In recent months, major players such as AWS and Google experienced reliability issues and impacted large and small businesses worldwide. As a result, some companies were down for an entire day and lost millions of revenue.
Financial supervisors watch this scenario and review how critical infrastructure and service providers develop, test, and operate their mission-critical systems. Some organizations are more focused than others because we depend entirely on their availability. For example, payment service firms are such a critical infrastructure provider because nobody could survive if they were down for an extended time in our online world.
Lately, authorities have run more audits on such financial service providers and checked if they have reliability, load, and performance testing integrated into their software development life cycle. As a result, many received a long list of critical findings stating that performance risk management must become a fundamental element of their value stream.
How to close these gaps?
Performetriks is working with businesses in the financial service industry and assisting these organizations in making performance risk management part of their value stream. Usually, we review their current situation, calculate their performance engineering maturity level, compare it to their peers and create a tailored remediation plan.
Over the last 20 years, we've learned to master performance engineering in significant enterprises. As a result, our performance engineering maturity approach is the essence of many successful performance implementations. It cut's out all the time-consuming negative experiences and guides our clients on how to build fast and reliable applications.
The chart below indicates the calculated performance engineering maturity of one of our customers in the financial services industry.
For the customer rated in the chart above, we've created a remediation plan and assisted them in making performance engineering a fundamental part of his value stream. Thanks to this systematic benchmarking approach, we've closed their blindspots within a brief timeframe.
Risk-based Performance Testing
Performance is nothing you can purchase, but it requires permanent care. Like checking and improving software quality, performance testing must become everyone's daily job. To ensure that the performance of IT services becomes the focus it deserves, we implement a risk-based performance engineering approach outlined in the chart below.
Initial Rating of all applications (high / medium / low)
Risk analysis of changes
Load test execution
Results vs Requirements
Establish a process
Continuous performance optimization and feedback
Performance Engineering should not be guess work. Our methodical approach and experience collected in the last two decades allow a quick and successful integration of load and performance testing, performance monitoring and continuous performance optimization. We are here to provide guidance and implement these practices. Contact me today if you are interested to learn more about our services.
Keep up the great work! Happy Performance Engineering!
Supervisory Requirements for IT in Financial Institutions Bankaufsichtliche Anforderungen an die IT – BAIT in the version of 14.09.2018:
IT governance / Paragraph 7:
The management board shall define appropriate quantitative or qualitative criteria for managing those areas responsible for operations and further developing IT systems, and compliance with them shall be monitored. The following elements can be considered when defining such criteria: quality of performance, availability, maintainability, adjustability to new requirements, security of IT systems or the related IT processes, and cost.
IT projects and development / Paragraph 41:
A methodology for testing applications before their first use and after modifications shall be defined and introduced. The tests' scope shall include the application's functionality, the security controls, and system performance under various stress scenarios. The organizational unit responsible for the application shall be tasked with performing the technical acceptance tests. Test environments for performing the acceptance tests shall correspond to the production environment in aspects of the test. Test activities and test results shall be documented.