market research data. This should be done during the Vendor Selection process. Clients should ensure that selected vendor has the well documented Information Security Management (ISM) Policy. Vendors need to provide a dedicated project and data server to their clients with audit control access on all the servers. Client should check that the Vendor’s facility is secured with smart card control access and vendor’s development team members have signed the Confidentiality agreements. In addition, the development contract should include clauses for Non-compete, Non-disclosure and non-solicitation.


While selecting a vendor for your software development projects, it is important to understand the vendor’s processes and the methodologies used to execute the projects. It is also important to know how it is different from the in-house approach to software development. Project execution should not be dependent on the personal working style of an individual in the client or the vendor organization; it should really be guided by a well defined and mature software development and project management process.


Companies should select the vendor that follows the industry standards such as CMMI, ISO 9001 QMS certifications.

Once the process is agreed upon and established, constant monitoring to make sure that it is being properly followed is equally crucial. Clients should know what deliverable during the lifecycle of the project are planned and when. Clients should know what is expected of them in terms of reviewing and the approval of the work products such as detailed requirements document, design document, and test cases and their results.

Best results are achieved when clients stay involved with the project, instead of throwing it over the wall. Being involved means reviewing the progress reports, reviewing the finished work products as well as work in progress items, being available for telecons and arranging the proper technical resources to answer vendor’s question related to Client’s products and applications.

As part of the process review, Client should check how many different types of testing vendor should performing on the application. At a minimum, Unit Testing and the System testing must be done and results should be shared with the clients before delivering the software. Multiple rounds of testing is essential to deliver a defect free and robust system.