How We Built a Government Compliance Portal in 16 Weeks

The Brief

Fourteen months ago, we were approached by a South African provincial government department with a significant challenge: their compliance document management process was entirely manual, tracked via Excel and email, and creating serious audit risks.

They needed a production system in 16 weeks. Budget was fixed. And everything had to meet government security standards.

Why Government Projects Go Wrong

Most government software projects fail for the same reasons:

**Scope creep by committee** — too many stakeholders, no clear decision maker

**Over-engineering the MVP** — building all possible features before validating core ones

**Technology choices driven by procurement rather than fit**

**No iterative delivery** — waterfall planning that produces a 12-month delivery date

We've seen this pattern repeatedly. Our approach is deliberately different.

Our Approach: Constrained Agility

We proposed a fixed-scope, fixed-cost contract with three two-week sprint reviews with key stakeholders. This meant:

Core features were locked before development started

Stakeholders could see working software every two weeks, not just slide decks

Change requests had a formal, costed pathway (no silent scope expansion)

We could ship to a staging environment by week 8

Technical Decisions

For a government deployment, our non-negotiables were:

Security first:

Role-based access control (RBAC) with audit logs on every action

Data encryption at rest and in transit

Two-factor authentication for all admin users

No external dependencies that could be supply-chain compromised

Infrastructure:

AWS Cape Town region (data residency in South Africa)

VPC with private subnets for all database resources

Daily automated backups with 90-day retention

Stack:

Next.js for the portal (SSR for security, no client-exposed sensitive data)

PostgreSQL with row-level security

Node.js API layer with JWT authentication

The Outcome

We delivered on day 108 of the 112-day project. All acceptance tests passed. The system went live with zero critical security incidents. Compliance submission rates moved from approximately 61% to 97.3% within the first quarter.

The lesson: government software doesn't have to be slow or expensive. It requires discipline, clear scope, and a team that has done it before.

Liam Kruger

CEO & Co-founder

Part of the Keystone Software team, building premium software for South African businesses.

Want to talk about your project?

We'd love to hear what you're building.

Get in Touch