Standard : Upgrade & Maintenance Compliance
Description
Upgrade & Maintenance Compliance measures the percentage of systems, libraries, or components that are running on supported versions. It helps ensure security, reliability, and maintainability.
How to Use
What to Measure
- Count of components or dependencies on supported versions.
- Total number of components in use.
Compliance Rate (%) = (Components on Supported Versions ÷ Total Components) × 100
Example: 80 of 100 components up-to-date → 80% compliance.
Instrumentation Tips
- Use automated dependency scanning and patch management tools.
- Track compliance at system and portfolio levels.
- Visualise trends to encourage proactive upgrades.
Why It Matters
- Security posture: Reduces exposure to vulnerabilities.
- Operational stability: Prevents issues caused by outdated components.
- Future readiness: Ensures compatibility with modern tooling.
Best Practices
- Define SLAs for upgrades (e.g. patch within 30 days).
- Automate dependency updates where possible.
- Include compliance metrics in release readiness checks.
Common Pitfalls
- Ignoring transitive dependencies in open-source packages.
- Postponing upgrades until end-of-life dates.
- Failing to track compliance across the full stack.
Signals of Success
- Rising compliance percentage quarter over quarter.
- Fewer incidents caused by outdated components.
- Reduced upgrade effort due to continuous patching.
- [[Security Vulnerability Remediation Time]]
- [[System Reliability Metrics]]
- [[Technical Debt Ratio]]