Skip to content

DHI Development Standards & Guidelines

Creating a Software Technology Landscape for a software development company as DHI, involves organizing the broad and evolving ecosystem of software technologies of DHI into meaningful categories or layers. This can help guide decision-making, identify trends, and visualize the relationships among technologies.

Note

In case you want to suggest additional guidelines, please contact the Architecture Board.

Development Roles

Each set of guidelines is taged with the guideline owner and the role(s) that the guidelines are intended for.

The roles are:

  • Architect
  • Backend developer
  • Frontend developer
  • Infrastructure/DevOps Engineer
  • Product Owner/Project Manager
  • Tester

Guideline Enforcement Levels

Every set of DHI guidelines available contains information on who should use the guidelines and have an enforcement level describing if it is mandatory to apply to the guidelines or if it is DHI best practice.

Individual guidelines could contain both mandatory, expected, important, and good pratice. If so, this will be stated within the guidelines.

In such case the overall guideline priority will have an importance maching the highest enforcement level.

Enforcement Level Description Exceptions
1 - Mandatory It is mandatory for affected development staff apply to guidelines and cannot be bypassed. Efforts to apply must be planned in a sprint in the near future.
Apply for all products or projects.
These guidelines are e.g. security, legal or license compliance rules.		 Yes, but rare
2 - Expected It is required for affected development staff apply to guidelines. Efforts to apply must be planned in a sprint in the near future.
Apply for new products or projects.		 Yes
3 - Important It is highly recommended for affected development staff apply to guidelines. Efforts to apply should be added to the backlog but not planned
Recommended for all products or projects.		 Not required
4 - DHI good practice It is not required to apply guidelines. Guidelines are recommended and DHI good practice to follow when doing software development. N/A

Exceptions

Exceptions can be requested to the approving authority.

Acceptable reasons for not applying to enforcement levels of development guidelines typically include:

  • Technical infeasibility
  • Legacy system constraints
  • Regulatory or contractual conflicts
  • Disproportionate cost relative to risk
  • Time‑critical delivery with planned remediation
  • Platform or vendor limitations

Not acceptable:

  • We prefer not to
  • Lack of awareness of the guideline
  • Short‑term speed without mitigation

Exception Request Process (Step‑by‑Step)

A formal exception request must be sent to the approver according to the table below.

Enforcement level Approval
1 - Mandatory CTO/Architecture Board/Security/Legal (as relevant)
2 - Expected Architecture Board
3 - Important The product owner or the Architecture Board
4 - DHI Best Practice N/A

The exception request must contain the following information:

  • The team requesting the exception
  • Which guideline is not followed
  • The enforcement level
  • The scope (component, system, environment)
  • The reason for the exception request, describing why compliance is not feasible or advisable.
  • Mitigations: Compensating controls, monitoring, testing, or documentation measures.
  • Duration: Temporary (with expiry date) or Permanent (with justification)

Guideline Categories

The Software Technology Map is divided into categories containing one or more guidelines.

Development

Guidelines focused on how software is designed, built, tested, and maintained. This includes coding standards, architectural principles, code quality practices, testing methodologies, and secure development processes.

Monitoring & Observability

Monitoring & Observability is mapping out the stack of tools, practices, and approaches DHI uses to ensure systems are reliable, performant, and transparent. This is the layer that answers:

  • Is my system healthy?
  • How do I know?
  • How fast can I detect and fix problems?

Guidelines

  • 3rd Party Dependency Guidelines (in progress)
    Managing third-party dependencies is crucial for building reliable, secure, and maintainable software. These guidelines contain topics such as:

    • License types
    • Security and Maintenance
    • Compliance og Governance

    Contact: Kristian Thage

  • Monitoring and Observability (in progress)
    Monitoring and Observability in Software Development are crucial practices that help teams ensure health, performance, and reliability of their applications and infrastructure. While closely related, these terms are distinct in scope and purpose.
    Contact: Bogdan Kurbetyev
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer

Programming Languages & Frameworks

Programming Languages & Frameworks is like the foundation of the toolkit of a software development company, it shapes what kind of software gets built, how fast, and how maintainable it will be.

Guidelines

  • Code Documentation (in progress)
    Code and repository documentation captures intent, usage, and structure so others (and future you) can quickly understand, operate, and safely evolve the system—reducing onboarding time, errors, and long-term maintenance cost.
    Contact: Bogdan Kurbetyev
    Roles: Architect, Backend developer, Frontend developer
  • Code Development Patterns and Practices (not started)
    Code Development Patterns and Practices are used to establish a consistent, high-quality approach to writing software across teams and projects. These guidelines act as a shared contract between developers, architects, and reviewers, ensuring that code is readable, maintainable, and aligned with best practices.
    Roles: Architect, Backend developer, Frontend developer

  • Back-end Frameworks (in progress)
    Backend Framework Guidelines define which backend frameworks we standardize on, how they are used, and under which constraints, for systems serving desktop applications, web applications, and cloud services.
    Because desktop and web clients have different lifecycle, connectivity, security, and deployment characteristics, these guidelines ensure:

    • Consistent backend architecture across products
    • Clear separation between client-specific concerns and backend responsibilities
    • Predictable security, performance, and operability
    • Sustainable evolution of shared backend platforms

    Contact: Bogdan Kurbetyev
    Roles: Architect, Backend developer

  • Branching Strategy (in progress)
    Branching strategy guidelines are the DHI house rules for how teams use version control so code changes don’t turn into chaos. They help coordinate multiple developers working in the same repo, keep the main codebase stable, and make releases smoother.
    Contact: Oleksandr Kovalchuk
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer, Product Owner/Project Manager

  • Open standards & Agnosticism (not started)
    Using publicly available technical specifications and data formats that anyone can use will ensure interoperability between systems, applications, and devices.
    Being provider and service agnostic will be included in these guidelines.
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer
  • Programming Languages (not started)
    Conventions and best practices that help developers write clear, maintainable, and consistent programs in the prefered DHI programming languages.
    Roles: Architect, Backend developer, Frontend developer
  • Web UI Development (in progress)
    Guidelines to provide a common standard for front-end development at DHI. It helps to ensure consistency across projects, improve maintainability, and simplify collaboration between web developers.
    Contact: Dylan Kime
    Roles: Frontend developer

Testing & Quality Assurance

Testing & Quality Assurance (QA) means laying out the methods, tools, practices, and roles that make up the QA ecosystem.

Guidelines

  • Testing guidelines (in progress)
    Establish foundational testing principles and practices that ensure consistent quality standards across DHI’s diverse application portfolio, while maintaining flexibility in testing approaches to tailor to specific context of each application.
    Contact: Nita Renanta
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer, Product Owner/Project Manager, Tester

Infrastructure

Guidelines that cover the systems supporting software—from cloud platforms and servers to networks, deployment pipelines, monitoring, and operational reliability. These ensure applications run efficiently, securely, and at scale.

Databases & Storage

Database and Storage are the backbone categories in a technology landscape, because it deals with how applications persist, query, and manage data.

Guidelines

  • Database and Storage (in progress)
    Guidelines for storing data ensuring performance, scalability, and maintainability.
    Contact: Bogdan Kurbetyev
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer

Infrastructure & Platforms

Infrastructure & Platforms are the foundation that supports how software gets built, run, and scaled. It’s the layer that makes everything else possible, like the roads, power grid, and utilities in a city.

Guidelines

  • Deployment & Infrastructure (in progress)
    Guidelines for Deployment & Infrastructure outline how solutions should be deployed, operated, and maintained across environments. They define standards for environment setup, release processes, automated deployment pipelines, security controls, monitoring, resilience, and operational readiness. The goal is to ensure reliable, consistent, secure, and scalable deployments that support stable operations and efficient delivery across the organization.
    Contact: Peter Lorentzen
    Roles: Infrastructure/DevOps Engineer
  • DevOps & CI/CD
    Continuous Integration and Continuous Delivery/Deployment are closely related practices that aim to improve software development and operations through automation, collaboration, and iterative delivery.
    Contact: Oleksandr Kovalchuk
    Roles: Infrastructure/DevOps Engineer
  • DHI Public NuGet Packages Policy (Published)
    Using NuGet feeds effectively within software development projects requires some best practices and guidelines to ensure reliability, maintainability, and security.
    Contact: Senthil Kumar Shanmugasundaram
    Roles: Architect, Backend developer, Infrastructure/DevOps Engineer
  • GitHub Governance (in progress)
    GitHub governance defines an org model with restricted permissions and controls on repo visibility to prevent unauthorized access.
    Repository creation follows standardized templates and required files to ensure consistency and security.
    Tags are governed through protected rulesets to control creation, deletion, and release integrity.
    Contact: Ryan Walter Murray
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer
  • Infrastructure as Code (in progress)
    In software development, adopting IaC comes with best practices and guidelines to ensure reliability, maintainability, security, and scalability.
    Contact: Marie Lund Larsen
    Roles: Infrastructure/DevOps Engineer
  • Inner-Sourcing (in progress)
    Guidelines for applying open-source development principles, workflows, and culture inside DHI's private codebase.
    The inner sourcing guidelines are written in connection with the North Star project.
    Contact: Henrik Anderson
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer, Product Owner/Project Manager, Tester
  • Tools and Applications (in progress)
    Describes the recommended tools and applications and how to get them.
    Contact: Bogdan Kurbetyev
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer, Product Owner/Project Manager, Tester

Management & Compliance

Guidelines related to governance, project management, risk handling, regulatory requirements, documentation, and audit readiness. These ensure that software projects follow organizational policies and legal standards.

Collaboration & Project Management

Collaboration and Project Management is all about how teams plan, track, communicate, and deliver software projects.

Guidelines

  • Software Development Process (in progress)
    Describes the overall recommended development process with references to specific guidelines.
    Contact: Nita Renanta
    Roles: Product Owner/Project Manager

  • Reusable Assets Catalog (not started)
    A reusable assets database ensures that software components (code, services, templates, models) are visible, trusted, and easy to reuse, rather than repeatedly rebuilt.
    It enables faster delivery, lower cost, higher quality, and consistent architecture by turning proven solutions into shared, governed building blocks.
    It is the plan to have AI agents generate the assets catalogue e.g. monthly.
    Roles: Product Owner/Project Manager

Reviews & Audits

Whereas reviews improve quality early, catch mistakes before they spread and share knowledge within the teams, audits ensure adherence to standards, processes, security practices, or regulatory requirements.

Guidelines

  • Design Review (in progress)
    Examines architecture, system design, data models, the use of architecture decision records (ADR), and interfaces before or during implementation.
    Contact: Sam Johnson
    Roles: Architect, Backend developer, Frontend developer
  • Development Process Audit (not started)
    Checks compliance with defined development processes.
    Roles: Architect, Backend developer, Frontend developer
  • Security Audit (not started)
    Examines code, dependencies, and configurations for vulnerabilities.
    Roles: Architect, Backend developer, Frontend developer

Security & Compliance

Security & Compliance is like mapping out the “defense systems” of the company, everything that protects data, ensures trust, and keeps the organization in line with regulations. It usually spans across tools, processes, frameworks, and cultural practices.

Guidelines

  • Secure Development Practices (in progress)
    Secure development practices ensure software is built safely by following secure coding standards, identifying and reducing threats early, reviewing and testing code for vulnerabilities, managing third‑party dependencies through scanning and version control, and maintaining secure build and release processes throughout the lifecycle.
    Contact: Kristian Thage
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer, Product Owner/Project Manager, Tester

Emerging Technologies

Emerging technologies refers to new and rapidly developing innovations that have the potential to significantly impact industries, economies, and society. They’re not fully mainstream yet, but they’re advancing quickly and could reshape the way we live and work.

Artificial Intelligence

Guidelines

  • Artificial Intelligence (AI) (in progress)
    Ensure that AI is used ethically, efficiently, and safely throughout the software development lifecycle.
    Contact: Franz Thomsen
    Roles: Architect, Backend developer, Frontend developer, Infrastructure/DevOps Engineer, Product Owner/Project Manager, Tester