At some point your bespoke application will let you down, with potentially serious consequences.
You get exactly what you need by having a bespoke database versus shoehorning an off the shelf or customisable solution to fit your business.
However, there’s a potential problem that you may not have factored in when originally going down the bespoke route.
You are totally reliant on and at the mercy of your software developer.
Should they wish to pursue dreams away from their business, retire or, heaven forbid, leave this world prematurely, your business is left completely vulnerable.
If you’re reading this and getting a bit jittery, because you are reliant on one person for software maintenance and security updates, that’s our intention.
We’re raising this important issue, because it’s a scenario that we often come across and are asked how to mitigate the risks.
Start planning to safeguard your bespoke solution and avoiding a business disaster
A solution to this problem is to have a third party who can quickly pick up where your current developer left off, ensuring that updates to functionality and security continue.
Here are some questions that will help you to create a plan.
Code Depository
- Where is the code library?
- What rights do you have to the code?
- What’s written down?
Ideally, you should have clear delineation of what rights you have purchased to the applications.
- Do you own it or do you have a licence to use it?
- How long is the licence for?
- Does it allow you to modify and maintain the code?
Code Security
- Who wrote the code?
- Are there sections of code re-used from other people or the vague “internet”?
- How do you know there are no known vulnerabilities in the code?
Documentation
What documentation do you have for:
- Database Schemas
- Installation process
- Infrastructure
- Dependencies
- Required rights
- Known problems and fixes
Succession Planning
- What sort of corporate structure are you buying from?
- Who are the shareholders and directors and how many people are in the organisation?
- If ‘key people’ leave, what have they left for their replacements?
Security Standards
- What sort of security is in place for this code
- What security testing has been done – SQL injection, buffer overflows?
Security Impact
What are the consequences of a security breach in this code?
- GDPR consequences
- Hardware control
- Intellectual property
- Contractual violations
Software Licencing
- What are the licencing terms?
- What are the licencing terms of any included libraries or other code components that your software developer has used?
Software Dependencies
- What other pieces of code are used within the software developer’s code?
Take all the questions above and apply them to those pieces of code.
Ownership
- What exactly have you paid for and on what terms?
- What happens if something goes wrong? Whose problem will that be?
Take Safeguarding Action Now
Don’t wait until it’s too late to ask these questions. If you do, it’s damage limitation, which could be a distracting frustration, or it could be a catastrophe and near-impossibility to rectify.
If you would like an independent to audit your bespoke software and produce a report and plan, please get in touch.
