CVWO’s work with eldercare centres began in 2007, when we built an IT system for Geylang East Home for the Aged (GEHA) to support their daily operations and simplify the process of generating reports.
Over the years, the original system has expanded to support eldercare centres of varying types (back then, the main types were Senior Activity Centres, Neighbourhood Links, and Active Ageing Hubs), while evolving to stay relevant to operational needs. The overarching goal of these centres is to support vulnerable or lower-income seniors by serving as drop-in centres in the community. There, seniors can socialise with their peers, participate in activities, and be connected to other services. The system has thus helped centres all around Singapore better serve tens of thousands of seniors over the past decade and more.
In 2021, the original system was being actively used by 11 eldercare centres from Care Corner Singapore, GEHA and Sheng Hong Active Ageing Hub. This was also when the Ministry of Health (MOH) and the Agency of Integrated Care (AIC) started rolling out a new eldercare service model, where active ageing-related services will be extended to all seniors across the nation.
Eldercare centres will now serve as a key point of contact for all social-health matters, provide opportunities for volunteering among seniors in their community, and offer the following four main services:
Current eldercare centres will be transitioning to the new model of care from 2021 to 2024 and will be rebranded as either Active Ageing Centres (AACs) or Active Ageing Care Hubs (AACHs) based on the services they provide. Additionally, the number of seniors per centre is increasing substantially from 300–500 to 3000–4000. This makes it crucial for the centres’ operations to be supported by suitable IT systems to reduce manual work.
The 2021 team did an amazing job of porting the previous system, which was built with Ruby on Rails, over to Golang, resulting in higher scalability and improved performance. However, due to the large scale of the project back then, it resulted in little time to push out additional features, especially ones needed to help centres transition to this new model of care.
The 2022 team thus set out to overcome a few key challenges.
Befriending & Buddying
Befriending & Buddying (B&B) is a service where volunteers and staff members would check in regularly on higher-risk seniors. This is a process that is relatively new to most of the existing eldercare centres, and thus these centres require more support from our end to fully transition. As the team last year was focused on rewriting and upgrading the application, they, unfortunately, did not have the time to build a comprehensive set of functionalities to support B&B.
As such, some of the processes on the ground were not supported fully by our system, resulting in workarounds and manual work being done. For example, the recording of visits done under B&B was facilitated via Microsoft Forms, and the use of an external system meant that volunteers had to key in a lot of data manually, and the staff would transfer that information into our system, once again, manually.
This issue becomes increasingly severe as the number of seniors that each centre serves grows day by day. Furthermore, B&B is a high-engagement programme, which meant that scalability is key as the number of seniors and number of volunteers grow.
Security & Access Control
Previously, basic authentication was implemented for the application, but there was no access control framework utilised. What this meant was that all users had access to all functionalities of the application, except for a minute few, which were guarded using hardcoded checks.
Though this was sufficient for the initial launch of the rewritten application, an access control framework needed to be brought in as soon as possible, to not only improve security such that only people who need the data should be able to access it, but to also provide configurability for each centre, since different centres can have different access requirements.
Furthermore, organisations were asking for Two-Factor Authentication (2FA) so that their data and processes can be more secure. This is also in line with the national agenda of improving cyber-security. One specific example where 2FA should be required would be to view a senior’s NRIC number, as enforced by the Personal Data Protection Act 2012.
Scalability to 220+ centres
Bringing a new centre onboard to our application used to be a very manual process. It required the spinning up of relevant databases and infrastructure. Furthermore, there was no way for organisations to manage their centres on the CVWO system easily, should they have more than one centre. They would need to go through each of the separate centre instances, as we are employing a multi-tenancy approach, where each centre is a tenant.
There needed to be some way for both CVWO to efficiently manage organisations that join us, as well as for the organisations to manage their centres and staff members.
To tackle the challenge of manual data collection and entry, as well as the increasing number of seniors that a centre needs to care for, we developed a one-stop mobile-friendly progressive web application for the volunteers to use, which will in turn simplify processes for the centres too.
The app works in conjunction with CVWO’s existing web application, and data would be shared across. Previously, volunteers had to manually key in a lot of information about the senior via Microsoft Forms, e.g. a senior’s name, address, etc. Now, all of this information is pulled directly from the CVWO system - they just need to select who they want to visit.
Furthermore, the application is designed to make data entry extremely easy for volunteers - just a few taps and the visit record would be completed. They can even take a quick photo of an issue that the senior is facing and it will be saved together with the record!
This process of designing a form for volunteers to fill up was, unfortunately, not straightforward, as there is no official requirement for the information to collect for B&B from the government, so every centre had their own standards. Our team thus had to discuss with the various centres to find out more about their requirements, and from there, design a shared form that would satisfy everyone’s needs.
On the centre side, the integration of these two applications means that the staff members no longer need to manually transfer the data from the form to our system, since visit records submitted are already within our system. After volunteers submit their records, a notification is shown on the main application, where staff members can see a list of recently submitted visit records. They can then review the submitted records to ensure that the data is accurate, complete and free of issues, in which case, the records can be approved. This new workflow allows the staff members to now focus on verification instead of data entry, allowing centres to scale up their processes greatly.
Lastly, a number of our volunteers are actually seniors themselves, and many of these seniors primarily converse in their mother tongues. Thus, to allow everyone to meaningfully engage in befriending and buddying, we have also provided multi-language support, and the volunteer can easily switch between languages on the application.
Access Control and Two-Factor Authentication
Traditionally, CVWO uses Role-Based Access Control (RBAC) frameworks for our applications, where staff members have different levels of access to different types of resources based on their roles. This approach is preferred because it allowed the centre managers to configure the permissions for their staff, as reasoning about RBAC is quite intuitive.
Our team, however, was quite ambitious when designing our access control framework. We would still support a RBAC-based user interface for managing permissions, but we wanted to go with a more flexible Attribute-Based Access Control (ABAC) approach, where decisions are driven by policies, which themselves make use of the attributes of the user and the resource being accessed to make a decision.
An example of how ABAC can be more flexible would be when checking if a user (who can be a staff member or a volunteer) has access to a senior’s basic information for B&B purposes. ABAC allows us to:
- Check if the user is a staff member, and if so:
- Check if the staff member is allowed to view information on seniors (as configured by the centre manager). If so, allow access.
- Else, deny access.
- Check if the user (who must be a volunteer, by elimination) is in the same befriending group as the senior. If so, allow them to access the information.
- Else, deny access.
Each of these checks would be a hardcoded block of code if we were to adopt a RBAC approach, whereas each of these checks would just be a policy in our ABAC framework. This leads to not only greater reusability of code, but also cleaner abstractions, since developers just need to code policies that return “Allow” or “Deny”, and the framework does rest of the heavy-lifting. This is especially the case for the check on whether the volunteer is in the same befriending group as the senior - the required logic can be encapsulated within the policy.
In addition, we saw ABAC as a way to integrate 2FA. Not all organisations require 2FA for the same things - some may want their staff members to perform 2FA when updating data for seniors, whereas some may not. It made sense to tie this 2FA checking with access control checks, since 2FA can be seen as another layer of access control.
This meant that the first step above can be rewritten as:
- Check if the user is a staff member, and if so:
- Check if the staff member is allowed to view information on seniors (as configured by the centre manager). If not allowed, deny access.
- Check if viewing information on seniors requires 2FA (as configured by the centre manager). If it does not require 2FA, allow access.
- Check if the user has done 2FA recently (based on cache duration). If yes, allow access.
- Ask the user to do 2FA.
We thus now have a third possible outcome, which is “Need 2FA”. This should trigger a 2FA check for the user.
As no such Golang package exists that fits our need, we implemented our ABAC framework from scratch. We made sure that the framework abstracted away the complexity so that it is easy for future developers to add new policies as required.
We also support RBAC-style management for the centre managers, since as previously mentioned, it is often easier for manager to reason about access control based on the different roles in their centre. Note that this level of management is highly granular, as managers can configure permissions for the creation, reading, updating and deletion of each resource.
2FA was also successfully rolled out together with the permissions, allowing the centre managers to configure when 2FA checks are needed at a fine-grained level. Of course, upon successful verification of identity via 2FA, there would be a duration afterwards where the user would not need to verify again, where their successful authentication is cached - otherwise, they would be doing 2FA for potentially every action, making the system unusable. In addition to 2FA on accessing resources, we also introduced 2FA on login, which guards against unauthorised entry to the system as a whole.
In addition, our team worked on providing multiple means of 2FA, supporting authentication via email, SMS and authenticator applications. This allows staff members to choose any method that they prefer, allowing our 2FA to be easy to configure, and the user experience as pleasant as possible.
To reduce the manual work required for onboarding and to increase the ease of cross-centre management for the organisations, our team designed an admin dashboard that acts as a central platform for managing all centres on our system. This platform would provide greater visibility for both the CVWO team as well as the administrators of each organisation.
The design process was not straightforward, given that the system was designed to support multi-tenancy, with each centre being a tenant. This meant that there is a separate database for each centre. And now, our admin dashboard needs to be able to bring together all the data across all the tenant databases, yet provide a fast and smooth experience for the user. At the heart of this, the key challenge lied in ensuring that shared data across tenants/centres remained synchronised somehow. There were a few possible ways to tackle this challenge - some requiring major refactoring of the database schemas to ensure single sources of truth but resulting in greater coupling between tenants, whereas others required expensive queries for all operations but kept coupling low. After extensive discussion and brainstorming, our team arrived at a solution that provided a middle ground - where minimal changes needed to be made to the schema but allowed for relatively fast queries and synchronisation as a whole.
We thus arrived at an admin dashboard that met our needs. To start off, the admin dashboard allows for an easy onboarding of new centres and organisations, as no longer were manual scripting and database management needed - all the infrastructural complexity has been abstracted away to behind simple forms, increasing the scalability of CVWO in the long run.
Furthermore, the admin dashboard provides one-stop staff management for the organisation administrators, as they can now conveniently view and update the particulars of their staff members, and can just as easily redeploy their staff across different centres.
Lastly, one more factor that increases the scalability of CVWO is how these administrators can now manage their centres’ configurations themselves, a process which used to require the CVWO team to handle. The new admin dashboard interfaces make such updates easy, allowing for greater autonomy and enabling administrators to customize their centres’ applications to suit their needs. For example, some of these configurations include the reports to show on the application.
In addition to all the features mentioned above, our team also worked on enhancing the application and fixing bugs. Some of the more significant improvements are:
- Migrating to Amazon Simple Email Service from basic SMTP, which allows us to have smoother mailing and also a much higher number of free emails per month. This is in preparation for the emails sent for 2FA verification purposes.
- Implementing data encryption at suitable locations, e.g. databases, etc. for improved security.
- Redesigning of existing screens to enhance workflows.
- Improve error handling throughout the application.
- Upgrading the design system used in our application.
- Zhu Hanming (Project Lead, Year 3)
- Richard Dominick (Deputy Project Lead, Year 1)
- Marcus Pang Yu Yang (Deputy Project Lead, Year 1)
- Emily Ong Hui Qi (Deputy Project Lead, Year 1)
- Mai Ting Kai (Developer, Year 1)
- Zhu Yuanxi (Developer, Year 1)
- Tan Yi Xian (Developer, Year 1)
- Bryan Lim Jing Xiang (Developer, Year 1)
- Sng Haoren (Developer, Year 1)
- Lee Zong Xun (Developer, Year 1)
- Shah Devansh Apoorva (Developer, Year 1)
- Wu Changjun (Developer, Year 1)
- Joe Eng Yu Siang (Developer, Year 1)
- Tiang Hui Zheng (Developer, Year 1)
- Lien Cai Ting (Developer, Year 1)
- Quek Jia Zhi, Shaun (Developer, Year 1)
It has been an awesome experience working with these brilliant team members – it was really heartening to see everyone learn and grow over the summer, and I also learnt a lot from each and every one of them. I am glad to have been able to serve through CVWO once again.
I’m very grateful to have been given the opportunity to meet and work with lots of amazing people at CVWO. I learnt a lot of very valuable lessons and am amazed at the amount of good work all of us have been able to accomplish in such a short period of time this summer!
CVWO has transformed my summer into an exciting, intense, and impactful one. I am deeply grateful for the opportunities to work on such meaningful projects, and I am proud to have worked alongside my teammates for the past 3 months.
An awesome opportunity to apply our software engineering skills to interesting problem domains as a team, and learn how to factor in users’ context and requirements to tackle the right problems!
CVWO has been an extremely enriching experience. I developed software engineering experience and seen its immediate, tangible impacts. I’ve experienced it from the top-down: Abstracting from problem statements provided by the clients to quickly delivering code that solves their workflow needs. I am very grateful to be given this opportunity to work with so many talents, from Prof Ben, to my team leads, and my fellow CVWO members!
– Ting Kai
A very fruitful summer! Through CVWO, I have learnt to deal with the complexity of real-world problems and pick up valuable skills. I am extremely grateful for the opportunity to work in such an amazing team on a meaningful project.
CVWO is life-changing. I would not have spent my summer any other way. We meet amazing people, empower voluntary organisations and learn things we would never learn in school. Looking at the future plans for CVWO, I would say things are about to get really exciting from here :D
– Yi Xian
From liaising with clients, analysing requirements and workflow to designing UI/UX and database schemas, CVWO has been a great learning experience for me. I am also glad to have met such great teammates who have continued to inspire and impress me with their work throughout the summer.
CVWO has been a challenging, yet fun experience working together with peers who are passionate about their work. Really thankful for the opportunity to try new things and apply the knowledge that I learnt in school!
I am thankful for the opportunity that CVWO has given me. It has given me a better understanding of myself, my skills and shortcomings, as well as how things learned in the classroom may be used in the real world.
– Zong Xun
CVWO was more than just about software engineering. It was about learning to solve challenging real-world problems, asking the right questions, and doing meaningful work. Overall, an invaluable and unforgettable learning experience!
CVWO has been an enriching journey for all of us. There are many things I have learned as a software developer that I won’t be able to learn in class. I am very grateful to be given this opportunity to work with my amazing teammates while doing something meaningful and serving the community!
My growth as a developer over the summer has been incredible. It was extremely inspiring working with such capable teammates!
While CVWO has been an intense journey, at the end of the day I learnt a ton and had lots of fun. Definitely honoured to be given this opportunity to work with the team, and make an impact to the community in such a unique way :D
– Hui Zheng
From CVWO, I learnt that it is crucial to think about not just the ‘how’ of solving an issue, but also the ‘why’. This has been a truly meaningful experience, and I am grateful to CVWO for giving me this opportunity to learn and work alongside really brilliant people!
– Cai Ting
CVWO has been an amazing opportunity for me over the past summer: throughout these past 3 months, I have not only learnt many new technical skills, but also experienced how to collaborate with others and to interact with clients, among other soft skills that I wouldn’t have had the chance to pick up otherwise. Having also worked with many talented and friendly peers, I have thoroughly enjoyed my time during CVWO as well. Overall, CVWO has truly been an invaluable experience for me, and was a wonderful opportunity to engage in meaningful, impactful work while growing as a software engineer.
We would like to express our heartfelt gratitude to the following people who have been influential and supportive during our project:
- Prof Ben Leong (NUS) for his advice and guidance.
- GIC for their generous support of the CVWO programme.
- Sharon Tang, Daniel Lam, Samuel Chan, Jun Liang Cheong, Angie Poh, Sharleen Lau (Care Corner), Joelyn Liau, Jay Au, Janice Tan (GEHA), Lee Soo How and Rajaletchumiy (Sheng Hong) for their co-operation and support throughout the Active Ageing Centre project.