Look for a
lock () or https:// as an added precaution. Share sensitive
information only on official, secure websites.
Overview
GovTech will be introducing 3 key enablers to strengthen software delivery i.e. Proficiency Test, Software Delivery Playbook and Quality Metrics progressively in the upcoming months. These will enhance both individual and organisational capabilities, drive transparency and improve collaborations in our partnership for a quality software delivery.
Qualifying the Delivery Team
through Proficiency Test
Standardised tests to ensure a fair and consistent bar to entry for everyone working on govt IT projects
Aligning Delivery Practices
to SW Delivery Playbook
Vendors apply good and consistent software delivery practices in doing govt IT projects
Monitoring and Improving
with Quality Metrics
Standardised metrics to monitor progress and guide continuous improvement
Standardised Quality Metrics
Effective software delivery goes beyond meeting delivery timelines, it is also about quality & risk reduction, which in-turn will strengthen agency-vendor partnerships.
At the minimum, vendors should use the Baseline Quality Metrics to monitor and improve their software delivery. The more ready vendors should consider applying the rest of the metrics.
Note:
- Metrics in purple will be auto-collected for projects already on-boarded SHIP-HATS
- Metrics will be refined iteratively to remain relevant, and be auto-collected where feasible
- The 4 Quality Dimensions (Process, Code, System and Product) is adapted from a research by Google Engineering Productivity Research Team
| S/N | Quality Dimensions | Quality Metrics | What Good Looks Like |
|---|---|---|---|
| 1 | Process | User Story Acceptance Rate | Trending towards 100% |
| 2 | Gitlab & CI/CD Configuration | Trending towards 100% | |
| 3 | Deployment Frequency to Test Environment | Between once per day to once per week | |
| 4 | Deployment Frequency to Prod Environment | Between once per week to once per month | |
| 5 | Code | #Vulnerabilities Vulnerabilities from SAST, DAST, Dependency & Container Scanning and Secret Detection |
No Critical, High or Medium |
| 6 | Bugs Code quality issues from code quality scan |
No Critical, High or Medium | |
| 7 | System | #Sprint UAT Defects | No Critical or High |
| 8 | #Pre-Release UAT Defects | No Critical, High or Medium | |
| 9 | #Open UAT Defects | Trending down | |
| 10 | #Vulnerabilities Vulnerability from VAPT and SSAT |
No Critical or High for the first VAPT report No Critical, High or Medium before Go Live |
|
| 11 | # Business Processes failed Performance Criteria | No Business Process failed Preformance Criteria before Go Live | |
| 12 | # Reliability Defects Defects from Failover & Recover Test, Backup & Restore, Disaster Recovery Test |
No Critical, High or Medium before Go Live | |
| 13 | Product | #Incidents | No High and above and Trending down for Medium and Low |
| 14 | #Incidents Failed SLA | No incidents that missed SLA | |
| 15 | #System Availability | Met SLA | |
| 16 | #Vulnerabilities Vulnerabilities from VA, VDP, GBBP |
No Findings that missed SLA |
Actions you can take
-
For your agency projects still not on SHIP-HATS, discuss with your agencies and start on-boarding soon.
note: SHIP-HATS will automate the capturing & dashboarding of the standardised metrics.
-
Look out for our further announcements in 2H 2025, and follow the recommendations to enable the metrics.
note: For projects that agencies yet to cater SHIP-HATS access, vendors can optionally subscribe SHIP-HATS directly in 2H 2025(estimated) to on-board the projects.
Contact us
For feedback, reach out to us through this form.
Last updated 14 May 2025
Thanks for letting us know that this page is useful for you!
If you've got a moment, please tell us what we did right so that we can do more of it.
Did this page help you? - No
Thanks for letting us know that this page still needs work to be done.
If you've got a moment, please tell us how we can make this page better.