Service

Platform Health Check

Q: How long does a Platform Health Check take?

A typical engagement takes 2 weeks from kickoff to final report. This includes initial documentation review, technical deep-dives, stakeholder conversations, and report preparation. Timelines can flex slightly depending on system complexity and stakeholder availability.

2 weeks. Board-ready assessment with 90-day roadmap.

Your platform is slowing down. Incidents are becoming more frequent. Technical debt is mounting, but nobody can quantify it. Leadership wants answers, and your team is too deep in the work to see the full picture.

A Platform Health Check gives you an honest, independent assessment of where you stand. Not a vague "you have technical debt" conclusion, but a risk-ranked view your board can understand and a pragmatic roadmap your team can execute.

Signs you need this

Delivery is slowing down, but nobody can explain why
Architecture decisions were made years ago and nobody remembers the rationale
You're accumulating debt you can't quantify
Reliability or security concerns that leadership can't put numbers to
Teams arguing about priorities without shared facts
Preparing for fundraise and need confidence in your technical story

What you get

Architecture Snapshot

Current-state map of your system architecture. How components connect, where data flows, what depends on what. Often the first time anyone has documented this clearly.

Risk Register

Every significant risk ranked by business impact, not just technical severity. Likelihood, blast radius, and remediation complexity for each. This is what your board needs to make informed decisions.

Operability Review

Assessment of availability, observability, and incident readiness. Can you detect problems before customers do? Can you diagnose issues quickly? Do you have runbooks that actually work?

Data and Tenancy Assessment

Review of data segregation, access controls, and privacy posture. Critical if you're in regulated sectors or handling sensitive customer data. Where are the boundaries? Are they enforced?

90-Day Remediation Plan

Sequenced work packages with clear dependencies. What to tackle first, what can wait, and why. Not a wishlist but a realistic plan your team can execute alongside normal delivery.

Executive Summary

Board-ready document that translates technical findings into business language. Suitable for sharing with investors, board members, or executive leadership without further translation.

What's not included

Hands-on remediation work (that's a separate engagement)
Penetration testing or formal security audit
Compliance certification (ISO, SOC2, etc.)
Detailed cost estimates for remediation
Ongoing monitoring or support

If you need any of these, we can discuss as follow-on work or I can recommend specialists.

How it works

Kickoff and Access

60-minute call to understand context, priorities, and constraints. You provide read-only access to repositories, documentation, and monitoring. I sign your NDA if required.

Deep Dive (Week 1)

Systematic review of architecture, codebase, infrastructure, and operational practices. Short conversations with key engineers and stakeholders. I work mostly asynchronously to minimise disruption.

Analysis and Report (Week 2)

Findings synthesis, risk ranking, and roadmap development. Draft report shared mid-week for fact-checking. Final report with executive summary delivered end of week 2.

Readout and Handover

90-minute session to walk through findings with your leadership team. Q&A, clarifications, and discussion of next steps. Optional: separate board-level presentation if needed.

Common questions

How long does it take?

Two weeks from kickoff to final report. This includes initial documentation review, technical deep-dives, stakeholder conversations, and report preparation. Timelines can flex slightly depending on system complexity and stakeholder availability.

What access do you need?

Read-only access to code repositories, architecture documentation, monitoring dashboards, and incident history. I also need time with key technical staff and stakeholders. I don't need production database access or customer data.

Will this disrupt our team?

Minimally. I typically need 2-3 hours total from senior engineers and 1-2 hours from leadership. Most of my work happens asynchronously through documentation review and system analysis.

What if we already know our problems?

Most teams know some of their problems but lack the full picture or struggle to prioritise. The value is in independent validation, discovering blind spots, and creating a board-ready narrative that builds confidence with stakeholders.

Is the report just a list of problems?

No. The report includes a prioritised remediation roadmap with sequenced work packages. Each finding is ranked by business impact, not just technical severity. You get actionable next steps, not just a catalogue of issues.

Can you help implement the recommendations?

Yes, through a Fractional CTO engagement or Architecture Review sessions. Many clients start with a Health Check and continue with ongoing support.

Related services

Technical Due Diligence →Fractional CTO →Architecture Review →

Need clarity on your platform's health?

Tell me what's prompting this and I'll let you know honestly whether a Health Check is the right fit.

Book a 30-Minute Call Email Instead

References available on request. I typically respond to emails within 2 business days.