Osky Logo

Canberra Office
7 Geelong Street, Fyshwick
Canberra 2609.

1300 13 OSKY (1300 136 759)

Canberra Office
7 Geelong Street, Fyshwick
Canberra 2609.
KL Office
Galleria Cyberjaya, Cyber 5,
63000 Cyberjaya.
Featured Banner

OSKY Development Methodology SOP

1. Introduction & Team Structure

This document outlines OSKY’s development methodology to ensure structured, efficient, and high-quality project execution. The purpose of this SOP is to provide a consistent framework for delivering projects on time, within scope, and with the highest standards of quality and security.

Team Roles & Responsibilities

RoleResponsibilitiesKey Deliverables/KPIs
Project Manager (PM)Manages timelines, client communication, and sprint goals.Deliver projects on time and within budget.
Business Analyst (BA)Gathers requirements, ensures project alignment with client needs.Clear and documented requirements, signed off by the client.
Tech LeadDefines system architecture, enforces best practices.Scalable and maintainable system design.
Developers (Frontend & Backend)Write code, implement features, integrate APIs.High-quality, bug-free code delivered within sprint timelines.
DevOps EngineerHandles CI/CD, cloud infrastructure, and deployment.Reliable and automated deployment pipelines.
QA EngineerConducts automated & manual testing, validates UAT.Comprehensive test coverage and defect-free releases.
Security Analyst (if required)Ensures security best practices & compliance.Secure systems with no critical vulnerabilities.

2. Project Planning & Pre-Development

Before development begins, we conduct the following steps to ensure a structured workflow:

  • Assessment – Gather project requirements, define objectives, and clarify client expectations.
  • Work Breakdown Structure (WBS) – Outline development tasks, assign responsibilities, and establish dependencies using Redmine.
  • Planning & Timeframe – Create a project timeline based on effort estimation and milestones.
  • Technical Architecture Review – Ensure system design, API architecture, and security measures align with best practices.
  • Approval & Sign-Off – Confirm project scope with the client before development starts.
  • Codebase Initialisation – Set up the project repository in Bitbucket, define folder structures, and establish PSR-2 coding standards.

3. Agile Development & Workflow

We follow an Agile methodology, enabling iterative development and continuous feedback. Our structured workflow includes:

  • Sprint Planning & Task Prioritisation – Features are broken into sprint tasks using a prioritisation framework (e.g., MoSCoW, story points).
  • Daily Standups – Internal team check-ins to track ongoing work and identify roadblocks.
  • Weekly Progress Meetings – Client-facing updates to align on priorities, review progress, and resolve issues.
  • Sprint-Based Development – Work is delivered in two-week iterations, incorporating client feedback.
  • Local Development – Using Docker for environment consistency.
  • CI/CD Automation – Bitbucket Pipelines streamline integration and deployments to reduce manual effort.

4. Version Control & Git Strategy

To maintain code quality and stability, we follow a strict branching strategy:

  • Feature Branches – Developers create feature branches for new functionalities.
  • Development Branch – All completed features are merged here after peer review.
  • Staging Branch – Code is tested in a staging environment before release.
  • Release Branch – Finalised and stable code is prepared for production deployment.
  • Code Reviews & Role-Based Access Controls (RBAC) – Ensuring only authorised team members can merge and approve changes.

5. Quality Assurance & Testing

To ensure the highest standards of software quality, we implement:

  • Automated Unit Testing – Running tests on core functionalities through Bitbucket Pipelines.
  • Selenium Testing – Automated end-to-end testing to validate UI functionality.
  • User Acceptance Testing (UAT) – Clients go through UAT and provide final approval before project completion.

6. Security & Compliance

We integrate security best practices throughout the development lifecycle:

General Security Practices

  • SonarQube – Static code analysis for vulnerabilities.
  • OWASP ZAP – Web application security scanning.
  • Snyk – Automated dependency vulnerability detection.
  • Role-Based Access Controls (RBAC) – Enforced across systems to limit access based on user roles.

API Security Best Practices

  • Authentication & Authorisation – APIs require OAuth 2.0, API keys, or JWT tokens.
  • Rate Limiting – Prevents API abuse.
  • Input Validation & Sanitisation – Protection against SQL injection, XSS, and other threats.
  • HTTPS Enforc – Ensures secure API communication.
  • Logging & Monitoring – API requests are logged, and anomalies are monitored for potential breaches.

7. Deployment & Rollback Strategy

  • Automated Deployment – Bitbucket Pipelines handle staging and production rollouts.
  • Rollback Procedures:
    • Restore from the latest automated backup.
    • Revert to a stable release version in the Git repository.
    • Apply necessary hotfixes and re-deploy after resolution.
  • Blue-Green Deployment (If applicable) – Ensuring zero-downtime deployments.

8. Code Performance & Error Monitoring

We use Sentry and Datadog to ensure system reliability and fast issue resolution:

  • Real-Time Error Tracking – Detecting issues before they affect users.
  • Performance Monitoring – Identifying slow response times or bottlenecks.
  • Incident Alerts & Debugging – Immediate notifications and stack traces for quick fixes.

9. Definition of Done (DoD)

A task or project is considered complete when:

  • Code has passed all unit and integration tests.
  • Peer review has been conducted and approved.
  • The feature has been successfully deployed to staging and tested.
  • UAT has been completed and signed off by the client.
  • Documentation (if required) has been provided.

10. Code Documentation & Handover

Technical documentation will be provided upon client request, including:

  • API References (e.g., Swagger).
  • Deployment Instructions.
  • System Architecture Overview.
  • User Guides (if applicable).
  • Conduct a handover meeting with the client to walk through documentation.

11. Third-Party Integrations

When integrating external APIs, we follow best practices:

  • Clients Provide API Credentials – Ensuring compliance and security.
  • API Usage Limits Are Reviewed – Monitor usage to avoid exceeding vendor quotas.
  • Error Handling & Logging – Implement retry mechanisms for transient API failures.