Enhancing Product Reliability Through Maturity
Analysis: The Case Study of PT. XYZ
Thomson Palito Napitupulu Maulahikmah Galinium
Master of Information Technology Master of Information Technology
Swiss German University Swiss German University
Tangerang, Indonesia Tangerang, Indonesia
[email protected]
[email protected]
[email protected]
Abstract—This research focuses on enhancing product relia-
bility through System Maturity Analysis, specifically within the
context of PT. XYZ’s application in the open banking market.
Low success transaction rates and recurring defects are the
background for conducting this research. The problem lies in
the complexity of Integration service as it integrates around 80
financial institution services. The research aims to measure ma-
turity using relevant Software Quality Metrics including Defect
Density, Defect Severity Index, Unit Test Coverage, and Operator
Intervention Rate and provide software development practices
using Capability Maturity Model Integration for Development
(CMMI-DEV) framework that can fill the gap between current
practices and best practices in software quality and reliability.
The research employs a mixed approach, using quantitative data
to understand the current maturity of the Integration service and
qualitative methods to gather insights from stakeholders. The
study maps system properties of maturity in Software Improve-
ment Group (SIG) Reliability Model—fault isolation, autonomy,
monitoring, and testing—to the CMMI-DEV process areas which
are then incorporated into the Scrum development cycle. As a
result, PT. XYZ managed to decrease Defect Density and Defect
Severity Index below 2.0, reduce Operator Intervention Rate to
below 7 minutes, and increase Unit Testing Coverage to more
than 50%.
Index Terms—System Maturity Analysis, Software Quality
Metrics, CMMI-DEV, SIG Reliability Model, Scrum
I. I NTRODUCTION
Financial technologies, commonly referred to as fintech,
have fundamentally transformed the banking and financial
services sector by presenting groundbreaking solutions that
significantly improve operational efficiency, accessibility, and
the overall customer experience. The integration between
banks and fintech companies has evolved through various lev-
els, from traditional banking to digital banking, open banking,
and the emerging Open-X banking model [1].
In March 2024, the proportion of digitally active banking
customers utilizing open banking services showed a continued
upward trend, reaching 14% [2]. This implies that one in
seven digital banking consumers currently possesses an active
open banking linkage or has executed a transaction through
open banking mechanisms. Open banking transactions have
surpassed data connections in terms of market penetration,
with 8.2% of digitally enabled customers conducting an open
banking transaction in January 2024, compared to 7.2
Mohammad Achmad Amin Soetomo
Master of Information Technology
Swiss German University
Tangerang, Indonesia
In Southeast Asia, the banking sector faces various risks in
a dynamic and rapidly changing global financial environment.
While specific information on open banking implementation
in Southeast Asia is limited, the region’s banks are adapting
to technological advancements. The Association of Southeast
Asian Nations (ASEAN) banks focus on managing risks,
particularly credit risk, in the face of financial innovation and
economic growth [3].
In this research, the author studied PT. XYZ, one of
the pioneer companies exploring the Open Banking market
in Southeast Asia. PT. XYZ has enabled services in open
banking since 2016, including direct payment, bulk transfer,
customized API payment solutions, and all-in-one payment
infrastructure. In the third quarter of 2024, the executive
board demanded improved web application reliability from the
engineering department, with a commitment to achieve up to
a 95% addressable success rate.
This demand is emphasized by reports that even though
large banks increasingly provide open API architecture to
facilitate collaboration, unique challenges remain in imple-
menting API standards [4]. For example, in the Philippines,
standardization relies on a ”nudge” rather than ”mandate” ap-
proach, which can lead to inconsistencies and slower adoption
compared to countries with stricter regulations. Since PT. XYZ
has more than 10 million API hits monthly, web application
reliability has become a priority.
The research problem focuses on two main areas:
1) The lack of standardized workflow in quality assurance,
particularly in defect prevention processes and testing.
2) The need to establish reliability measurement specific to
the maturity level of Integration service modularity.
This research aims to address these problems by:
1) Analyzing the maturity of Integration service to enhance
the reliability of PT. XYZ’s fintech app product by
measuring with relevant metrics.
2) Providing software development practices to increase the
system maturity level of Integration service by aligning
with software development best practices.
The significance of this study is threefold:
1) Helping PT. XYZ measure reliability and prioritize
improvement areas in Integration service.
 2) Helping PT. XYZ incorporate reliability concerns into
their current software product development process.
3) Providing insights for software product companies and
academic communities to improve their software de-
velopment processes regarding reliability and capability
maturity level.
II. L ITERATURE R EVIEW
A. Product Reliability in Software Engineering
In software engineering, ”product” refers to a software
application or system developed to meet specific user require-
ments and deliver certain functionalities. Software products
may vary from simple applications to complex systems serving
extensive organizations. Product reliability is conceptualized
as the extent to which a software product reliably executes its
designated functions without experiencing failure [5].
The core concept of product reliability revolves around
the systematic assessment and enhancement of a software
product’s performance over time. This involves not only the
initial development phase but also ongoing evaluation and
improvement throughout the software lifecycle. Key metrics
for assessing reliability include Mean Time Between Failures
(MTBF), Mean Time to Failure (MTTF), defect density, and
failure rates [6].
B. Software Reliability Metrics
Several metrics can be used to assess software reliability.
For this research, the following metrics were selected based
on their relevance to the PT. XYZ case:
1) Defect Density: Defect Density is calculated by dividing
the total number of defects by the size of the code (in
thousands of lines of code):
TD
DD = (1)
KSLOC
where DD is Defect Density, T D is Total Defects, and
KSLOC is the total lines of source code in thousands.
2) Defect Severity Index: Defect Severity Index is calcu-
lated using:
Pn
T Di × Wi
DSI = i=1 (2)
TD
where DSI is Defect Severity Index, T Di is Total Defect
per severity category, Wi is the severity weight, and T D is
the total number of defects.
3) Unit Test Coverage: Unit Test Coverage measures the
percentage of code lines executed during testing.
4) Operator Intervention Rate: Operator Intervention Rate
measures how often operators intervene to maintain the sys-
tem, measured in minutes per intervention.
C. Software Quality Best Practices
1) Scrum Framework: Scrum is an agile framework for
managing complex projects, particularly in software develop-
ment. It emphasizes iterative progress through short cycles
called sprints. Scrum incorporates a series of events: Sprint
Planning, Daily Scrum, Sprint Review, and Sprint Retrospec-
tive [7].
2) Reliability in ISO 25010: ISO 25010 divides Reliability
characteristics into four sub-characteristics [8]:
• Maturity: Assesses the frequency of failures in the soft-
ware.
• Availability: Measures the ratio of time during which the
software remains functional and accessible.
• Fault Tolerance: Pertains to the software’s capacity to sus-
tain proper functionality despite occurrences of hardware
or software malfunctions.
• Recoverability: Evaluates how quickly a system can re-
cover from failures or crashes.
3) SIG Reliability Model: The Software Improvement
Group (SIG) Reliability Model, grounded in ISO 25010, sys-
tematically evaluates eight system attributes to determine ma-
turity, fault tolerance, and recoverability [9]. For this research,
four system properties related to maturity were selected:
• Fault Isolation: Examines how well faults in a component
are contained.
• Autonomy: Assesses the system’s capacity to deliver
anticipated services without human intervention.
• Monitoring: Gauges the extent to which operations,
events, and resources are scrutinized.
• Testing: Reflects the system’s capability to manage an-
ticipated peak loads.
4) CMMI-DEV Framework: The Capability Maturity
Model Integration for Development (CMMI-DEV) provides
a comprehensive framework of best practices for process
improvement [10]. For this research, three process areas were
selected:
• Configuration Management (CM)
• Project Monitoring and Control (PMC)
• Verification (VER)
III. R ESEARCH M ETHODS
A. Research Framework
The research framework was designed based on mapping
system properties of maturity to relevant CMMI-DEV process
areas, as shown in Fig. 1. The flow starts with implementing
Configuration Management (CM), which supports Verification
(VER) processes. During implementation, Project Monitoring
and Control (PMC) is continuously performed. Measurements
of reliability metrics (Defect Density, Defect Severity Index,
Operator Intervention Rate, and Unit Testing Coverage) are re-
viewed and discussed with relevant stakeholders. The practices
are incorporated into the Scrum sprint cycle for continuous
improvement.
B. Data Collection
Data collection was conducted through:
• Observation of secondary data (engineering documenta-
tion, testing results, source codes, and operational situa-
tion)
• Interviews with Integration team members regarding cur-
rent process conditions

Fig. 1. Research Framework
For the maturity measurement, the following techniques
were used:
• Defect Severity Index (for Fault Isolation)
• Operator Intervention Rate (for Autonomy)
• Defect Density (for Monitoring)
• Unit Test Coverage (for Testing)
C. Gap Analysis
Gap analysis was performed by comparing current and
desired states of measurement results about the maturity of
Integration service. The gap in current processes was identified
from unperformed processes resulting from the interviews.
D. Designing Practices
Practices were designed by adopting specific goals and
subpractices from the selected CMMI-DEV process areas,
tailored to the maturity of Integration service.
E. Incorporating Practices into Scrum Sprint Cycle
The designed practices were incorporated into the Scrum
events:
• Sprint Planning
• Daily Scrum
• Sprint Review
• Sprint Retrospective
F. Validation
Validation was conducted through:
• Re-measurement of maturity metrics after implementing
the practices
• Interviews with external subject matter experts
The success criteria for validation were:
• Defect Severity Index: <2.0 of DSI score and <2% of
remaining major defects
• Operator Intervention Rate: <7 minutes
• Defect Density: <2.0
• Unit Test Coverage: >50%
IV. R ESULTS AND D ISCUSSIONS
A. Data Collection Results
Initial measurements of the Integration service revealed:
1) Defect Density: The highest defect density score was in
the Fetch Statements use case with a score of 6.54. Several
use cases had scores above 2.0, including Callback, Payment
QR, Session Controller, and Session Tasks.
2) Defect Severity Index: Several use cases had scores
above 2.0, including Callback, Session Controller, Transfer
Funds Controller, and State Machine Manager.
3) Operator Intervention Rate: All occurrences exceeded 7
minutes, with durations ranging from 8 to 15 minutes.
4) Unit Test Coverage: Most use cases had coverage below
50%.
5) Process Assessment: Assessment of selected CMMI-
DEV process areas showed:
• 10 specific practices were fully performed
• 11 specific practices were partially performed
• 3 specific practices were not performed
B. Gap Analysis
Based on the interview with the Engineering Manager, the
success criteria for improvement were established:
• Defect Severity Index: 2% of total major defects
• Operator Intervention Rate: Below 10 minutes
• Defect Density: <2.0
• Unit Test Coverage: >50%
C. Designed Practices
For each process area, specific practices were designed:
1) Configuration Management (CM):
• Identify and select important configurations that follow
certain criteria of importance
• Specify the ownership of work products
• Document key-value information
2) Project Monitoring and Control (PMC):
• Document identified risks and progress in managing the
risk
• Communicate significant changes in risk status to internal
stakeholders
• Gather stakeholder representation for issue analysis
• Document corrective action plans
• Monitor implementation of corrective actions
• Document action progress and results
3) Verification (VER):
• Submit verification plans including methods and tools
• Explore verification tools
• Establish verification criteria and parameters
• Establish satisfaction criteria for peer review
• Perform peer review based on the given checklist
• Communicate issues to relevant stakeholders
• Conduct and improve unit tests and acceptance criteria
• Analyze defects and provide information on reproduction
and resolution
D. Incorporating Practices into Scrum Sprint Cycle G. Expert Validation
The practices were incorporated into Scrum events as fol- Four external experts with backgrounds in e-commerce,
lows: banking, stock exchange, and government technology vali-
dated the approach. Key insights included:
TABLE I
I NCORPORATED P RACTICES INTO S CRUM S PRINT C YCLE • The need to include non-functional requirements such as
response time
Scrum Event Incorporated Practices
• The recommendation to involve QA staff in requirement
1. Identify important configurations
2. Specify ownership of configuration items gathering
Sprint Planning 3. Submit verification plans • The suggestion to automate data collection processes
4. Document identified risks
• The importance of establishing clear RACI matrices for
5. Establish verification criteria
1. Explore verification tools responsibilities
2. Perform peer reviews
3. Communicate issues to stakeholders V. C ONCLUSIONS AND R ECOMMENDATIONS
Daily Scrum
4. Conduct and improve unit tests
5. Analyze defects for reproduction/resolution A. Conclusions
6. Monitor corrective action implementation
1. Document key-value information This study successfully analyzed the maturity of PT. XYZ’s
Sprint Review
2. Communicate risk status changes Integration service using relevant software reliability metrics:
Sprint 1. Document corrective action results
Retrospective
Defect Density, Defect Severity Index, Unit Test Coverage,
and Operator Intervention Rate. These measurements provided
visibility into critical areas of the Integration service and
E. Framework Implementation helped prioritize improvements.
The research also provided tailored software development
Implementation of the research framework included:
practices derived from CMMI-DEV process areas (Configura-
• Identification of configuration items by Product Manager
tion Management, Project Monitoring and Control, and Ver-
and Senior Developer ification) and incorporated them into the Scrum sprint cycle.
• Establishment of change tracking for configuration items
After three sprint cycles, three out of four success criteria were
• Setup of Terraform integration with Jira for configuration
fully achieved, with Defect Severity Index partially achieved.
integrity
• Creation of discussion sessions for requirements and B. Recommendations
acceptance criteria
Based on the results, the following recommendations are
• Peer review sessions with checklists
made:
• Regular progress monitoring and communication
• Analysis of alternatives for authentication methods • Include feature flags and A/B testing configurations in

• Documentation of issues and resolutions configuration management

• Develop real-time visualization of quality metrics using
F. Validation Results Grafana
After three sprint cycles of adopting the tailored practices, • Improve spike ticket documentation with detailed infor-
the results showed: mation about approaches
• Implement monitoring for transaction performance during
TABLE II peak hours
VALIDATION R ESULTS
• Explore the TMMI framework to enhance testing prac-
Metric Success Crite- Result Status tices
ria
• Define clear RACI matrices for each responsibility
Defect Severity <2.0 All <2.0 with 1 Partially
Index major defect Achieved • Conduct performance testing alongside functional testing
Operator <7 minutes 4-5 minutes Achieved
Intervention C. Future Work
Rate
Defect Density <2.0 All <2.0 Achieved Future work could include:
Unit Test Cover- >50% All >50% Achieved
• Development of real-time measurement dashboards
age
• Exploration of fault tolerance measurement and improve-
ment
Improvements were achieved through: • Investigation of recoverability measurement and enhance-
• Distribution of senior engineers to critical use cases ment
• Intensive communication in daily scrum events • Analysis of methods for defining bug criticality scientif-
• Integration with third-party authentication platform ically
• Implementation of Test-Driven Development • Continuous validation of the framework to identify miss-
• Optimization of deployment pipelines ing or irrelevant practices
 R EFERENCES
[1] P. M. Rubanov, ”Transformation of the banking sector in the digital era,”
, vol. 4, 2019.
[2] ”The Open Banking Impact Report,” Openbanking.org.uk, Mar. 2024.
[3] A. B. Khan et al., ”Financial innovation, sustainable economic growth,
and credit risk: A case of the ASEAN banking sector,” Frontiers in
Environmental Science, vol. 9, p. 729922, 2021.
[4] ”Is Southeast Asia ready to embrace open banking? An Executive
Insights Report on Open Banking Readiness in the Philippines, Indonesia
and Thailand,” Brankas, 2024.
[5] S. K. Park, ”A comparative study on the property of nhpp software
reliability model based on shape parameters of exponential family
lifetime distribution,” International Journal of Engineering Research and
Technology, vol. 13, no. 5, p. 873, 2020.
[6] Y. Wang, J. J. Yang, and N. M. Mbiye, ”Effectiveness and suitability
of the automotive ehps software reliability and testing,” Advances in
Science, Technology and Engineering Systems Journal, vol. 6, no. 3,
pp. 205–212, 2021.
[7] K. Schwaber and J. Sutherland, ”The scrum guide,” Scrum Alliance,
vol. 21, no. 1, pp. 1–38, 2020.
[8] ”ISO/IEC 25010:2011 Systems and software engineering – Systems and
software quality requirements and evaluation (SQuaRE) – System and
software quality models,” International Organization for Standardization,
Geneva, Switzerland, 2011.
[9] Software Improvement Group, ”SIG Evaluation Criteria for Reliability,”
2020.
[10] CMMI Product Team, ”Capability Maturity Model Integration (CMMI-
DEV),” Software Engineering Institute, 2009.