Custom Database Software Development Hiring Critical Success Factors

Software Design And Development – To Proceed Or Not to Proceed
Sometime in the life of a successful company you may arrive at the crossroads of continuing forward with the manual processes you have perfected, or hiring a custom database software design company to write an application to automate these processes. The decision isn’t easy. You can see the clear benefits, but the costs can be significant or downright harrowing.

There are many potential benefits and cost savings to taking the leap, but your decision must consider all factors in order to avoid a project failure that can break the bank. Failure is usually not an option. A good roadmap to success is invaluable in making the right decision.

This post discusses many important factors in hiring a software development company to ultimately increase the chances of success and reduce your risk.

First Research Off-the-Shelf Applications
You should first consider that someone else has possibly already written this application. Research off-the-shelf (OTS) applications before undergoing the effort and cost of a custom software application.

Going the Custom Software Development Route
If you have tried OTS applications and they don’t fill your needs then you need to prepare for future discussions with software development companies.

Gather Requirements
Before you begin discussions with software development and database design companies you need to gather your requirements. This can be anything from a short but specific punch list of features to a document with all details of software features, reports and algorithms that you require.

There are many books on software design requirements so we won’t go into it in any detail here. It is, however, worth noting that you can’t get quality costs and schedules if you don’t have adequate project details.

Here is a minimal list of items to gather:

Features listed in a simple punch list
User groups and permissions descriptions
Reports – the number of reports needed and ideally examples in hard or electronic copy

Once you have this information you’ll be prepared to talk to software developers.

Non-Disclosure Agreement (NDA)
Before you discuss your proprietary information with anyone you should have them sign a Non-Disclosure Agreement (NDA). This legal agreement assures you that the information you divulge in your discussions with the software companies is proprietary and protected, and if they release it to anyone else then you have legal recourse.

Request for Proposal (RFP)
Once you have a your requirements finalized, prepare an RFP that can be presented to contractors. Create a list of recipients for your Request for Proposal and provide the companies a reasonable timeframe to complete their proposals.

Don’t consider any company that won’t promise required costs and schedules. If you don’t find an acceptable company to design and build your custom software system then review the requirements and RFP, create a new list of developer companies and re-issue the RFP.

Selection Factors
Below is a discussion on the factors that you need to consider when making a hiring decision.

Years of Experience in Software Development – there are a lot of fakes
Who Will Do The Work – make sure key personnel will remain involved throughout the life of the project
What Technologies Do They Propose – use the interviews to learn about the technologies and make an intelligent decision
Designer/Architect vs. a Programmer/Developer – compare apples to apples – architects are different than developers
Risk Management – what is their plan?
References – get at least 3 from similar projects
Cost not always the first priority
Schedule – will they meet your required delivery schedule?
Prioritized Selection Criteria
If you just select the lowest bidder you can be making a huge mistake. You need to weight each of categories below based on your company’s priorities, score each company for each of the categories then select the development company based on their total score. The category list is below with the typical priorities first:

Your opinion of the company’s probability of completing the project on schedule and under budget
References feedback
Their technical expertise in the selected technologies
Their developer and management experience in the selected technologies
Demonstrated management processes like source code control, quality assurance, cost control, offsite backups, etc.
Credit rating and general financial stability
Their past performance on previous projects similar to your project
Quality and organization of their proposal
Cost
schedule
Availability of resources
Overall responsiveness and their general project interest
Results of resume review and interviews

Agreements
Once you have selected a company you start the engagement process. The following items protect your company and it’s assets. We strongly recommend that you hire an attorney in your own city and state that specializes in your particular type of business and one that is familiar with software companies and agreements.

NDA Agreement
As mentioned above, before you provide proprietary information to a software development company you should have them sign an NDA to protect your company’s assets and Intellectual Property (IP).

Non-Compete Agreement
When you engage the company to create your custom software application you should have them sign a Non-Compete agreement. This ensures that they can’t take the information you have provided to them and use it in a competitive environment against them.

Custom Software Development Agreement
This is the contract to do work. This agreement is the most important of all as it lays out the specifics of your relationship with the software development company. It should contain both parties’ expectations like:

Payment rates and terms
Who pays what expenses
Licensing information
Any expected warranty’s
Termination terms
Statement of work. The statement of work should be specific and ideally in terms of milestones so you pay as you see progress. Make sure that the statement of work is detailed enough to ensure you get all features you need for project success. Items omitted from the statement of work can be costly if they are added in later phases of the project

Changes to the Software Features
The cost of software changes goes up as the project progresses. If new features are added during the brainstorming phase then the cost may be negligible. If they are added after the requirements are complete then you may have to spend the time reviewing the requirements again to make sure change doesn’t affect them.

The thought to take away from this is that once you sign a contract you’re committed to exactly what you signed off on. Changes can be costly so make sure your statement of work is complete and accurate.

Engineering Change Order
If you do make changes after the process of specification or construction have begun then use a change order form that allows the requester to detail their request and have managers in both organizations sign off on it.

Once the software development company receives it they will put cost and schedule numbers to it. When both parties sign the document it becomes a legal document and an addendum to the main contract.

Web-Based Application Considerations
There are many considerations over and above those of a desktop system if your software will be deployed on the Internet. The largest of these is security. If the data in the system is mission critical then you must protect it. If the information in the database contains credit card or personally identifiable information then you must take even more precautions.

There are laws that govern efforts of Internet-based web design companies like HIPPA and Sarbanes Oxley. There are also standards put in place by industries like the PCI-DSS standard created by the credit card industry to ensure safe and secure eCommerce transactions. A discussion of these topics is beyond the scope of this paper, but if you are going to have sensitive or critical data and information on the Internet then you should investigate the potential laws and risks of having it online – and your developer should point them out.

Internet Application Security
This is a huge topic that is beyond the scope of this paper. Having said that, below are several factors that have to be in order when you create an online application.

Hosting
Self Hosting
If you host a web application yourself then you must concern yourself with all security issues of maintaining a safe network, application and database. You’ll need to continuously scan the server and network for vulnerabilities and keep all applications on it up to date with their security patches. If you are not prepared and capable of doing this then you should not host the application yourself.

Using a Hosting Company
Hosting companies are many times a very cost-effective way to get your web application online and ensure all security issues are covered.

Server Security
The server that hosts your application must have up-to-date security patches for the operating system, the databases and all applications installed on it. If this is not done regularly then you’ll be vulnerable to all of the miscreants that scan the Internet for weak and vulnerable websites that can be used as zombies to send their own messages of peril.

AntiVirus and AntiSpyware
Solid antivirus and antispyware applications must be run on the servers and their databases kept up to date.

Web Servers and Application Development Tools
The web server is a software application that serves the web pages to the browser. You need to patch the web server and all application development tools on the server.

Database SQL Injection
If the application doesn’t specifically write code that prevents Internet users from injecting database commands into the application that can change or delete data in the database them the system will be vulnerable to this type of attack. Needless to say, this can be disastrous.

Cross-Site Scripting
Cross-Site Scripting (XSS) is a vulnerability where malicious code is injected into web pages which are then used in browser exploits and phishing attacks. This must be considered and thwarted in all web applications as it accounts for (currently) 80% of all website security breaches.

Secure Protocols
Secure protocols ensure that the data entered by you in your browser is encrypted between your computer and the web server that is hosting the application. This stops people from reading important login, financial or private information as it progresses through the Internet.

Technologies
There are many technologies and languages that play into an Internet application. If you want your application to be rendered consistently by web browsers and indexed by the search engines then you have to write the code so that it is error free and compliant with World Wide Web Consortium (W3C) standards, as they are the organization that defines the languages themselves.

HTML, XML and XHTML – we recommend using error-free XHTML 1.0 Strict
Cascading Style Sheets (CSS) – use CSS to control your websites look and feel
Server-side Languages – for database interaction. There are many languages to choose from. The most popular are PHP, ASP.NET.
Content Management System (CMS) – allows you to manage your website content yourself instead of paying a developer.

Marketing
There are multiple ways to market your website.

Search Engine Optimization (SEO)
SEO is the process of structuring your site and it’s contents so that it will be found at the top of the search engine results pages (SERP’s) for your selected keywords.
Internet Marketing
Internet marketing is the process of promoting your website after you have SEO-optimized it.
Pay-Per-Click Marketing – get quick traffic and sales to your website
Professional Branding – present a professional front to the world if you are serious about business
Benefit-Oriented and Persuasive Copywriting – your site visitors are looking to solve their problem, not read about you. Be sure your content focuses on this.
Calls to Action, Conversion Funnels and Landing Pages – guide your visitor to the logical endpoint – a conversion
Code Structure and Integrity – make sure your code is clean and error-free for consistent cross-browser rendering and fast page loads.

Conclusion
If you consider the topics listed in this paper you’ll reduce the risk involved in hiring custom software development companies. If you don’t then you may place your company at a significant risk or incur inordinate costs. It is simply a matter of being prepared. If you start the process of talking to software development companies armed with this knowledge then you’ll be better prepared to ask the right questions.