Software Compliance Concept
Version
Version | Changes | Author |
---|---|---|
v1.0 | Deleted KDF requirements from Requirement Specification Compliance and changed thresholds to 50/90% Changed name of Interface Compliance to API Compliance | @Steve Conrad @Nico Lueck |
v0.3 | Level 1 and Level 2 Compliance in different sub-categories | @Nico Lueck |
v0.2 | Categories of Partially and Fully Compliant | @Nico Lueck |
v0.1 | Categories of Compatibility and Compliance | @Nico Lueck |
Terminology
“Adapter” is a software component transponse data (e.g. HL7 2.5/3.0 <-> JSON Schema) and protocols (e.g. SOAP <-> REST). See also Architecture Specifications: https://govstack.gitbook.io/specification/architecture-and-nonfunctional-requirements/6-onboarding#6.1-adapters
Do not use “product” for “software” because of the risk of confusion with “GovStack products”
Do not use “Building Blocks” for “software” because it is also used to describe the functional scope/the specification, not the software.
Value Proposition
For developers, the compliance check provides information on the ease of software integration (esp. Deployment and Interface Compliance).
For CTOs and procurers, the compliance check provides information for market research, software selection and market offerings to certain requirements (esp. Requirement Specification Compliance)
For communicators, the compliance check provides information on cooperation, alignment and common achievements with the GovStack Initiative.
For software providers, the compliance check enables a transparent demonstration of software functionalities and technical alignment with BB specifications.
For the GovStack Initiative, the compliance check acts as a tool to build up a list of compliant software applications in the GovStack Marketplace and to select BB software candidates to integrate into the Sandbox.
Stages of Compliance
Title | GovStack Candidate Software | Non-compliant Software | Level 1 Compliance | Level 2 Compliance |
---|---|---|---|---|
Def | Software that is potentially compliant | Software that does not fulfill Level 1 criteria of either Deployment, Integration or Requirement Specification Compliance. | Software requires considerable integration efforts. Software is partially aligned with the GovStack BB Specifications. All integration scenarios possible. | Software requires minimal integration efforts, if GovStack infrastructure and CI recommendation are followed. Software is highly aligned with the GovStack BB Specifications. All integration scenarios possible. |
Categories of Compliance
Deployment Compliance
Level 1 | Level 2 |
---|---|
Must be deployable via container | To be defined (e.g. provide deployment and configuration scripts (Helm Chart in Kubernetes), run smoke tests ) |
|
|
API Compliance
Level 1 | Level 2 |
---|---|
Fulfillment of at least one Service API (via adapter or native support) | Fulfillment of all of the Service APIs (via adapter or native support) |
| Fulfillment of all REQUIRED API related requirements in the Architecture BB specifications (ch. 5.1-5.4, 5.6, 5.13) |
Fulfillment of APIs can be tested using the provided test harness, see Steps to check compliance against a GovStack API spec
Requirement Specification Compliance
Level 1 | Level 2 |
---|---|
Fulfillment of at least 50% of the REQUIRED functional requirements stated in the respective BB specifications | Fulfillment of at least 90% of the REQUIRED functional requirements stated in the respective BB specifications |
Fulfillment of at least 50% of the REQUIRED cross-cutting requirements stated in the respective BB specifications | Fulfillment of at least 90% of the REQUIRED cross-cutting requirements stated in the respective BB specifications |
Evaluation Schema
Category | Criterion | Level 1 | Level 2 |
---|---|---|---|
Deployment Compliance | Deployability via container |
| N/A |
API Compliance | Fulfillment of Service API requirements | >=1 | All |
| Fulfillment of REQUIRED API related requirements in the Architecture BB specifications (ch. 5.1-5.4, 5.6, 5.13) | Optional | All |
Requirement Specification Compliance | Fulfillment of REQUIRED cross-cutting requirements stated in the respective BB specifications | >50% | >90% |
| Fulfillment of REQUIRED functional requirements stated in the respective BB specifications | >50% | >90% |
Process
Not Part of Compliance Concept/Process
Security, data privacy or code audits performed by GovStack
Providing developer resources to adapt solution to pass certain criteria
Overview list of compliance evaluations
Other Considerations
For any considerations taken in developing the concept and remarks for future additions to the concept, please have a look at Archive of Conceptual Notesarchived