Software Compliance Concept

Version

Version

Changes

Author

Version

Changes

Author

v1.0

Deleted KDF requirements from Requirement Specification Compliance and changed thresholds to 50/90%

Changed name of Interface Compliance to API Compliance

@Steve Conrad @Nico Lueck

v0.3

Level 1 and Level 2 Compliance in different sub-categories

@Nico Lueck

v0.2

Categories of Partially and Fully Compliant

@Nico Lueck

v0.1

Categories of Compatibility and Compliance

@Nico Lueck

Terminology

Value Proposition

For developers, the compliance check provides information on the ease of software integration (esp. Deployment and Interface Compliance).

For CTOs and procurers, the compliance check provides information for market research, software selection and market offerings to certain requirements (esp. Requirement Specification Compliance)

For communicators, the compliance check provides information on cooperation, alignment and common achievements with the GovStack Initiative.

For software providers, the compliance check enables a transparent demonstration of software functionalities and technical alignment with BB specifications.

For the GovStack Initiative, the compliance check acts as a tool to build up a list of compliant software applications in the GovStack Marketplace and to select BB software candidates to integrate into the Sandbox.

Stages of Compliance

Title

GovStack Candidate Software

Non-compliant Software

Level 1 Compliance

Level 2 Compliance

Def

Software that is potentially compliant

Software that does not fulfill Level 1 criteria of either Deployment, Integration or Requirement Specification Compliance.

Software requires considerable integration efforts.

Software is partially aligned with the GovStack BB Specifications.

All integration scenarios possible.

Software requires minimal integration efforts, if GovStack infrastructure and CI recommendation are followed.

Software is highly aligned with the GovStack BB Specifications.

All integration scenarios possible.

Categories of Compliance

Deployment Compliance

Level 1

Level 2

Level 1

Level 2

Must be deployable via container

To be defined (e.g. provide deployment and configuration scripts (Helm Chart in Kubernetes), run smoke tests )

 

 

API Compliance

Level 1

Level 2

Level 1

Level 2

Fulfillment of at least one Service API (via adapter or native support)

Fulfillment of all of the Service APIs (via adapter or native support)

 

Fulfillment of all REQUIRED API related requirements in the Architecture BB specifications (ch. 5.1-5.4, 5.6, 5.13)

Fulfillment of APIs can be tested using the provided test harness, see Steps to check compliance against a GovStack API spec

Requirement Specification Compliance

Level 1

Level 2

Level 1

Level 2

Fulfillment of at least 50% of the REQUIRED functional requirements stated in the respective BB specifications

Fulfillment of at least 90% of the REQUIRED functional requirements stated in the respective BB specifications

Fulfillment of at least 50% of the REQUIRED cross-cutting requirements stated in the respective BB specifications

Fulfillment of at least 90% of the REQUIRED cross-cutting requirements stated in the respective BB specifications

Evaluation Schema

Category

Criterion

Level 1

Level 2

Category

Criterion

Level 1

Level 2

Deployment Compliance

Deployability via container

N/A

API Compliance

Fulfillment of Service API requirements

>=1

All

 

Fulfillment of REQUIRED API related requirements in the Architecture BB specifications (ch. 5.1-5.4, 5.6, 5.13)

Optional

All

Requirement Specification Compliance

Fulfillment of REQUIRED cross-cutting requirements stated in the respective BB specifications

>50%

>90%

 

Fulfillment of REQUIRED functional requirements stated in the respective BB specifications

>50%

>90%

Process

Software Provider Guide

Not Part of Compliance Concept/Process

  1. Security, data privacy or code audits performed by GovStack

  2. Providing developer resources to adapt solution to pass certain criteria

Overview list of compliance evaluations

Other Considerations

For any considerations taken in developing the concept and remarks for future additions to the concept, please have a look at Archive of Conceptual Notesarchived