The following text covers light weight Technical Due Diligence questionnaire, its use was covered in a post Offshore Technical Due Diligence.

Technical Capability Analysis

Processes

General

What process (ISO or CMMI) or vendor (Oracle, Sun, etc.) certification(s) does the organization have?
How and when the certification was obtained?
What is the current level of compliance with the
requirements of certification? How is measured?
Does the vendor follow a formal SDLC?
What methodology is used?
Is the methodology applied to all development projects / streams?
What is the level of compliance with the SDLC methodology?
How is measured?

Requirements Gathering

What methodology / processes are used for requirements gathering?
What methodology is used for product change request process?
What systems and tools are used for requirements management?

Functional Design

What artifacts are produced during functional design stage?
What systems and tools are used for functional design?
What is the level of compliance across product line and legacy?
What methodologies are used to optimize user experience?

Development

What methodology is used for development process?
What systems and tools are used for development workflow management?
What is percentage of Unit Test code coverage?
What artifacts are produced during development stage?
What systems and tools are used for maintaining technology artifacts?
What methodologies are used to minimize Escape to QA ratio?
What are resource allocation ratios for R&D, sustenance and production support?
What is an approximate size of the application in terms of lines of code?
What is an approximate size of the application in terms of database tables?
What percentage of source code has sufficient documentation?

Quality Assurance

For each major release what is the scope of the following tests?

  • Functional test
  • Regression test
  • Cross-browser testing
  • Smoke test
  • Performance test
  • Load test
  • Stress test
  • Security test
  • Usability test

For each minor release what is the scope of the following tests?

  • Functional test
  • Regression test
  • Cross-browser testing
  • Smoke test
  • Performance test
  • Load test
  • Stress test
  • Security test
  • Usability test

What is a regression test coverage? How is it measured?
What percentage of regression test is automated?
What is duration / required effort for performing a full cycle of regression test?
What tools are used in QA operations?
What systems are used for QA workflow management?
What QA metrics are tracked and what are the current levels?

Build & Release

What is the frequency of major releases?
What is the frequency of minor releases?
What is the frequency of patch releases?
What tools are used in B&R operations?
What percentage of the build process is automated?
What percentage of the deployment process is automated?
What is duration / required effort for performing a full
cycle of build and deploy process?
Is Continuous Integration in place?
Are there elements of the system maintained outside of the
source control?

Project Management

Does the vendor utilize Project Management?
What methodology is used?
What system tools and tools are in place for Project Management?

Product Management

How does the vendor work with Product Management?
What system tools and tools are in place for Product Management?
How are the product and technology priorities defined?

Knowledge and Competency

What systems and tools are in place for knowledge management?
What systems and tools are in place for competency management?
What systems and tools are in place for employee evaluation?

System Architecture

General

What is the solution high-level architecture?
Is the architecture cohesive across all product lines?
What industry standards does the system support?
What application servers are used?
What RDBMSs are used?
What frameworks are used?
What main design patterns are used?
What are the main third party components utilized by the system?
What are the main items on the technology roadmap?
Are there any large technology initiative that change system fundamentals?

Reliability and Scalability

What is system scalability approach?
Is application clustering in place?
Is database clustering in place?
Is database federation in use?
Does application support safe failover?
What reliability and scalability metrics are tracked?
What is the methodology used for capacity control?
Are there any SLAs in place the cover reliability metrics?

Integration

What is the solution high-level architecture for integration with external systems?
Is the integration architecture cohesive across all product lines?
Does the system expose external APIs?
What industry standards does the system support?
What are major third party systems the application integrates with?
Integration with what systems is currently in production?

Environments

What minimum number of logical servers institutes a single system?
How many server instances institute a production system?
How many server instances institute a staging system?
How many server instances institute a QA system?
How is integration sandbox environment handled?

Hosting

What OS(s) are used in production?
Is OS and System patching automated?
Are all major components of the system properly licensed?
What level of redundancy is maintained for networking equipment in production environment?
What level of redundancy is maintained for system servers in production environment?
Does the organization utilize virtualization?
Does the organization have formal production change control?
What systems and tools are used for internal production control and monitoring?

Technical Support & System Monitoring

Internal Tech Support

How is technical support organized and managed?
What is a workflow for production defects from discovery to closure?
What systems and tools are in place for technical support workflow?

External Tech Support

How is technical support organized and managed?
What is a workflow for production defects from discovery to closure?
What systems and tools are in place for technical support workflow?
What are the key metrics for production defects?
What are the uptime commitments to the customer base?

Monitoring

What are the key metrics for the system uptime?
What is an average system uptime on an annual basis?
What is an average system uptime on a monthly basis?
How is uptime monitored?
What system monitoring tools and services are in place?
What percentage of system is covered by 24×7 monitoring?
Is integration with third party systems monitored on 24×7 basis?
What methods of notification are used for system failures?
How is the system utilization tracked, monitored and reported?

Resource Assessment

Staff

What is average staff turnover?
What is average staff tenure?
What is average staff experience (years)?
What is average key employee turnover?
What is average key employee tenure?
What is average key employee experience (years)?
Are there any key employees at risk?

Team Performance

What is the track record of the development team in meeting release dates and objectives?
How much challenge does the current plan pose for the technology team?
What is technology team’s comfort factor and the planned margin for the current release?

Career Management

Does each team member have well defined goals?
Are those goals enforced by the organization through a thorough project management process?
What doe the vendor do for career management of its employees?
What doe the vendor do for continuing education of its employees?

Partnerships

What are the main partnerships essential to the vendor?
What services are provided by third parties?
How long the organization has been working with specific service provider?
Are there SLAs in place for key technology partners?

Contractors

What portion of the development is performed by subcontractors?
What subcontracting model(s) are used?
What roles are performed by contracting team members?
How long the organization has been working with current contracting partner?

Information Security

InfoSec Policy Framework

Is a formal Information Security and Privacy organizational structure in place?
Is a formal Information Security and Privacy policy framework in place?
How and when the Information Security and Privacy policy framework was developed?

Security Foundations

What are the main aspects of physical security currently in place?
What are the main aspects of network security currently in place?
What are the main aspects of server security currently in place?
What are the main aspects of data security currently in place?
What are the main aspects of personnel security currently in place?
What is the frequency of vulnerability scans?
What types of security audits are performed on a regular basis?
What is the frequency of security audits by a third party?

Disaster Recovery and Business Continuity

Back Up

What are a high-level backup architecture and methodology for the production system?
What are a high-level backup architecture and methodology for the corporate system?
What is the hardware used for data storage of the production system?

Disaster Recovery

Is a formal disaster recovery plan in place?
What is the frequency of disaster recovery plan testing?
What type of disaster recovery is in place for the production system?
What are target Time to Operation metrics for different disaster levels?
Has business disaster recovery been audited by a third party?
What type of SLAs are in place with products and services for production?

Business Continuity

Is a formal business continuity plan in place?
What is the frequency of business continuity plan testing?
Has business continuity plan been audited by a third party?

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to FurlAdd to Newsvine

One thought on “Offshore TDD

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s