Production readiness
A written definition, agreed before build, of what an AI system must do to be considered shipped - covering evaluation, governance, observability, incident response and operating model.
Production readiness is the dividing line between a working demo and a defended production system. It is not a label the team awards itself at launch - it is a written definition agreed before the build starts, signed by engineering, security, risk / compliance and the business sponsor.
What the definition should contain
- An evaluation harness running in CI with a defined regression threshold.
- A red-team harness covering at least 50 adversarial probes across the standard attack classes.
- PII redaction and an audit trail indexed by case or transaction ID.
- Policy-as-code covering every decision the system makes autonomously.
- A runbook for the top ten failure modes and a paged on-call rotation.
- A unit-cost ceiling and a written stop condition.
Why it's the most important artifact a partner signs
When a prospective partner won't write a production-readiness definition into the statement of work, they are selling a pilot. When they will, they are selling a system. The difference, as we argued in Why AI pilots fail, is the entire commercial frame of the engagement.
Who owns the review
A joint review between delivery, security, risk / compliance and product. Single-owner reviews fail in two directions - they either rubber-stamp or veto, rather than produce a working conversation about what's ready and what isn't.