Three verification layers: continuous signals (daily), periodic samples (weekly), structural audits (quarterly) — each catches different failures
Design verification as three independent layers—continuous signals (daily metrics), periodic samples (weekly/monthly spot-checks), and infrequent structural audits (quarterly full reviews)—with each layer optimized for different failure detection at different resource costs.
Why This Is a Rule
No single verification method catches all failure types. Continuous signals (daily metrics) catch acute failures quickly but miss slow drift. Periodic samples (weekly spot-checks) catch drift but miss structural degradation. Structural audits (quarterly reviews) catch deep architectural problems but react too slowly for acute failures. A single-layer verification system has blind spots that the other layers would cover.
Defense in depth — the security principle of multiple independent protection layers — applies to verification. Each layer operates at a different frequency, catches a different failure type, and has a different resource cost. The layers are independent: if one fails (your daily metrics break), the others still function (weekly spot-checks still catch issues).
Continuous signals (daily): automated metrics that track key outputs. Low cost per check, high frequency, catches acute failures within hours. Examples: word count tracking, error rate monitoring, completion rate dashboards. Periodic samples (weekly/monthly): deliberate spot-checks of quality, process compliance, or output accuracy. Medium cost, medium frequency, catches drift before it compounds. Examples: random output review, process adherence checks. Structural audits (quarterly): comprehensive reviews of the entire system's architecture, assumptions, and fitness for purpose. High cost, low frequency, catches deep problems invisible to daily and weekly checks. Examples: full process review, architecture assessment, assumption re-validation.
When This Fires
- When designing verification or quality assurance for any important system
- When a single verification method keeps missing certain failure types
- When building delegation oversight (Classify every task as ONLY ME, COULD DELEGATE, or SHOULD NOT EXIST — then eliminate or delegate everything outside ONLY ME-566) and needing multi-level quality assurance
- When a system fails despite "having monitoring" — the monitoring was probably single-layer
Common Failure Mode
Single-layer verification: relying only on daily metrics. The metrics show green while slow drift (detectable only by periodic sampling) or structural degradation (detectable only by audit) accumulates unseen. By the time the drift becomes acute enough for daily metrics to detect, significant damage has occurred.
The Protocol
(1) For each important system, design three independent verification layers: Continuous (daily): what automated metrics track this system's health? Define 2-3 key metrics with alert thresholds. Cost: near-zero (automated). Periodic (weekly/monthly): what should you manually sample or spot-check? Define the sampling protocol — what to check, how many samples, what quality criteria. Cost: 15-30 minutes per period. Structural (quarterly): what comprehensive review validates the system's architecture and assumptions? Define the audit scope and questions. Cost: 1-3 hours per quarter. (2) Each layer should be independent: if one layer fails to function, the others still operate. (3) Each layer catches failures the others miss: continuous catches acute, periodic catches drift, structural catches architectural. (4) Trust the layers: if all three show green, confidence is high. If any one shows problems, investigate regardless of what the other layers show.