# Minimum Viable Governance Checklist

## Ownership

- Every subscription or workload has a named owner.
- Support and exception paths are documented.
- Risk owner is named for sensitive or business-critical workloads.

## Baseline Controls

- Allowed regions and high-risk SKUs are controlled.
- Required tags include owner, environment, application, and cost center or equivalent.
- Budgets and alerts are configured.
- Diagnostics and audit logs are enabled for critical services.

## Review Cadence

- Access is reviewed for privileged roles.
- Cost and tag quality are reviewed monthly.
- Policy friction is reviewed and either improved or intentionally accepted.
- Exceptions have expiration dates.