Maxor Technologies Inc.
[Operating doctrine]

How we work.
Every gate. Every artifact.

Five gates. McKinsey 7S applied to every engagement. Zero pre-sales theater. The signature on the kickoff is the signature on the go-live. This page is the doctrine — what we do, what we won't do, what you receive at each gate.

See what we do

5

Gates per engagement, criteria-defined entry + exit

7S

McKinsey framework applied to every mandate

100%

Decisions documented before code or sealed plan ships

0

Hand-offs between kickoff signature and go-live signature

Doctrine vocabulary
SOW
Statement of Work — the binding contract produced at G2 Scope with testable acceptance criteria.
ADR
Architecture Decision Record — one written record per irreversible decision, peer-reviewed before execution.
RACI
Responsible / Accountable / Consulted / Informed — accountability matrix published per mandate at G2.
RAID
Risks / Assumptions / Issues / Dependencies — live register opened at G2, re-validated at every gate.
STRIDE
Spoofing / Tampering / Repudiation / Information disclosure / Denial of service / Elevation of privilege — threat-model taxonomy.
01 · Doctrine

Five axioms. Non-negotiable.

These are not aspirations. They are the binding constraints on every engagement — written into the SOW, enforced at every gate, audited at go-live. Violation triggers escalation, not negotiation.

AX-01

Reversible decisions documented. Irreversible decisions reviewed.

Every irreversible decision (schema migration, contractual commitment, sealed deliverable, production deployment) requires a written Architecture Decision Record (ADR) reviewed by a peer before execution. Reversible decisions are logged but do not block.

AX-02

The signature on the kickoff is the signature on the go-live.

No mid-project hand-off to a different lead. No agency tier between you and the technical lead. The senior lead who scopes the work delivers the work and stamps the go-live. Continuity of accountability is the deliverable.

AX-03

Documentation is a deliverable, not an artifact.

Documentation is written during, not after. Every gate produces its document set as an entry/exit criterion — not a post-hoc retrofit. The system you operate is the system we documented, version-matched.

AX-04

Bilingual by default. Both versions reviewed.

French and English deliverables are produced in parallel and reviewed by native speakers on both sides. No machine translation passed off as professional copy. The English SOW and the French EDT are legally equivalent — both signed.

AX-05

Assumptions surfaced, not buried.

Every assumption (load case, regulatory band, performance budget, integration contract) is enumerated in writing at scope and re-validated at each gate. Surprise findings get RAID-logged (Risks / Assumptions / Issues / Dependencies). No assumption is silent.

02 · McKinsey 7S applied

Strategy. Structure. Systems. Shared Values. Style. Staff. Skills.

The McKinsey 7S framework (Peters / Waterman / Pascale, 1980) holds that organizational performance is a function of seven mutually-reinforcing elements — three hard, four soft. We apply it to every engagement as a diagnostic and a delivery constraint. Misalignment on any S surfaces before kickoff, not after go-live.

Hard S (structural — visible, easy to change)

Strategy

Hard

The plan to build and sustain competitive advantage.

Compression-first deterministic computing + Canadian sovereign-by-default + dual-pillar (engineer one side, distribute the other). 220 invented systems form the IP moat. Every engagement aligns to one of three revenue lines — no scope drift across lines.

Artifact

Strategic alignment memo at G2 Scope.

Structure

Hard

Org form, reporting lines, accountability boundaries.

Flat senior-led pods. Two-entity model — Maxor Technologies Inc. (Canadian engineering + Canadian distribution) ↔ Maxor Global LLC (Delaware IP + USA distribution). No agency tiers. No PM layer between you and the signing lead. RACI matrix published per mandate.

Artifact

RACI + escalation chart on day 1 of G2.

Systems

Hard

Daily procedures, processes, and information flows.

Five-gate engagement lifecycle (G1 Qualify → G5 Stabilize) with criteria-defined entry/exit. ADR-driven design. STRIDE threat modeling on every system touching auth or data. CVSS 4.0 scoring on every security finding. Bilingual deliverable pipeline. Documentation-first.

Artifact

Process compliance log per gate.

Soft S (cultural — harder to change, more decisive)

Shared Values

Soft

Core beliefs that hold the organization together.

« When the lift can't fail. » Engineering rigor over marketing theater. Same team kickoff-to-stabilize. Documentation is a deliverable. Mistakes are blameless — root causes are not. Customer-pays-for-results, not for our errors.

Artifact

Values clause in every SOW. Quoted, signed.

Style

Soft

Leadership posture, decision-making culture.

Inventor-led, senior-lead-direct. Disagree-and-document — every counter-argument logged in the decision record. No PMs between client and signing lead. Weekly written status note (1 page, prose), never slides. Decisions in writing, conversations on calls.

Artifact

Weekly status note + decision log, shared workspace.

Staff

Soft

People, capabilities, and how they're developed.

Bilingual leads on both pillars (lift + software). No juniors fronting senior work — the lead who scopes is the lead who signs. Domain depth over breadth — lift planning, deterministic software, rigging materials each have their own senior lead. No interchangeable resources.

Artifact

Named senior lead in SOW. Same name on go-live.

Skills

Soft

Distinctive competencies the organization is known for.

Lift engineering + deterministic software + rigging material science + bilingual sovereign delivery. A substrate of 220 invented systems (Heisen routing, Maxor Connect, Maxor Audit, Maxor Sentinel). Distribution depth — exclusive Canadian rights to CRANEbee®, authorized Quebec distributor of Murlink®.

Artifact

Skills matrix mapped to mandate requirements in G2.

03 · Engagement lifecycle

Five gates. Each with entry criteria, exit criteria, and binding artifacts.

Microsoft SDL-grade lifecycle, adapted to engineering + software delivery. No gate skipped. No gate retrofitted. Each gate produces a binding artifact reviewed and signed before the next gate opens. RED-AMBER-GREEN status reported at every gate boundary.

G1

Qualify

≤ 5 business days

Decide if the work fits — without expensive pre-sales theater.

Entry

Inbound contact + 1-paragraph business context.

Activities

30-minute qualification call. Written fit memo enumerating scope, risk, dependencies, regulatory band. Identification of named senior lead. Sovereignty + deployment constraints surfaced.

Exit

Written fit memo + go/no-go decision. No-go is communicated in writing with rationale — clients keep the memo.

Artifact

Fit memo (PDF + EN/FR), 2-4 pages.

G2

Scope

1 to 3 weeks

Convert the fit memo into a binding contract with measurable acceptance criteria.

Entry

Signed fit memo + G1 go decision.

Activities

Statement of Work with fixed boundaries. Acceptance criteria written as testable predicates. RACI matrix published. Strategic alignment memo (7S aware). RAID register opened. Pricing model declared (fixed / T&M-with-cap / outcome-based — see §08). Sovereignty / data-residency constraints written into contract.

Exit

Signed SOW + signed RACI + signed acceptance criteria. Senior lead named, calendar blocked.

Artifact

SOW (EN+FR), RACI, acceptance-criteria predicates, RAID register.

G3

Engineer

Variable — depends on scope, never « TBD »

Build the deliverable to spec with documented decisions throughout.

Entry

G2 SOW signed.

Activities

Design review at 30 / 60 / 90% completion — live walkthrough with client team, recorded. Every irreversible decision gets an ADR (Architecture Decision Record) reviewed by a peer. STRIDE threat model on every system touching auth or data. Weekly status note (1-page prose). Bilingual deliverables produced in parallel — never machine-translated.

Exit

Design at 100%. All ADRs logged. Deliverable ready for validation. RAID register up-to-date.

Artifact

Deliverable + ADR set + threat model + weekly notes + decision log.

G4

Validate

1 to 2 weeks

Prove the deliverable meets acceptance criteria before anything ships.

Entry

G3 deliverable + ADR set + validation plan agreed at G2.

Activities

Peer review by a second senior lead (different from the build lead). Simulation walkthrough for lift plans. Test suite execution for software (per acceptance criteria predicates from G2). Bilingual sign-off — both EN and FR deliverables reviewed by native speakers. RED-AMBER-GREEN status published before client sign-off requested.

Exit

Validation report (pass / pass-with-conditions / fail). Client written sign-off. No verbal acceptances.

Artifact

Validation report (EN+FR), signed acceptance, peer-review record.

G5

Stabilize

30 days minimum

Hand over a system the client can operate without us.

Entry

G4 validation passed + client written sign-off.

Activities

Same team supports go-live for 30 days minimum. Runbook handover. On-call rotation transfer. Bilingual user documentation finalized. Optional managed-service contract (see §08 economics). Post-mortem after first 30 days — blameless, written, shared with client.

Exit

Runbook signed. On-call transferred. 30-day post-mortem completed. Engagement formally closed in writing.

Artifact

Runbook (EN+FR), on-call transfer record, 30-day post-mortem, formal close-out memo.

04 · Per-service frameworks

Four service lines. Four analytic frameworks. Each line has its doctrine.

The five gates are universal. The analytic framework applied inside the gates is service-specific. Lift planning, CRANEbee deployment, Murlink rigging, and custom software each have their own discipline, written below.

Lift planning

Load-path-first methodology.

Engineered lift plans built load-path-first. FEA where applicable. Contingency mapping for crane positioning, lift envelope, swing radius, and wind/load combinations. Ground-bearing analysis is client-supplied (geotechnical) — we consume it as an input, we don't produce it. Sealed deliverables per applicable provincial requirements. Multi-crane tandem ops modeled in CRANEbee before any field execution.

Sequence

Load case → load-path topology → crane selection → rigging plan → simulation → contingency matrix → sealed deliverable.

CRANEbee® deployment

Multi-crane scenario hardening.

Site-specific multi-crane setup. 3D clash detection thresholds calibrated to operation envelope. Scenario hardening — happy path + 3 stress scenarios (wind / load shift / equipment partial-failure) modeled before deployment. Bilingual handover documentation produced for the client's training and operations teams. Operator certification and ongoing usage review remain client-side — we don't operate the cranes.

Sequence

Site model → crane fleet → scenario library → clash-detection tuning → field deployment → bilingual handover documentation.

Murlink® rigging

Dyneema® load-rating verification.

Material match to operation envelope — Dyneema® load rating, temperature band, abrasion exposure, UV cycle. Inspection schedule + retirement criteria written at delivery. Bilingual training for the on-site rigging team. No « install and walk away » — the inspection/retirement protocol is the deliverable.

Sequence

Envelope analysis → material spec → load-rating verification → inspection schedule → bilingual training → retirement criteria written.

Custom software

Deterministic-first architecture.

ADR-driven design. Compression-first deterministic computing where the use case allows (route locally, escalate rarely). SOC 2 control mapping built-in. Bilingual UX from day 1 (not retrofitted). STRIDE threat model on every auth or data surface. Sovereign-by-default deployment — Canadian residency where required, no exception.

Sequence

Domain model → ADR set → threat model → architecture review → bilingual UX wireframe → implementation → validation gate → managed handover.

05 · Quality discipline

Six gates of internal quality. Run before every external deliverable.

Quality is what we ship internally before the client sees anything. Each gate runs before the corresponding engagement gate exits. Failing any quality gate blocks the engagement gate from closing — no override, no « ship it and fix later ».

Q-01

STRIDE threat model before code.

Every system touching authentication, authorization, or persistent data receives a STRIDE threat model (Spoofing / Tampering / Repudiation / Information disclosure / Denial of service / Elevation of privilege) before implementation begins. Mitigations enumerated. Residual risk explicit.

Q-02

Documentation written first.

Internal design documents (ADRs, threat models, runbooks) precede the code or sealed deliverable they describe. If the design doc can't be written, the design isn't ready. No retrofit documentation.

Q-03

ADR for every irreversible decision.

Every irreversible architecture decision — schema migration, contractual commitment, sealed deliverable, production deployment — gets an Architecture Decision Record reviewed by a peer before execution. Reversible decisions logged but not blocking.

Q-04

Bilingual review mandatory.

Every client-facing deliverable is reviewed in both languages by native speakers. The EN version and the FR version are legally equivalent — both signed. Translation drift between versions triggers a re-review cycle, not a hand-wave.

Q-05

30-day stabilization minimum.

No engagement closes before 30 days post-go-live. The same team that built it supports it. Stabilization issues are tracked and resolved before close-out — never deferred to a separate « support contract ».

Q-06

Blameless post-mortem on every incident.

Every production incident triggers a written post-mortem within 24h — what happened, why, mitigation, prevention. Shared with the client. Root cause names systems, not people. Pattern recurrence updates the doctrine permanently.

06 · Communication discipline

How the client interacts with us — by design, not by accident.

Communication is engineered like the rest of the system. Weekly cadence written, decisions logged, no slides for status, no surprise change orders. The asymmetry between « what's said in a meeting » and « what's binding » is eliminated by writing decisions, not minuting them.

Cadence

Weekly written status, never slides.

One-page prose status note every Friday. Covers : what shipped this week, what's at risk, decisions pending, what we need from the client. No slide decks for status — slides hide variance, prose surfaces it.

Reviews

30 / 60 / 90% live design reviews.

At three checkpoints during G3 Engineer, the build team walks the client through the deliverable as it stands. Live, recorded, with the senior lead presenting. Client team challenges, we respond in writing within 48h with decision-log updates.

Decisions

Decision log — every decision, dated, signed.

Every decision (architectural, scope, schedule, materials) is logged with date, rationale, alternatives considered, and signing lead. The decision log is the shared workspace. Conversations on calls — decisions in writing.

Channel

Single-thread contact. No tier hand-offs.

One named senior lead. One thread. No agency tiers, no ticket-juggling, no escalation chain to navigate. The lead who scopes is the lead who builds, validates, and stamps go-live.

07 · Economics & risk

Three pricing models. Each matched to the certainty of the work.

Pricing posture follows the structure of the work. Fixed-price where scope is bounded. Time-and-materials with cap where the unknowns are real. Outcome-based for managed services where we own the SLA. Choosing the right model is part of G2 Scope — never deferred.

Fixed-price

Scoped phases. Predictable.

G1 Qualify, G2 Scope, and any G3 phase with a bounded deliverable are fixed-price. Acceptance criteria are written as testable predicates. We bear the execution risk inside the fence. Client bears scope-change risk outside the fence — formalized via change-order.

Use when : scope and acceptance criteria are written and testable.

T&M with cap

Genuinely uncertain. Capped at the top.

When the work has real unknowns (research-grade engineering, exploratory integration, regulatory interpretation), we bill time-and-materials with a hard cap negotiated at G2. Weekly burn-rate reported. If we approach 75% of cap, we stop and re-scope — not bill through.

Use when : unknowns are inherent to the work, not to the scope.

Outcome-based

Managed services. SLA-backed.

Post-G5 managed service contracts price against measurable outcomes — uptime, response time, incident-resolution SLA. Penalties for breach are written and enforced. Outcome-based is reserved for systems whose performance we can measurably control end-to-end.

Use when : we own the system end-to-end and the outcome is measurable.

What we do not do.

  • Bill for revisions caused by our errors.
  • Hide change orders inside « scope clarifications ».
  • Subcontract the named deliverable.
  • Charge for our own learning curve on new domains.
  • Defer hard pricing decisions to « we'll figure it out as we go ».
08 · Evidence

What proof looks like — every deliverable, every engagement.

Every engagement produces the same evidence set. The artifacts below are not optional, not retrofitted, and not redacted. The client holds the originals in their own workspace — sovereign by default, version-controlled, bilingual where applicable.

01

Statement of Work + acceptance criteria

G2 deliverable. Acceptance criteria written as testable predicates. EN and FR versions legally equivalent. Signed by client + named senior lead.

02

Architecture Decision Records (ADRs)

One per irreversible decision. Includes : decision, context, alternatives considered, consequences, signing lead, date. Peer-reviewed before execution.

03

STRIDE threat model + mitigations

Required for any system touching auth or data. Enumerates threats, attacker classes, mitigations, residual risk. Updated at every architectural change.

04

Validation report

G4 deliverable. RED-AMBER-GREEN status against each acceptance criterion. Pass / pass-with-conditions / fail. Peer-review record attached. Client written sign-off.

05

Runbook + on-call transfer record

G5 deliverable. Step-by-step operational guide. Failure-mode playbook. On-call rotation transfer documented. Client operates without us by 30-day mark.

06

30-day post-mortem

Written at G5 close-out. What worked. What broke. Root causes named. Pattern recurrence updates the doctrine permanently. Blameless, written, shared.

07

Bilingual user documentation

End-user-facing docs in EN and FR, both reviewed by native speakers. No machine translation. Version-controlled, updated alongside the system itself.

08

Decision log + weekly status notes

Shared workspace artifact. Every decision dated and signed. Every Friday status note archived. The audit trail is the artifact.

[Engage]

Scope your mandate.

Tell us about the work — lift, deployment, custom build, or all three. A senior lead responds within one business day. The G1 qualification call is free. The fit memo is binding.

See what we do