Best Practice

Top three scorecards every organization needs for operational efficiency

Scorecards allow you to communicate and make progress on what is important to your organization. Based on what I've seen in my career as a long-time Principal Software Engineer at Workday, and now as a Solutions Architect at Cortex, I've put together a list of the three highest-impact scorecards for increasing operational efficiency.

Jeff Schnitter
October 12, 2023

Efficiency has always been a goal for organizations, but recent economic headwinds have made it a priority. Budgets have been stretched especially thin recently, leading many organizations to focus on improving operational efficiency.

Bugs, security incidents and unreliable services can all slow your organization down and distract from delivering on your priorities. Cortex helps you minimize these distractions with its scorecard feature. Scorecards let you set measurable standards for your services, focus your efforts and ultimately spend less time firefighting.

In this article, you’ll learn about scorecards and the advanced Cortex features they enable. To illustrate what you can achieve with them, you’ll see three impactful scorecards that will help you increase your operational efficiency.

What are Scorecards?

The move to microservices has brought increased development velocity, scalability and reliability to many organizations. Splitting up your application into multiple services allows you to scale each part individually and makes it less likely that a failure in one part will bring down the whole system.

Microservices provide benefits, but also introduce complexity. Questions like “is my application secure?” and “what is the overall health of my application?” become harder and harder to answer as the number of services you own grows.

Scorecards assign a consistent set of standards to your services and allow you to answer questions about your application as a whole. Scorecards tame complexity and reduce fire-fighting for your developers, freeing them up to build features. The best part is that you can create scorecards that represent the goals that your organization cares about.

The top three operational efficiency Scorecards

Operational efficiency is a relationship between the inputs (think effort and cost) invested in services and the output produced by those services.  The most efficient organizations will actualize a far greater return on their original investment. This is influenced by a number of factors, including the amount of firefighting and admin work that happens day to day. Scorecards can help you minimize firefighting by setting and communicating measurable standards for your services. The three scorecards below are impactful places to start for any organization.

Security maturity

It’s no secret that an untimely gap in security can be disastrous for your organization. While it’s not possible to guarantee the security of your services, you should aim to follow best practices that minimize risk, and reduce time to identification and resolution when incidents inevitably occur.

A security maturity scorecard can enable you to set baseline standards like connection to all of your existing security and monitoring solutions, as well as more fine-grained requirements like maximum number of allowable vulnerabilities of a certain priority level. 

Example rules: 

  • Critical vulnerabilities detected on the service are fixed within 30 days
  • Service has greater than 80% testing code coverage
  • All of the service’s dependencies are within 2 versions of their latest release
Sample security standards Scorecard

Operational maturity

Operational maturity is a mix of practices that improve software efficiency and time to market, as well as those that reduce swirl when problems arise. The most effective teams know that they need to build for the best while preparing for the worst.

An operational maturity scorecard enables you to set standards for whether your software is using the latest frameworks as well as how prepared your team is to mitigate issues that might arise. 

Example rules:

  • Service has at least two owners
  • Mean Time To Resolve (MTTR) for on-call issues on the service is less than one hour
  • Documentation and runbooks are attached
Sample service maturity Scorecard

Service health

While operational maturity measures your team’s ability to minimize and react to threats over the long-term, service health provides a real-time snapshot of your services’ status.

A service health scorecard measures the likelihood of a customer-impacting problem by looking at the number of bugs and potential issues recorded as well as how often this service shows up during on-call rotations. Services that are healthy are more reliable and unlikely to cause customer issues.

Example rules:

  • Service is connected to fewer than five Jira issues
  • The service’s GitHub repository has fewer than 10 issues with the ‘bug’ tag
  • No on-call incidents involving this service within the last seven days

What can you do with scorecards?

On their own, scorecards help you focus your efforts by seeing how well your services are meeting your operational standards. When you pair scorecards with other Cortex features such as initiatives and reporting, they’re even more powerful. A well-configured Cortex installation is like having an extra project manager on your team.


Setting priorities for your organization is one thing—communicating these priorities clearly and encouraging people to follow them, however, is an art in itself.

Cortex makes communicating and enforcing organizational priorities easier with initiatives. Initiatives are a feature that take one or more rules from your scorecards along with a deadline. They then allow you to track how your services are doing against these rules and automatically send reminders to service owners to make their services compliant by the date you set.

Sample Initiative framework

As  an example, in 2021, organizations everywhere discovered that they were affected by a critical vulnerability in a commonly used open-source library, Log4J. For organizations affected, addressing the vulnerability was a high priority item, and large efforts were needed to identify services that were affected and fix the vulnerability quickly.

This was a painful process for many organizations, as they didn’t have reliable catalogs of the software they had built, nor an easy way to track their progress in fixing the vulnerability.

Cortex’s scorecard and initiative features combine to make incidents like the Log4J vulnerability much easier to handle. Your organization no longer needs to manage spreadsheets and wrangle giant email chains, as Cortex handles all this admin for you. Once you’ve set up an initiative, Cortex takes away the hard work of chasing teams and reporting the current state.

Initiatives integrate both with Slack and Jira. Cortex can make sure the right person gets told about issues in the right way for their workflow. Cortex’s Slack integration can message both channels and individuals and the Jira integration will automatically close any created tickets once Cortex detects the issue is fixed.


Data is useful, but well-presented data is transformative. Cortex ensures that everyone in your organization understands the state of your services at the appropriate level through the reporting feature.

View of reporting options in Cortex

Cortex comes with a comprehensive set of reports built in to help all the roles in your organization understand the state of your services. Executives can get a high-level picture of the performance of the organization, engineering leads can understand how their teams are performing over time, and developers can see the most important tasks for them to focus on at any given time.

As an example, the Bird’s Eye report allows you to see how well your organization is doing against your scorecards at different levels of granularity. You can group performance in the way that best answers the question you are asking.

View of group-by filter in Cortex's Bird's Eye View report

Reports allow you to easily extract value from the data that Cortex centralizes, and they are a powerful replacement for manually constructed spreadsheets. Reports free project managers from tedious admin work and enable them to focus on providing value.


Scorecards are an accelerator for your organizational velocity. They free up your team to work on providing value and greatly increase organizational efficiency. If you’re interested in trying Cortex with your organization, book a demo with our team.

More content is coming to help you build the right scorecards for your organization soon. To be notified as soon as these articles are released, subscribe to our mailing list using the panel to the left.

Best Practice
Jeff Schnitter
What's driving urgency for IDPs?