Outsource smarter

Security and Contractual Aspects in Software Outsourcing Development

June 18, 20206 min read

Among all the factors that come to mind when we get ready to evaluate a custom software development provider, these two—security and contractual aspects, often come last. But they're certainly not the least when it comes to partnering with a business partner for the long term.

Before you go any further... would you like to listen to this instead of reading?

Or watch the video perhaps?

If you want to easily copy some notes, continue reading.

Now, when we talk about going over their security standards, you’d need to ask these questions: How safe will your project be with the provider? Do they have standard security protocols in place in case some unforeseen issues arise? How often are their physical offices being monitored? Do they have a business continuity plan?

At the same time, the contractual aspects would require you to assess their rates and whether they’ve previously worked on projects similar to yours. What is their model of engagement? And in general, how cost-efficient would a partnership with them be for you?

As a co-founder of Arcanys, I’ve gone through this process many times before, and I know that sometimes these last couple of factors can make all the difference. It is therefore very important to pay as much attention to this part of your evaluation as the other previous factors.

Before making that final decision and hiring your software development outsourcing company, you should ensure that the provider has, in place, security protocols that are above industry standards, or at least up to par with it. Firstly, priority should be given to the security of the premises, and protection of the IP and source code. Lacking these minimum requirements from the potential provider should cause you to think twice about signing with them.

There may be other areas relevant to your particular situation, but at the very least, security protocols should cover the following:

  • Physical access control and monitoring
  • Equipment access and security
  • Physical security monitoring
  • Fire and smoke protection
  • Network security controls
  • Business Continuity and Disaster Recovery planning

It’s imperative that you understand the terms of the agreement before going too deep in the discussions. If you only find out later that your requirements are over what the provider is willing to work with, then you'd have already wasted a lot of time and effort. After all, nothing is worse than spending months discussing a collaboration when there are misalignments in the pertinent aspects of the contract.


Perhaps one of the most decisive factors when contracting any service is the cost. What are their rates? You may be given an hourly or monthly rate, but what exactly does this figure include? Make sure you understand what the quoted rate encompasses, and find out beforehand if there may be hidden costs associated with each hire.

Model of engagement

Software providers have varying engagement models. Some are willing to engage in fixed-price models, while others are not (I've explained the differences here). It usually depends on the types of projects and the expertise of the provider. If you are looking at a team extension engagement, make sure that you can assess every recruit and know exactly who is working on your project.

Even when you are satisfied with the team assigned to you, I strongly recommend that you regularly check up on them, so you're sure that they really are the developers working on your project. Some unscrupulous providers start with putting their A-team on the project only to switch them to more junior developers as time goes by. This won’t happen to you if you are constantly kept abreast of each team member’s progress.

Previous projects

Most businesses seek outsourcing options for cost reasons. But while cutting the cost by half is a nice benefit of outsourcing, it’s definitely not always the most important. The flexibility, speed, expertise, and access to a pool of resources that you don’t have the luxury to maintain in-house are among the side benefits of outsourcing. Coupling these additional benefits to costs then makes outsourcing an extremely valuable proposition.

The most reliable providers often have more experience and maturity in running software projects, as they have seen hundreds of various configurations and solved dozens of common software development issues. Having those said qualities makes them more qualified to turbo-charge your organization. So don’t look at rates or costs alone, but evaluate these alongside what their experience and expertise can bring to your company. **

With a provider offering reasonable rates, you should be able to bring down costs by half on average, reducing your burn rate for the same output. Add the benefits enumerated above, the value for money you get out of a good partnership is even greater. Keep in mind that the additional leverage you get from working with an outsourced partner is that you get flexibility in your team.

Now flexibility means that your payroll is not necessarily a fixed cost, but can become variable depending on your needs. Thanks to ramp-up and ramp-down clauses (that should be included in your negotiations), as well as a wide range of services you can use on-demand, you don’t have to allocate full-time dedicated resources for the long-term. This way, you minimize costs and maximize resources, while still having the team you need when you need it.

Read more here about what the concept of “value for money” really means in the software development outsourcing industry.

Risk-free trial

Some providers are willing to go the extra mile to gain your trust and offer a risk-free trial. This is a great way to assess their capabilities without any costs involved, but be aware that there may be some restrictions linked to this setup. For example, the provider may showcase their work and expertise, but they likely will not deliver any code since it’s a trial without monetary exchange at first. But then again, a free trial should give you a firsthand understanding of how they onboard a project, the quality of the developers in their roster, and whether you feel comfortable working with them.

Another benefit of this is that if a provider is willing to offer a risk-free trial, it shows that they're confident of their capabilities, which is a step towards transparency and building trust with you. In most cases, if you decide to continue with the partnership after the trial, any code generated during that period will be transferred to you. It’s a solid way to start a collaboration.

I hope that this article has equipped you with the knowledge you need to ensure a safe outsourcing partnership for your organization. If you still have any questions regarding any of the topics discussed, feel free to drop us a line anytime. We’d be happy to assist further!

Frederic Joye

Frederic Joye

Arcanys co-founder

Frederic Joye

Arcanys co-founder

Fred had been working on IT and operational projects in the finance and software industry in Switzerland for 10 years before co-founding Arcanys in 2010. With nearly 20 years of experience in the industry in Switzerland, Hong Kong, and the Philippines, Fred is now leading the worldwide sales and marketing efforts of Arcanys.

Need a better tech hire option?

Let’s connect