Software development contracts can be built in multiple ways but one thing that should matter the most is software quality. Meetings and calls before the start of product development will help you make a good decision and choose the right software vendor. What to pay attention to? What to avoid? How to learn more about your partner? We made a list of 20 questions to ask when signing a contract with a software development company.
Top questions to ask a software development company
1. Why you?
It’s a tricky question, because every company has its own goals and every product has its own set of challenges. You should always measure the risk. You can make a product with a company that is less experienced and has small profit margins or you can go with a seasoned provider. It can give you experienced, qualified teams, and higher fees. The criteria of choice are always different, but the main question is always the same: can you sacrifice FinTech security and quality?
2. What can you do to assure the security of my project and the product that will be the outcome of the development process?
It’s one of the most important questions you can ask. At the same time, the most complicated one, since the security assurance could be as simple and as complicated as your projects. Everything depends on your regulatory environment and the nature of your product. Security is driven by compliance – make sure that points to check before signing a development contract highlight that topic. Your software development partner should understand the necessity of helping you in that regard.
From the technical point of view, your software provider should watch out for multiple potential security breaches:
- Security headers. Internet browsers can potentially execute harmful code. Securing HTTP headers won’t allow for identity theft, bitcoin mining, taking over the smartphone camera, or any other activity performed by bad actors. There is also a matter of blockade for scripts embedded in contact form – securing them will go a long way for securing the app.
- Encryption. Even if someone breaks in, encryption won’t allow encoding the data.
- Authorization mechanism. The best way to authorize the user goes way beyond a simple password. Things like “at least 6 characters, at least one special character” are a bare minimum. It’s not enough. The OAuth standards bring very good industry guidelines. We recommend the implementation of multi-factor authentication.
- Root access blockade. This mechanism prevents hacked devices from messing with a healthy application’s infrastructure. Listening to application traffic or stealing the bandwidth is not permitted.
- Implementation of SSL/TLS and certificates that encode in-app traffic. Thanks to them, the application can recognize and authorize users.
- Mechanisms for signing server requests. This way the application will know if the traffic is authorized, doesn’t involve 3rd party requests and code, etc.
- Correct implementation of a firewall on the backend. Very popular attacks, like distributed denial-of-service (DDoS) can be prevented by making sure that the configuration of basic tools is correct. Firewall and additional software are a must. Plus, the usage of specialized tools like AWS Shield helps a lot.
These are some basic tactics and tools. Make sure that your top questions to ask a software development company involve security and fraud prevention.
3. How can you help me with achieving compliance requirements for my product?
To properly address this issue, we have to know what requirements have to be added to the project or changed (when we work with legacy code or with refinement). The FinTech sector is vast, and there are a lot of different regulations regarding different types of applications. The key here is your awareness and knowledge about regulations regarding your product.
Through estimating the project’s scope, planning at the beginning of sprints, and working on the code, a good software provider can identify and implement all security measures, as well as functional requirements. Tell your software development partner about the regulatory environment you are in. That can be translated into a working product.
4. How quickly can you start working on my product?
Even an experienced software development partner needs some time to talk with you. Information about your business goals, idea and vision for the product, regulatory environment, security expectations, functional challenges and the possibility of scope pivots determine the start date. We can safely assume that the reasonable time slot is two to four weeks. In reality, that’s one of the most practical points to check before signing a development contract.
5. Who owns the code of my application and where is it physically stored?
You. As Code & Pepper, we recommend storing the code in the client’s repository. This guarantees peace of mind. The client is the owner of the code and can X-ray it at any given time. This way the question of ownership is automatically solved.
6. Can I have a sneak peek into the code while it is being created?
Transparency is very important. Especially in the FinTech sector where users’ data, ways to secure it and ability to match functional requirements are very important. A good software development partner will always let you look at the code in real-time, during the whole process of development. We, for example, encourage the customer to have the code stored internally, so we don’t have to allow for anything.
7. Should I give you a complete set of product requirements or do you have someone who will take care of them?
This is the role of a product owner. This is a specialist that analyzes the product and needed functionalities. The more you can tell about the project, the more can be done at the initial stage of analysis. But generally, the product owner will create a complete set of information and business needs, ready to be translated into development.
8. What will happen if I need to change the project’s scope or its requirements?
For the most part, in the world of software development, Agile and Scrum are used on a daily basis. This approach by definition allows the software development team to make adjustments. In our case, for example, a project manager is responsible for analyzing a potential change and estimating its impact on the entire project. Factors like budget, delivery time, and other elements are taken into account. A software development provider will simply estimate what and how much has to change to make it all happen. Within the budget and time you have before the launch.
9. Will I meet the team behind the development of my product? Is there an option to stay in contact with them?
This is a standard option for any self-respected software development company. An invitation for an in-house Slack channel, the ability to talk with the team during the sprints and open channels of communication should be a standard for any software development partner.
We provide you with all of that. We are also open for face-to-face meetings, at least once throughout the project’s duration. We even recommend it; it’s always good to meet in person and create a roadmap for business relations and development.
10. How often will you show me the results of your work?
Many software development companies work in Scrum, therefore sprints are in use. Sprints are short periods in which companies create the code. They also summarize what has been done (in a form of a sprint review and demo meeting) in this period and present the results to the client. Sprints usually last a week or two; everyday practice shows that’s the most efficient period. Short enough to be manageable, long enough to do serious work. At Code & Pepper, we work with one or two-week sprints, depending on a project.
This is the first part of this text. The second part is coming soon, so stay tuned!