Skip to content

QBR Delivery Guide — Client Cloud Posture Report (V5)

How to produce and deliver the Client Cloud Posture Report for a Quarterly Business Review (QBR) or retention/upsell touch. The report is generated by apps/posture-report/ (asset V5) and is the periodic, exec-facing companion to the live J8 Client Overview dashboard.

Why this exists

For an automation MSP, invisible value drives churn. This report makes the guardrails, backups, DR drills, incident handling, and compliance work SnowOps runs visible — organized by deliverable, in the client's language. It is the Y11 customer-success/expansion artifact and a sales proof asset ("Baseline → here's what Advanced lights up").

Inputs to gather (per client, per period)

Each is a versioned artifact an existing SnowOps tool already produces. All are optional — the report degrades honestly when one is absent.

Input Produced by Lights up
E0 compliance snapshot apps/evidence-collector (wired to C1) Your guardrails + fallback grade
S2 dashboard model.json apps/compliance-dashboard Your compliance posture (Advanced)
S4 scorecard model.json apps/compliance-scorecard-generator Executive-summary grade (preferred)
L5 RTO/RPO model.json apps/rto-rpo-doc-generator (← L1/L4) Your data is protected
V2 diagram (.d2/.svg) apps/diagram-generator Architecture
K4 PIR report (optional) apps/post-incident-review Incidents we handled (Advanced)

Cost governance is intentionally a roadmap section until a FinOps producer (U4/U5) ships — it states "not yet wired" rather than fabricating a figure.

Generate

cd apps/posture-report && npm ci && npm run build
node dist/index.js \
  --client-name "<Client>" --branding <branding.json> \
  --scorecard <s4-model.json> --snapshot <e0-snapshot.json> \
  --dashboard <s2-model.json> --rto-rpo <l5-model.json> \
  --diagram <v2.d2> --incidents <k4-report.json> \
  --out-dir ./out --pdf

Or let CI do it: the Posture Report (V5) workflow (.github/workflows/posture-report.yml) runs monthly + on dispatch and uploads a PRIVATE artifact.

Deliver

  1. Review before sending. Posture data is sensitive — treat the artifact as confidential (it is a private CI artifact by default).
  2. Open out/posture-report.html (self-contained — safe to attach) or out/posture-report.pdf. Lead the QBR with the Executive summary grade.
  3. Walk the Baseline sections (what's already protected), then use the "What else SnowOps can light up" upsell teasers to frame the Advanced package for any [Advanced] section the client isn't yet on.
  4. Pair with the live J8 dashboard for clients who want real-time visibility between QBRs.

Cadence

Quarterly for QBRs; the workflow's monthly schedule keeps a fresh artifact available for ad-hoc retention/expansion conversations.