Futureys Logo
Futureys
Futureys Policy Detail Abstract Background
Operations Policy

Software Outsourcing Policy

Rules for engaging third-party developers and technology partners.

Purpose and When Outsourcing Is Permitted

This policy governs engagement of external software developers, freelancers, technology vendors, and outsourcing partners to supplement internal capacity for software development projects.

  • Internal team capacity is insufficient to meet delivery timelines.
  • Specialized skills not available in-house are required.
  • Project size or complexity requires temporary additional resources.
  • Client has provided written consent for third-party developers.
Outsourcing is never permitted for tasks involving direct access to client production systems, databases, or sensitive personal data unless explicitly approved by Futureys management and the client in writing.

Approval Process

  • Project Manager or Tech Lead submits an Outsourcing Request Form to Head of Engineering.
  • Request is reviewed and approved or rejected within 3 business days.
  • Finance approval is required for engagements exceeding LKR 100,000 total value.
  • CEO or Director approval is required for engagements exceeding LKR 500,000.
  • Approved partner is onboarded with signed contracts before work starts.
  • All approvals must be documented in writing; verbal approvals are not valid.

Vendor Selection and Vetting

Eligibility
Registered business or verified professional, relevant portfolio, at least 2 strong references, verified technical skill, and professional English communication.
Preferred Attributes
Experience with React, Node.js, Flutter, Laravel, Python, AWS, agile delivery, scheduled syncs, and compatible time zones.
Disqualifying Factors
Project abandonment history, missed deadlines, client disputes, unwillingness to sign NDA or IP assignment, inability to verify identity or registration, or current engagement with a direct competitor.

Contractual Requirements

NDA
Covers all client and company information.
IP Assignment
All work is assigned to Futureys or client; vendor retains no ownership.
Scope of Work
Detailed task list, deliverables, acceptance criteria, and timelines.
Payment Terms
Milestone-based or hourly rate with defined schedule.
Penalty Clause
Late delivery or quality failure penalties as agreed.
Non-Solicitation
Vendor may not approach Futureys clients directly for 24 months.
Termination
Either party may terminate with 7 days notice; immediate for breach.

Contract templates are maintained by Legal/HR and must not be modified without Director approval.

Security and Access Controls

  • External developers receive minimum necessary access only.
  • Access is provisioned and deprovisioned by the Futureys IT team.
  • Separate development or staging environments are required; no direct production access.
  • All code must be committed to Futureys-controlled repositories.
  • Client data shared with vendors must be anonymized or masked wherever possible.
  • VPN or secure connection is required for system access.
  • Two-factor authentication is enforced for repository and platform access.

Quality Control and Delivery

  • A Futureys internal engineer is assigned as Technical Lead for every outsourced engagement.
  • Weekly or bi-weekly code reviews are conducted by the Technical Lead.
  • All code must follow Futureys coding standards.
  • Automated unit tests are required for new features delivered.
  • Deliverables are reviewed against agreed acceptance criteria before payment release.
  • Minimum bug-fix warranty is 14 days post-delivery.
  • Futureys may reject deliverables that do not meet quality standards.
  • Final payment is withheld until deliverables pass acceptance and handover is complete.

Payment and Performance Monitoring

  • Milestone-based payments are preferred for outsourced work.
  • Advance payments, if required, are capped at 30% of total project value.
  • Invoices must include supporting delivery evidence such as screenshots, test results, or code commits.
  • Payment is processed within 14 business days of invoice approval.
  • No cash payments for outsourced services above LKR 5,000.
  • Vendors requesting advance payment over 30% or insisting on cash must be escalated to management.
  • Vendors are rated on code quality, communication, timeliness, and professionalism.

Client Communication, Violations, and Review

  • Clients are informed that Futureys may use vetted third-party developers as part of service delivery where allowed by agreement.
  • Specific client confidentiality restrictions must be communicated before work begins.
  • Outsourced vendors must not communicate directly with clients without written authorization.
  • Client branding, data, and project details must not appear in vendor portfolios without client consent.
  • Employee violations may lead to disciplinary action including termination.
  • Vendor violations may lead to contract termination, withholding payment, and potential legal action.
  • Violations must be reported to Head of Engineering and HR Director within 24 hours of discovery.
Policy Owner
Head of Engineering - FUTUREYS (PVT) LTD
Review Cycle
Every 6 months or after significant outsourcing incident.
Next Review
December 2026
Email
info@futureys.com
Phone
+94 76 096 6010
Website
www.futureys.com
Chat on WhatsApp