1 Version
2 Terminology
3 Value Proposition
4 Stages of Compliance
5 Categories of Compliance
- 5.1 Deployment Compliance
- 5.2 API Compliance
- 5.3 Requirement Specification Compliance
6 Evaluation Schema
7 Process
8 Not Part of Compliance Concept/Process
9 Overview list of compliance evaluations
10 Other Considerations

Version

Version	Changes	Author

Version	Changes	Author
v1.0	Deleted KDF requirements from Requirement Specification Compliance and changed thresholds to 50/90% Changed name of Interface Compliance to API Compliance	@Steve Conrad @Nico Lueck
v0.3	Level 1 and Level 2 Compliance in different sub-categories	@Nico Lueck
v0.2	Categories of Partially and Fully Compliant	@Nico Lueck
v0.1	Categories of Compatibility and Compliance	@Nico Lueck

Terminology

“Adapter” is a software component transponse data (e.g. HL7 2.5/3.0 <-> JSON Schema) and protocols (e.g. SOAP <-> REST). See also Architecture Specifications: https://govstack.gitbook.io/specification/architecture-and-nonfunctional-requirements/6-onboarding#6.1-adapters
Do not use “product” for “software” because of the risk of confusion with “GovStack products”
Do not use “Building Blocks” for “software” because it is also used to describe the functional scope/the specification, not the software.

Value Proposition

For developers, the compliance check provides information on the ease of software integration (esp. Deployment and Interface Compliance).

For CTOs and procurers, the compliance check provides information for market research, software selection and market offerings to certain requirements (esp. Requirement Specification Compliance)

For communicators, the compliance check provides information on cooperation, alignment and common achievements with the GovStack Initiative.

For software providers, the compliance check enables a transparent demonstration of software functionalities and technical alignment with BB specifications.

For the GovStack Initiative, the compliance check acts as a tool to build up a list of compliant software applications in the GovStack Marketplace and to select BB software candidates to integrate into the Sandbox.

Stages of Compliance

Title

GovStack Candidate Software

Non-compliant Software

Level 1 Compliance

Level 2 Compliance

Def

Software that is potentially compliant

Software that does not fulfill Level 1 criteria of either Deployment, Integration or Requirement Specification Compliance.

Software requires considerable integration efforts.

Software is partially aligned with the GovStack BB Specifications.

All integration scenarios possible.

Software requires minimal integration efforts, if GovStack infrastructure and CI recommendation are followed.

Software is highly aligned with the GovStack BB Specifications.

All integration scenarios possible.

Categories of Compliance

Deployment Compliance

Level 1	Level 2

Level 1	Level 2
Must be deployable via container	To be defined (e.g. provide deployment and configuration scripts (Helm Chart in Kubernetes), run smoke tests )

API Compliance

Level 1	Level 2

Level 1	Level 2
Fulfillment of at least one Service API (via adapter or native support)	Fulfillment of all of the Service APIs (via adapter or native support)
	Fulfillment of all REQUIRED API related requirements in the Architecture BB specifications (ch. 5.1-5.4, 5.6, 5.13)

Fulfillment of APIs can be tested using the provided test harness, see Steps to check compliance against a GovStack API spec

Requirement Specification Compliance

Level 1	Level 2

Level 1	Level 2
Fulfillment of at least 50% of the REQUIRED functional requirements stated in the respective BB specifications	Fulfillment of at least 90% of the REQUIRED functional requirements stated in the respective BB specifications
Fulfillment of at least 50% of the REQUIRED cross-cutting requirements stated in the respective BB specifications	Fulfillment of at least 90% of the REQUIRED cross-cutting requirements stated in the respective BB specifications

Evaluation Schema

Category	Criterion	Level 1	Level 2

Category	Criterion	Level 1	Level 2
Deployment Compliance	Deployability via container		N/A
API Compliance	Fulfillment of Service API requirements	>=1	All
	Fulfillment of REQUIRED API related requirements in the Architecture BB specifications (ch. 5.1-5.4, 5.6, 5.13)	Optional	All
Requirement Specification Compliance	Fulfillment of REQUIRED cross-cutting requirements stated in the respective BB specifications	>50%	>90%
	Fulfillment of REQUIRED functional requirements stated in the respective BB specifications	>50%	>90%

Process

Software Provider Guide

Not Part of Compliance Concept/Process

Security, data privacy or code audits performed by GovStack
Providing developer resources to adapt solution to pass certain criteria

Overview list of compliance evaluations

Other Considerations

For any considerations taken in developing the concept and remarks for future additions to the concept, please have a look at Archive of Conceptual Notesarchived

Software Compliance Concept