Thursday, March 28, 2002
RFP Redux, Outsourcing and More on Quality. I have a few additional considerations to add to Mike's software RFP entry. I also want to share two papers on outsourcing and an excellent journal that is devoted to ISO 9000-3 (also known as TickIT).
Software RFP Items to Consider. Mike ended his entry with the statement that acceptance testing is the buyer's responsibility. The entire QA process in an outsourced software development scenario is complex, and I agree that it responsibility rests on the buyer. A document that was previously cited in Notes from the Field, titled Applying Software Quality Assurance to Outsourced Software Development, provides detailed guidelines for managing this type of development and should be read before the RFP is drafted.
If any of the software development includes open source components you need to consider the ramifications of GPL licensing issues. If not you may find that your application is, by law, also open source and what you think is your intellectual property doesn't belong to you. Read the article titled Lineo's GPL Compliance Tool to get up-to-speed in GPL licensing. Related reading that touches upon intellectual property and a number of other issues is the 25 March 2002 article in eWeek titled Internet Insight: Getting Legal.
Other things to consider when outsourcing software development:
General Outsourcing. I found three documents on general outsourcing that I thought were particularly well written and detailed:
- Clearly define your service level objectives and make them a part of the contract. Mike mentioned this, but they are almost always missing from contracts. Also make sure your change control and release management criteria, and application acceptance policies and procedures are included in the contract terms and conditions. The goal is to align your existing processes with vendor requirements, and this is especially important when it comes to fixes and enhancements that are sure to arise after you've accepted the software for which you've contracted.
- Don't forget security. Regardless of whether open source software is provided as a part of the application for which you're contracting the Open Source Test Methodology is a solid framework for security testing. Use it as the basis for security testing in the acceptance test process.
- Make sure that release notes and build analysis documentation are included in the deliverables listed in your SOW.
Although these documents are not specific to software development, each contains information that does apply to development.
- Outsourcing Impact on Security Issues
- Writing an Outsourcing Contract
- Outsourcing Information Systems
Your TickIT to Quality. As a follow-up to my 24 March entry I want to share a cache of information that expands on the ISO 9000 book I recently reviewed and also provides a lot of information about ISO 9000-3, which is the part of the standard that addresses software and services: TickIT International, which is the quarterly journal of the TickIT software sector quality certification scheme. The First Quarter 2002 issue has an excellent article on quality service delivery, and the back issues are treasures. If you're interested in TickIT see Mike's 9 July 2001 review of ISO 9000-3: A Tool for Software Product and Process Improvement.