How to Manage Successful Tech Outsourcing Partnerships

How to Manage Successful Tech Outsourcing Partnerships

1. Project Code Implementation

2. GIT Access and SSH Keys

3. Documentation. Documentation. Documentation.

  • Software build process including branching for each environment.
  • Server roll out procedures. Basically how the new release or code is released to the servers.
  • General Pre release checklist
  • General Post release checklist

FREE GUIDE: Managing IT Outsourcing Governance and Partner Relationships

Download Guide

4. Ongoing IT Support Tools Needed

  • Quality assurance requirements are quite important and a full test plan should be requested and maintained by the partners. This can be in the form of an excel sheet that QA teams run on each release or one of the many test pan systems in the market.
  • CI/CD (continuous integration / continuous delivery) pipelines. This is crucial to ensure software releasing is actually automated and doesn’t require manual or human intervention.

5. Accessibility and Security

  • SSH or VPN access to the main platform infrastructure that is correctly rotated.
  • Access to the kube config or the deployment code base
  • Access to the main logs server or software (sentry, kebana, log stash, or just plain server logs server)
  • Monthly owasp zap report. Code changes happen and gets released on each sprint and very often than not new security vulnerabilities will pop up continuously. Oswasp zap gives your the lowest barrier but is indicative of in your face problems that can ring the alarms.
  • Their secret keys management. Given the number of environments and tooling associated with it. How does the partner store, rotate and injects the passwords and main keys to the code build. Do they use a key rotation schedule, or do they use host password software.‍

6. Protecting Intellectual Property and Codebases

  • Do they have a secure firewall on their network and are they designed to monitor internal traffic?
  • Do they have physical access control?
  • Do they have a laptop access policy or are they co-sharing machines?
  • Does your software only run on the target environments that are agreed by your company?‍

7. Mobile and App Management

  • No manual distribution of apps. Apk or otherwise.
  • Make sure the partners are using a proper distribution platform like app center, testapp.Io, google play store or a comparable tooling.
  • Just like with the CI/CD, it is encouraged to also build the app by code so we can always have a programmatic way to generate targets.
  • You will need to keep track of all members internally or externally who installed unverified builds (in testing builds) and have a log of their phone IDs.
  • Their formal procedure to submit the app on the stores and their API backward compatibility checks before production releases.‍

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store