Process Roadmap

1) Purpose and principles

The roadmap describes how we achieve business metrics through engineering initiatives and when they are delivered.

• Output over output: Goals are measured by SLO/business KPIs (not number of tasks).
• Value Stream Decomposition: Platform, Payments, Data/BI/ML, Security/Compliance, Reliability/Observability, DevEx/IDP.
• Horizons: H1 (0-6 months) - operation; H2 (6-18 months) - scaling; H3 (18 + months) - research/innovation.
• Now/Next/Later and two-speed strategy: quick wins + fundamental projects.
• Evidence-based: each statement is a metric, experiment, or audit.

2) Road map framework (artifacts)

Vision/North Star: 1 page "where do we go" (SLO, target markets, licenses).
Strategic Pillars: Scale, Reliability, Security, Delivery Speed, Economics.
Annual portfolio of initiatives with quarterly increments.
OKR (company → domain → team) and SLO (p95/TTFB, Time-to-Wallet, fault tolerance).
Dependency catalog (regulatory, PSP/KYC providers, backend/client releases).
Risk register and response plan.
RACI on key initiatives.
Release calendar and freeze windows.
Depriction policy and technical debt register.

3) Prioritization: How to choose what to do first

RICE (Reach, Impact, Confidence, Effort) - for product/platform features.
WSJF (Cost of Delay/Job Size) - for infrastructure and risk mitigation.
Guardrails: Do not run initiativen without measurable KPIs, a dedicated owner, and a backward compatibility plan.

4) Value streams and targets

4. 1 Platform/Infrastructure

Objectives: p95 API <1500 ms, autoscaling, canary releases, DR RTO≤1ch/RPO≤5min.

Maturity: from "manual releases" to "policy-as-code + SLO auto-upload."

4. 2 Payments/Conclusions

Goals: Time-to-Wallet p95 ≤ 30c, deposit conversion growth + X%, fault-tolerant smart-routing PSP.

4. 3 Data/BI/ML

Goals: Unified Events Contract, DWH + Streaming, Anti-Fraud-ML, Product Analytics.

4. 4 Safety/Compliance

Targets: PCI/GDPR readiness, SBOM + signatures, "no humans in prod," PAM/SSO + MFA, eBPF/runtime-detection.

4. 5 Reliability/Observability

Objectives: Error budget ≤ 1%, end-to-end OTel, synthetic monitoring of critical scenarios.

4. 6 DevEx/IDP (developer platform)

Goals: TTFPR ≤ 1 day, preview environment per-PR, contract tests everywhere, template catalogs.

5) Example of annual card (H1: 0-6 months, H2: 6-12 months)

H1 (Quarters Q1-Q2)

• IDP MVP: service templates, basic CI (lint + unit + build), preview environments.
• Observability 1. 0: OTel, dashboards p95/5xx/DLQ, alerts SLO.
• Payments v1: 2 PSP + failover, Idempotency-Key, signed webhooks.
• Security Core: SSO + MFA, KMS, basic admission policies, SBOM for each build.

• Canary/Blue-Green, SLO auto-upload.
• Data Platform 1. 0: single event bus, Data Catalog, contract validation.
• Anti-fraud Signals 1. 0 (rules + phicheflags).
• FinOps 1. 0: showback, first budgets and quotas.

H2 (Q3–Q4)

• Smart-routing PSP по SLA/гео, Shadow traffic.
• Resilience: chaos tests for staging, DR-dry wounds.
• Security 2. 0: Image signature + admission-enforce, SOAR playbooks.
• Data 2. 0: DWH + product metrics reports, ML scoring (beta).

• Ring-deployments by region/tenant.
• Cost Guardrails: auto-shutdown of idle resources, rightsizing.
• Compliance pack: PCI/GDPR artifacts, evidence-first audit trails.
• Platform UX: DevPortal 2. 0, Golden Paths, Runbooks as Code.

6) Annual OKRs (example)

• KR1: p95 API < 1. 5s; KR2: MTTR <30 min; KR3: frequency of sales releases ≥ 2/day.

• KR1: + 3 pp deposit conversion; KR2: Time-to-Wallet p95 ≤ 30с.

• KR1: 100% of images signed; KR2: 0 critical/high with no exceptions> 14 days; KR3: − 20% of infrastructure costs/1000 RPS.

7) 12 month delivery plan (template)

8) Resources and composition of teams

Матрица навыков: Platform (K8s/IaC), Payments (PSP/KYC/crypto), Data (Kafka/DWH/DBT), Security (IAM/PAM/SAST/DAST), SRE (SLO/OTel), DevEx (Backstage/CLI).
Capacity-plan: 70% - card initiatives, 20% - support/incidents, 10% - H3 research.
Vendors: Build vs Buy criteria (TCO, lock-in, speed, control, compliance).

9) Budget and FinOps

Unit-economy: €/1000 RPS, €/TB-storage, €/deposit.
Budget SLOs: limits on services/namespaces; auto-alerts for deviations.
Optimizations: rightsizing, spot/subscriptions, caching, cold storage, off-peak batch.

10) Safety and compliance in the roadmap

Built-in "quality gates": SBOM, signature, SAST/SCA, DAST, policy-as-code.
PCI/GDPR packets: DPIA, tokenization, PAN segmentation, audited logs.
"No humans in prod" by the end of Q3: PAM, recording sessions, release "break-glass" audited.

11) Observability and SLO

Единые service level indicators: latency p50/p95/p99, error-rate, saturation.
Business SLI: Time-to-Wallet, deposit conversion, KYC rejection rate.
Error budget controls the release speed: exhausted - focus on reliability.

12) Communications and Management

Ceremonies: Weekly Portfolio (PM + EM + RM), Monthly Steering, Quarterly QBRs

Artifacts: OKR/SLO consolidated dashboard/budget, changelog of strategic decisions.
Transparency: DevPortal with a "live" roadmap (Now/Next/Later, owners).

13) Risks and dependencies (registry template)

14) RACI (example for "Canary releases")

Responsible: Release Manager, SRE

Accountable: Head of Platform

Consulted: Security Lead, QA Lead

Informed: Product/Support/Compliance

15) Initiative launch: Definition of Ready/Done

DoR: owner, target metric, contract/scheme, design dock, risk list, rollback plan.
DoD: tests green (unit/contract/integration/e2e), dashboards/alerts updated, runbook ready, changelog published, metric improved.

16) Experiments, A/B and phicheflags

Any product/risk model - through phicheflag, with progressive activation and telemetry of influence (conversion, latency, errors).
Experiments are recorded in the catalog: hypothesis → result → solution.

17) The policy of deprivation and technical debt

Sunset plan: support period ≥ 2 minor versions, migration adapters, EOL date.

Register of technical debt: risk/value assessment, quarterly "debt sprints."

18) Roadmap maturity checklist

• There is Vision and 5 pillars of strategy.
• 4Q portfolio with measurable OKR/SLO.
• Uniform Prioritization Rules (RICE/WSJF).
• Risk registry and dependencies are relevant weekly.
• RACI/owners assigned, resources confirmed.
• The map is available in DevPortal and is synchronized with the release calendar.
• The policy of deprictions and the register of technical debt are maintained.
• SLO/Error budget controls the pace of releases.
• FinOps dashboard and budget gates are enabled.

19) Example "Now/Next/Later" (view for DevPortal)

Now: IDP MVP, Observability 1. 0, PSP v1 (2 providers), SSO + MFA + KMS.
Next: Canary, Data 1. 0, Smart-routing, DR test, image signatures (enforce).
Later: Ring-deployments, PCI/GDPR audit, ML-scoring anti-fraud, DevPortal 2. 0.

Brief conclusion

The technology roadmap is a living contract between business and engineering. It combines strategy with executable quarterly steps, keeps focus on results (SLO, Time-to-Wallet, conversion), balances speed and risk, and creates transparency: who, what, when and why. By following this template, you transform scale and compliance from a threat to a competitive advantage.