Purpose and When Outsourcing Is Permitted
This policy governs engagement of external software developers, freelancers, technology vendors, and outsourcing partners to supplement internal capacity for software development projects.
- Internal team capacity is insufficient to meet delivery timelines.
- Specialized skills not available in-house are required.
- Project size or complexity requires temporary additional resources.
- Client has provided written consent for third-party developers.
Approval Process
- Project Manager or Tech Lead submits an Outsourcing Request Form to Head of Engineering.
- Request is reviewed and approved or rejected within 3 business days.
- Finance approval is required for engagements exceeding LKR 100,000 total value.
- CEO or Director approval is required for engagements exceeding LKR 500,000.
- Approved partner is onboarded with signed contracts before work starts.
- All approvals must be documented in writing; verbal approvals are not valid.
Vendor Selection and Vetting
- Eligibility
- Registered business or verified professional, relevant portfolio, at least 2 strong references, verified technical skill, and professional English communication.
- Preferred Attributes
- Experience with React, Node.js, Flutter, Laravel, Python, AWS, agile delivery, scheduled syncs, and compatible time zones.
- Disqualifying Factors
- Project abandonment history, missed deadlines, client disputes, unwillingness to sign NDA or IP assignment, inability to verify identity or registration, or current engagement with a direct competitor.
Contractual Requirements
- NDA
- Covers all client and company information.
- IP Assignment
- All work is assigned to Futureys or client; vendor retains no ownership.
- Scope of Work
- Detailed task list, deliverables, acceptance criteria, and timelines.
- Payment Terms
- Milestone-based or hourly rate with defined schedule.
- Penalty Clause
- Late delivery or quality failure penalties as agreed.
- Non-Solicitation
- Vendor may not approach Futureys clients directly for 24 months.
- Termination
- Either party may terminate with 7 days notice; immediate for breach.
Contract templates are maintained by Legal/HR and must not be modified without Director approval.
Security and Access Controls
- External developers receive minimum necessary access only.
- Access is provisioned and deprovisioned by the Futureys IT team.
- Separate development or staging environments are required; no direct production access.
- All code must be committed to Futureys-controlled repositories.
- Client data shared with vendors must be anonymized or masked wherever possible.
- VPN or secure connection is required for system access.
- Two-factor authentication is enforced for repository and platform access.
Quality Control and Delivery
- A Futureys internal engineer is assigned as Technical Lead for every outsourced engagement.
- Weekly or bi-weekly code reviews are conducted by the Technical Lead.
- All code must follow Futureys coding standards.
- Automated unit tests are required for new features delivered.
- Deliverables are reviewed against agreed acceptance criteria before payment release.
- Minimum bug-fix warranty is 14 days post-delivery.
- Futureys may reject deliverables that do not meet quality standards.
- Final payment is withheld until deliverables pass acceptance and handover is complete.
Payment and Performance Monitoring
- Milestone-based payments are preferred for outsourced work.
- Advance payments, if required, are capped at 30% of total project value.
- Invoices must include supporting delivery evidence such as screenshots, test results, or code commits.
- Payment is processed within 14 business days of invoice approval.
- No cash payments for outsourced services above LKR 5,000.
- Vendors requesting advance payment over 30% or insisting on cash must be escalated to management.
- Vendors are rated on code quality, communication, timeliness, and professionalism.
Client Communication, Violations, and Review
- Clients are informed that Futureys may use vetted third-party developers as part of service delivery where allowed by agreement.
- Specific client confidentiality restrictions must be communicated before work begins.
- Outsourced vendors must not communicate directly with clients without written authorization.
- Client branding, data, and project details must not appear in vendor portfolios without client consent.
- Employee violations may lead to disciplinary action including termination.
- Vendor violations may lead to contract termination, withholding payment, and potential legal action.
- Violations must be reported to Head of Engineering and HR Director within 24 hours of discovery.
- Policy Owner
- Head of Engineering - FUTUREYS (PVT) LTD
- Review Cycle
- Every 6 months or after significant outsourcing incident.
- Next Review
- December 2026
- info@futureys.com
- Phone
- +94 76 096 6010
- Website
- www.futureys.com

