Change Failure Rate: What It Is and How to Bring It Down
Change failure rate explained: what it measures, what causes a high rate, and the specific steps to reduce it without slowing down delivery.
In this article:
- What change failure rate actually measures
- Why a high change failure rate is a structural problem
- The connection between technical debt and change failure rate
- How to reduce change failure rate without slowing deployment frequency
- Mean time to recovery as a complementary metric
- Conclusion
Change failure rate is one of the four DORA metrics and, in many organisations, the one that reveals the most about the underlying health of the delivery system. It measures the percentage of deployments that result in a degraded service, an incident requiring a hotfix, or a rollback. For elite-performing teams, DORA research puts this number at 0 to 15 percent. For low-performing teams, it can reach 46 to 64 percent. If nearly half your deployments cause problems, the cost is not just the immediate incidents. It is the cumulative erosion of team confidence, the slowing of deployment frequency, and the drag on every feature that needs to ship. This guide explains how change failure rate connects to software delivery performance and what levers you can pull to bring it down.
What Change Failure Rate Actually Measures
Change failure rate answers a specific question: of all the deployments you made in a given period, how many caused a production problem?
The definition of “caused a problem” needs to be consistent within your organisation. Common definitions include: a deployment that triggered a P1 or P2 incident, a deployment that required a hotfix within 24 hours, or a deployment that was rolled back. The exact threshold matters less than consistency. Changing the definition mid-measurement invalidates comparisons over time.
Change failure rate is calculated as:
(Number of failed deployments / Total deployments) × 100A team deploying ten times per week with one failure has a 10 percent change failure rate. A team deploying twice per month with one failure has a 50 percent rate. The second team might have fewer absolute incidents, but their system is significantly less reliable on a per-deployment basis.
This is why change failure rate must always be read alongside deployment frequency. A team that deploys rarely often does so precisely because they fear failures. That fear is usually justified by past experience, which is itself a signal about system fragility.
Why a High Change Failure Rate Is a Structural Problem
When change failure rate is high, the instinctive response is often to add process: more approvals, longer freeze periods, heavier pre-release testing. These interventions reduce deployment frequency without addressing the root cause. The result is batched releases that are even riskier because they contain more changes.
A high change failure rate is almost always a structural problem. The most common structural causes are:
Insufficient automated test coverage. If the test suite does not catch regressions before they reach production, failures will. This is particularly common in legacy systems where test coverage grew organically and covers the happy path but not edge cases or integration boundaries.
Tightly coupled components. When a change in one service breaks another because of undocumented shared state or implicit contracts, the coupling is the problem. Each deployment is a gamble on whether the affected surface was fully understood.
Manual and inconsistent deployment processes. Steps that require human execution introduce variability. A deployment that works differently depending on who runs it, or that requires manual configuration of environment variables, is a deployment that will fail under slightly different conditions.
Missing or unreliable feature flags. Without a way to decouple deployment from release, every deployment exposes the full change to production traffic immediately. Feature flags allow partial rollouts and instant rollback without a new deployment.
The Connection Between Technical Debt and Change Failure Rate
Technical debt is one of the most direct causes of elevated change failure rate. In codebases where modules are not properly isolated, where side effects are undocumented, and where the test suite is sparse, every change carries risk that is invisible until it hits production.
The mechanism is straightforward. A developer makes a change that appears localised. Because the codebase has accumulated debt over years, there are implicit dependencies that the developer cannot easily discover from the code itself. The change ships, and something breaks that was never visibly connected to the modified code.
This pattern repeats until the team either invests in reducing the debt or accepts a permanently high change failure rate as normal. Neither outcome is sustainable. Accepting failures as normal gradually degrades mean time to recovery as the team stops investigating thoroughly, and accumulating more debt compounds the problem.
A structured approach to technical debt remediation specifically targets these structural causes: increasing test coverage, isolating components, documenting implicit contracts, and standardising deployment processes. The result, when done correctly, is a measurable reduction in change failure rate over a period of weeks to months.
How to Reduce Change Failure Rate Without Slowing Deployment Frequency
The goal is not to choose between safety and speed. The DORA research consistently shows that elite teams have both high deployment frequency and low change failure rate. The path is improving the system, not adding gates.
Invest in pre-production test environments that mirror production. Many failures occur because staging and production differ in configuration, data volume, or service versions. Closing that gap catches failures before they affect real users.
Add characterization tests to legacy code before modifying it. Characterization tests document what the code currently does, not what it should do. They create a safety net for refactoring and reduce the risk of unintended behaviour changes.
Implement progressive delivery. Canary deployments, blue-green deployments, and traffic shifting reduce the blast radius of any single deployment. A failure affects a small percentage of traffic and is caught by monitoring before it scales.
Instrument your deployments with automated rollback triggers. If error rate or latency crosses a threshold within minutes of a deployment, roll back automatically. This reduces the time between deployment and recovery, which directly improves mean time to recovery.
Reduce batch size. Smaller deployments contain fewer changes and are easier to reason about. A team that deploys one change at a time can identify the cause of a failure instantly. A team that deploys twenty changes in a batch spends time bisecting the release.
Mean Time to Recovery as a Complementary Metric
Change failure rate tells you how often things break. Mean time to recovery (MTTR) tells you how quickly you can fix them. Together, these two metrics define the actual cost of failures on your system and your users.
MTTR is driven by different factors than change failure rate. Detection speed depends on monitoring and alerting quality. Diagnosis speed depends on observability: structured logs, distributed tracing, and meaningful dashboards. Resolution speed depends on runbook quality, on-call process clarity, and deployment speed.
A team with a moderate change failure rate but very low MTTR may be operating acceptably, because failures are brief and contained. A team with a low change failure rate but very high MTTR may have a worse user experience, because when things do break, they stay broken for hours.
Both metrics need attention. Improving MTTR without reducing change failure rate normalises breakage. Reducing change failure rate without attention to MTTR leaves the team unprepared when failures inevitably occur.
Conclusion
Change failure rate is one of the most honest metrics you can track about your delivery system. It is hard to game, it reflects real user impact, and it correlates directly with the structural health of your codebase and processes.
Bringing it down requires addressing root causes: test coverage, component isolation, deployment process consistency, and observability. Adding process gates instead of fixing the underlying system will reduce deployment frequency without solving the problem.
Does your codebase have these problems? Let’s talk about your system