>
Offshore Technical Due Diligence
Welcome, Guest

by Rumika on Thursday, 18 June 2009
Offshore Technical Due Diligence


A couple years ago I went through a technical due diligence (TDD) of several relatively small offshore vendors. The vendors were providing product development services for one of my clients, the vendors also supported operations of the SaaS for all of the products. The client had fully outsourced s/w product development and support to those vendors and retained practically no technology resources internally with exception of MIS / SaaS IT support.

The goal of the TDD process was to asses whether the vendors are efficient and can continue performing fairly complex projects involving working with sensitive information. There are a couple important distinctions here:

    * The vendors were in large degree focused on the product development for my client and the rest of their business was relatively small.
    * The vendors have been performing services for a number of years with very light oversight from the client’s side.
    * The quality of work to date has been on a low side yet deemed sufficient for the money.

As you can imagine results of the TDD was vitally important for the vendors as well as for the client. I will cover some findings and specific areas that I would recommend to focus on in other post(s). At this point I would like to concentrate on general framework / outline of the TDD process I employed on this specific engagement.

TDD included three distinct components – Technical Capability Analysis, Resources Assessment, and lightweight Information Security audit. The budget for TDD process in terms of $$ and time allocation was exceptionally small, so I had to stay just a few notches below high-level TDD, I would be hard pressed to call it a midlevel TDD.

The questionnaire I developed for the process is presented below (I took out the parts which are completely proprietary or overly specific for to this engagement). The questionnaire was used as the outline of the TDD process. The vendors had to answer the questions prior to meeting me. That allowed us to concentrate only on the areas where I found mismatch, drill in on specific areas of concern, or do the answer verification. Some of the questions were fairly generic and I was prepared to see just brief pointers in the answer and discuss underlying details at the meeting.

For staff assessment of course the most important element was interviews.

InfoSec audit was exceptionally light with interviews and on-site survey being the major components.

To see the questionnaire just follow this link – Offshore TDD. I think whether you are about to run technical due diligence on your offshore vendor(s) or are about to be audited you will find it helpful.

May 22, 2009   Posted by Nick Krym



Blogger Image
My Blog Title

Product Engineering, software engineering company, Product Development, Product Migration, Product Re-engineering, Product Maintenance, Product Testing Commercial Application Development, Business Software development, commercial software for startups, Application Support and Maintenance, software testing Product Maintenance, Outsource product maintenance, product support and maintenance Product Migration, Product Re-engineering, product re-engineering services Product Research, Product Engineering, UI Prototyping Services Software Testing Services, Quality Assurance services, professional software testers, Load Testing, Functional Testing, Cross Platform, Browser Testing, Test Automation, Testing Tools, software quality analysis Functional Testing Services, software quality analysis, Software Testing Services, Application Testing Services, Functional Testing Types Automated Testing, Automated Testing Services, automation testing, test script development, Automation Test Tools, outsource automation testing Load Testing, Performance Testing Services, Load Testing Tools Offshore Software Development, Outsource software services, offshore outsourcing services, offshore software development services, IT outsourcing services, software quality assurance services, Offshore IT services, Custom Application Development Services, Offshore Product Engineering Benefits of IT Outsourcing, Offshore Software Development companies, offshore software development firms Outsource planning, IT outsourcing, IT development services, offshore IT companies, offshore software development Offshore Software Development, Outsource software services, offshore outsourcing services, offshore software development services, IT outsourcing services, software quality assurance services, Offshore IT services, Custom Application Development Services, Offshore Product Engineering Offshore Software Development, Outsource software services, offshore outsourcing services, offshore software development services, IT outsourcing services, software quality assurance services, Offshore IT services, Custom Application Development Services, Offshore Product Engineering