP, EU AI Act, ISO 27001) that form the framework for secure IT systems.
  • Licences: Analysis of open-source licence models (AGPL, MIT, GPLv3) to avoid legal risks in the software supply chain.
  • Software & Services: Evaluations of programming languages (Go, Rust, PHP), databases (PostgreSQL), and cloud services (AWS, Azure, Cloudflare) for specific use cases.

Table of Contents

Methods

Process frameworks for architecture, design, and day-to-day IT operations.

  • Agile Scaling and Descaling: Scaling agile teams without bureaucratic overhead. How Team Topologies and Conway's Law optimise the organisation.
  • Bounded Context: Drawing precise domain boundaries. How Bounded Contexts serve as the foundation for clean microservice architectures.
  • C4 Model and Docs-as-Code: Systematic visualisation of software architectures. How the C4 Model creates clarity across levels and containers.
  • Compliance as Code: Automated checking of regulatory requirements. How Compliance as Code replaces manual audits with continuous, machine-readable controls.
  • DDD (Domain-Driven Design): Mapping complex business logic in software. How Domain-Driven Design bridges the gap between specialist departments and code.
  • FinOps and Cloud Economics: Financial management of cloud usage. How FinOps creates transparency and secures the economic efficiency of infrastructure investments.
  • GitOps and Reconciliation: Infrastructure management via Git. How GitOps uses declarative configuration and automatic synchronisation to ensure consistency.
  • Golden Path: Standardised development paths for fast, reliable results. How Golden Paths improve developer experience without sacrificing autonomy.
  • InnerSource and Code Openness: Applying open-source principles within the organisation. How InnerSource breaks down knowledge silos and scales collaboration.
  • ITIL vs. SRE: Service management in transition. How classic ITIL processes are automated and made more flexible through Site Reliability Engineering (SRE).
  • Nearshoring and Vendor Integration: Managing IT service providers and nearshoring partners. How partner management secures quality through transparency and shared goals.
  • Blameless Post-Mortems: Learning from incidents without blame. How blameless post-mortems improve operational resilience and team trust.
  • Refactoring: Improving code without changing behaviour. How systematic refactoring keeps technical debt under control.
  • RFCs and ADRs: Asynchronous documentation of architecture decisions. How RFCs and ADRs democratise the decision-making process and make it traceable.
  • Strangler Fig Pattern: Replacing legacy systems incrementally. The Strangler Fig Pattern as a safe migration strategy for live production systems.
  • 20% Tech Debt Rule: Managing technical debt in day-to-day work. How the 20% rule and Dependency Bankruptcy preserve the team's ability to act.

Standards

Legal requirements, technical standards, and regulatory guardrails for IT systems.

  • EMBAG: Open source by default for Swiss federal authorities. What EMBAG means and what obligations it creates for public IT contracts.
  • EU AI Act and Explainable AI: The first comprehensive regulation of artificial intelligence. How the EU AI Act defines risk categories and enforces transparency requirements.
  • EU Whistleblower and Secure Cryptography: Protection of whistleblowers and requirements for internal reporting channels. Why secure cryptography is essential for whistleblowing systems.
  • Green IT and Software Carbon Intensity: Measurable sustainability in IT. How Software Carbon Intensity (SCI) and hardware lifecycle standards improve the ecological footprint.
  • ISO 27001 and Compliance-as-Code: The international standard for information security. How ISO 27001 serves as a framework for risk management and compliance.
  • MCP (Model Context Protocol): An open standard for connecting AI models to data sources and tools. How MCP ensures the interoperability of AI agents.
  • nFADP / DSG and Privacy by Design: The new Swiss data protection act (nFADP). How privacy by design and technical deletion concepts ensure compliance.
  • Open Source Definition (OSI) and SLSA: The definition of true open-source software. Why adherence to OSI criteria is critical for avoiding vendor lock-in.
  • Software Asset Management (SAM): Systematic management of software licences. How ISO 19770 and automated SAM processes optimise audits and costs.
  • SBOM (Software Bill of Materials): Transparency about software dependencies. How an SBOM makes supply chain risks visible and meets regulatory requirements.
  • US Cloud Act and Sovereign Cryptography: US legislation and its global implications. Why the US Cloud Act affects data sovereignty in European clouds.

Licences

Overview and analysis of open-source licence models for enterprise use.

  • AGPL: The strictest copyleft licence for web services. Why the AGPL requires source code disclosure even for pure network access.
  • Apache 2.0: The enterprise-grade open source licence. How Apache 2.0 provides commercial certainty through explicit patent rights and permissive terms.
  • BSD: Maximum freedom for developers. Why BSD licences (and variants) often form the foundation of core internet infrastructure.
  • BSL and Fair Source: Between open source and commerce. How BSL and Fair Source allow companies to share code whilst limiting competitive use.
  • GPLv3: The manifesto of free software. How GPLv3 enshrines the copyleft effect and what organisations must consider when using it.
  • MIT: The world's most straightforward licence. Why the MIT licence has become the standard for modern JavaScript and web libraries.

Software

Evaluations of programming languages, databases, and application software.

  • Banana Accounting: The trusted Swiss solution for accounting and finance. Why Banana is a standard choice for SMEs and associations.
  • C# and .NET: Microsoft's enterprise framework. How C# and .NET stand out in large organisations through performance and first-class tooling.
  • Chatwoot: The open-source alternative to Intercom and Zendesk. How Chatwoot enables sovereign customer support across all channels.
  • Claude Code: The command-line tool for AI-assisted development. How Claude Code automates the entire development workflow.
  • Cursor IDE: The next generation of software development. How Cursor as an AI-native IDE fundamentally improves the developer experience.
  • Drupal: The modular enterprise CMS. Why Drupal is the preferred choice for complex, data-heavy portals and public sector organisations.
  • Flutter: UI development for every platform. How Flutter reduces costs through a single codebase for iOS, Android, web, and desktop.
  • Go: The language of the cloud era. Why Go (Golang) became the standard for infrastructure through simplicity, speed, and efficient parallelism.
  • Grav CMS: The modern flat-file CMS for maximum performance. Why Grav CMS is the ideal foundation for knowledge bases and fast company websites.
  • Joomla: The all-round talent for web portals. Why Joomla is a strong choice for complex community sites and association portals.
  • LAMP Stack: The classic stack of the internet. Why the combination of Linux, Apache, MySQL, and PHP still underpins 80% of all websites.
  • Laravel: The modern PHP framework for professionals. How Laravel brings the elegance of Ruby on Rails to the PHP world and accelerates development.
  • Matomo: Web analytics with full data sovereignty. Why Matomo is the logical choice for privacy-compliant organisations (Google Analytics alternative).
  • Mautic: The only true open-source marketing automation platform. How Mautic automates sales through personalisation and campaign management.
  • Node.js: JavaScript everywhere. Why Node.js — through its event-driven architecture — is ideal for modern real-time web services and APIs.
  • Obsidian: The personal knowledge base. Why Obsidian — through its local flat-file principle and powerful linking — is the ideal tool for managing complex knowledge.
  • Open Code CLI: The interface between humans and AI systems. How the Open Code CLI standardises access to LLMs and automates workflows.
  • PHP: The language of the web. Why PHP today — through version 8+ and frameworks such as Laravel — is more modern and performant than its reputation suggests.
  • PostgreSQL: The world's most advanced open-source database. Why PostgreSQL is the gold standard for relational data and AI vectors.
  • Python: The lingua franca of data science and AI. Why Python is indispensable for innovation through its library diversity and simplicity.
  • Rocket.Chat: Sovereign real-time communication for teams. Why Rocket.Chat is the more secure alternative to Slack for confidential projects.
  • Rust: Performance without compromising safety. Why Rust is the language for business-critical system software and WebAssembly.
  • Symfony: The solid foundation for enterprise PHP. Why Symfony excels in large projects through stability and component architecture.
  • Tryton: The modular enterprise ERP. How Tryton maps complex business processes through flexibility and a clean technical core.
  • Vtiger CRM: Open-source CRM for the mid-market. Why Vtiger is a pragmatic choice for structuring sales and service processes.
  • WordPress: The operating system of the web. Why WordPress — despite criticism — remains the most flexible choice for content marketing and SME websites.

Services

Managed infrastructure, cloud platforms, and enterprise services at a glance.

  • Adobe Creative Cloud: The industry standard for design and creativity. How Adobe Creative Cloud is integrated and licensed within organisations.
  • AWS: The world's largest cloud provider. Why AWS remains the reference for cloud infrastructure through its vast range of services and global presence.
  • Azure: The cloud for the Microsoft ecosystem. How Azure excels in enterprise environments through its integration of Windows, M365, and Active Directory.
  • Backstage: The framework for internal developer portals. How Backstage improves developer experience (DevEx) by centralising services and documentation.
  • Bexio: The cloud software for Swiss SMEs. Why Bexio is the standard for accounting, invoicing, and payroll in small businesses.
  • Classic Frontend: Web development without framework overhead. Why Vanilla JS, CSS, and SSR are often the more stable and performant choice for long-lived websites.
  • Claude: The AI model for precise writing and coding. Why Claude from Anthropic is often the preferred choice for complex textual tasks.
  • Cloudflare: Security and performance at the network edge. How Cloudflare accelerates the internet through CDN, DDoS protection, and serverless computing.
  • ERPNext: The open-source ERP for all industries. How ERPNext digitalises organisations through modularity and a modern Python architecture.
  • Gemini: Google's answer to the AI revolution. How Gemini enables new productive workflows through deep integration with Workspace and Android.
  • GitLab: The complete DevOps platform. Why GitLab is the heart of modern software teams through its integrated CI/CD and security features.
  • Google Cloud: Cloud infrastructure with a focus on data and AI. Why Google Cloud is the best choice for high-performance data pipelines and machine learning.
  • Grafana and Prometheus: Prometheus and Grafana as an observability engine. Digital immune systems, metrics-based polling, and automated remediation.
  • Java and Spring Boot: The powerhouse for enterprise backends. Why Java with Spring Boot remains the first choice for business-critical, highly scalable systems.
  • Keycloak: Sovereign identity management for modern IT. How Keycloak enables single sign-on (SSO) and security without US dependency.
  • Kubernetes: The operating system of the cloud. Why Kubernetes (K8s) is the foundation for scalable, resilient, and automated infrastructure.
  • Magento: The heavyweight for demanding e-commerce. Why Magento (Adobe Commerce) remains the first choice for complex online shops.
  • Microsoft 365: The standard for digital collaboration. How Microsoft 365 structures productivity and governance in organisations.
  • Odoo: The modern all-in-one business tool. How Odoo digitalises the complete process from CRM to accounting through modular apps.
  • OpenAI: The pioneer of modern AI. How OpenAI democratised the integration of artificial intelligence in software through GPT models and APIs.
  • Pickware: E-commerce and ERP hand in hand. Why Pickware is the ideal solution for Swiss online retailers with physical warehouses.
  • Power BI: Data visualisation for decision-makers. How Power BI transforms complex datasets into interactive dashboards and valuable insights.
  • Sage: Software for Swiss accounting. Why Sage is a proven choice for financial accounting and HR administration in SMEs.
  • Salesforce: The world's leading CRM platform. How Salesforce consolidates sales, service, and marketing in a powerful cloud architecture.
  • SAP S/4HANA Cloud: The ERP cloud for large enterprises. How SAP S/4HANA Cloud drives the global transformation and standardisation of business processes.
  • SAP Commerce Cloud (Hybris): The enterprise e-commerce solution from SAP. Why SAP Commerce Cloud (Hybris) is the standard for complex B2B and omnichannel scenarios.
  • Shopify: E-commerce without maintenance overhead. Why Shopify is the preferred choice for rapid growth and D2C brands.
  • Shopware: The leading e-commerce platform from Germany. API-first architecture, Community Edition (MIT), and AI-powered Copilot features.
  • Squarespace: Beautiful websites for beginners. Why Squarespace is the reference for design-focused portfolios and small service providers.
  • Terraform and OpenTofu: Infrastructure as Code (IaC) for the cloud. Why Terraform and OpenTofu are the indispensable tools for reproducible environments.
  • TypeScript: Safe JavaScript for large applications. Why TypeScript reduces error rates and improves maintainability through static typing.
  • Vibe Kanban: Orchestrating AI coding agents. How Vibe Kanban unifies planning, execution, and code review in a single interface.
  • Webflow: Professional web design without code. How Webflow bridges the gap between graphic design and frontend engineering.
  • Wix: The website builder for quick results. Why Wix is a pragmatic choice for straightforward web presences.

Glossary

Definition of the core technical terms used across software architecture, cloud infrastructure, and IT management.

  • Glossary: Definition of the core technical terms used across software architecture, cloud infrastructure, and IT management.