Skip to content

Mon – Fri · 10:30 – 18:30 IST

The Architecture Review Checklist

The five-stage checklist we run before committing build budget — published in full. Use it to pressure-test a system on paper while changes are still cheap, whoever you build with.

Free and ungated — no email wall. Licensed CC BY 4.0, also on GitHub. Use it, adapt it, share it.
Why This Exists

One question, answered before it's expensive

An architecture review answers a single question: will this system survive contact with real load, real markets and real change — before it is expensive to find out? The checklist below is the same sequence we run on every engagement, described in full on our architecture review page.

The Checklist

Five stages, every box checked

Each stage produces something concrete. If a stage produces nothing written, it didn't happen.

Stage 1 · Days 1–3

Discovery

  • Product goals written down and agreed
  • Hard constraints listed — budget, deadline, compliance, team
  • Launch markets named, including data-residency implications
  • Decisions already made (and unchangeable) identified

Output: a shared, written problem statement

Stage 2 · Days 3–6

System mapping

  • Current or intended system drawn end to end
  • Every request path traced, client to response
  • All third-party dependencies mapped
  • The location of every piece of state made explicit

Output: a system diagram that matches reality

Stage 3 · Week 2

Risk & load review

  • System modelled at 10x launch-day load
  • Single points of failure named
  • Blocking work in the request path identified — email, exports, PDF generation
  • Data-residency gaps checked against launch markets
  • Hot tables and unindexed queries flagged

Output: a ranked risk register

Stage 4 · Week 2

Trade-off decisions

  • Each major call recorded as an ADR — context, options, choice, and what it costs later
  • No decision left implicit
  • Reversible and hard-to-reverse decisions separated

Output: a decision log (ADRs)

Stage 5 · End of week 2–3

Sign-off & handoff

  • Full walkthrough with the owning team
  • All artifacts handed over — the client owns them, build or not

Output: a signed-off architecture you keep

Want us to run this checklist against your architecture?

A free 30–45 minute Risk Review with a senior engineer: your top three architectural risks, ranked, plus a one-page written summary. No deck, no pitch.

Request a free Risk Review
The Proof of Work

Six artifacts every review must produce

However you run the review — with us, in-house, or with another firm — insist on all six. A review that produces fewer is a conversation, not a review.

01

Architecture diagram

What the system actually is — request paths, data flows, third parties and where state lives.

02

Risk register

What breaks first and how badly — ranked by likelihood and blast radius, each with a mitigation.

03

Decision log (ADRs)

Why each call was made — context, options considered, and the cost accepted.

04

Scalability model

What 10x load does to the system, where it bends first, and the order to reinforce it.

05

Cost-to-scale view

What growth costs in infrastructure and rework — so scale isn't a financial surprise.

06

Phased roadmap

What to build first, what can wait, and the sequence that keeps you shippable throughout.

What To Hunt

The failure modes that keep showing up

Patterns we find over and over in systems that felt fine at launch. If your checklist run surfaces any of these, they belong at the top of the risk register.

In the request path

  • Blocking I/O inside requests — p95 latency explodes the moment traffic spikes.
  • No queue, no background workers — exports, email and PDF generation built inline.
  • A single database node with unindexed hot tables.

In the structure

  • State scattered across services with no single owner.
  • Compliance — like EU data residency — discovered after market entry, not before.
  • Hard-to-reverse decisions made implicitly, with no record of the alternatives.

The checklist finds the questions. The review answers them.

Run it yourself — it's yours. And when you want senior eyes on the answers, that's the work we do at HiQByte.