DevOps & DevSecOps Maturity Guide
This guide documents the 24 questions used in the Stonetusker DevOps Maturity Assessment. Each question represents a real capability and is scored from Not doing to Visionary.
Get Your Personalized DevOps ROI Report
Answer these same 24 questions in our interactive assessment to identify delivery friction, reliability risks, and cost leakage across your engineering organization.
Integration
Q1. CI/CD Standardization
Are CI/CD tools standardized and integrated across teams?
Evaluates consistency and reuse of CI/CD tooling.
Q2. Toolchain Automation
Do application, infrastructure, and security tools integrate automatically?
Checks whether automation connects tools or humans act as glue.
Testing
Q3. Test Coverage
Is automated testing implemented across all critical layers?
Measures depth of automated testing.
Q4. Shift-Left Testing
Are tests executed early and continuously?
Focuses on when defects are detected.
Culture
Q5. Collaboration
Do teams collaborate effectively across disciplines?
Assesses cross-functional teamwork.
Q6. Ownership
Is ownership of reliability, security, and cost clearly defined?
Checks accountability clarity.
Infrastructure
Q7. Infrastructure as Code
Is infrastructure managed using Infrastructure as Code?
Evaluates repeatability and versioning.
Q8. Environment Parity
Are environments consistent and reproducible?
Checks configuration drift.
Leadership
Q9. Executive Sponsorship
Does leadership actively sponsor DevOps and SRE initiatives?
Measures leadership commitment.
Q10. Metrics-Driven Decisions
Are delivery and reliability metrics used in decisions?
Checks data-driven leadership.
SRE
Q11. SLOs and Error Budgets
Are SLIs, SLOs, and error budgets defined and used?
Measures reliability maturity.
Q12. Incident Learning
Do incidents drive long-term improvements?
Evaluates learning culture.
Deployment
Q13. Deployment Safety
Are deployments automated and low risk?
Measures release confidence.
Q14. Progressive Delivery
Are canary or blue-green strategies used?
Checks blast-radius control.
Innovation
Q15. Safe Experimentation
Can teams innovate safely?
Measures experimentation enablement.
Q16. Structured Adoption
Are new tools adopted through a structured process?
Checks innovation scalability.
Observability
Q17. System Visibility
Do telemetry signals provide clear visibility?
Measures system insight.
Q18. Proactive Detection
Are issues detected before users are impacted?
Checks early-warning capability.
Design
Q19. Design for Quality
Are scalability, resilience, security, and cost considered early?
Measures design maturity.
Q20. Living Architecture
Are architectural decisions documented and reviewed?
Checks architectural hygiene.
Security
Q21. Security Automation
Are security controls automated?
Measures DevSecOps maturity.
Q22. Vulnerability Management
Are vulnerabilities tracked to remediation?
Checks follow-through.
Cost Optimization
Q23. Cost Visibility
Is cloud cost visible to engineering teams?
Measures financial transparency.
Q24. FinOps in Engineering
Are FinOps practices embedded into workflows?
Checks proactive cost control.
Turn Your Answers Into an Actionable Roadmap
Complete the assessment to receive a clear maturity profile and prioritized recommendations for the next 90 days.
