Copyright ©

10 Key Considerations when Outsourcing QA and Testing Services

Submitted By : Ashok Mani

Written By: AppLabs

previous next


Outsourcing is a strategic management option rather than just another way to cut costs. The decision to outsource is often made in the interests of lowering costs, redirecting or conserving energy directed at the competencies of a particular business, or to make more efficient use of labor, capital, technology and resources. Its aim is to help companies achieve their business objectives through operational excellence.

One aspect of this is QA and testing. This can provide many benefits to companies who are seeking to improve the quality of their production applications, reduce business risk through rigorous testing and augment and improve upon the incumbent testing teams and processes. Given the increase in global IT outsourcing agreements, many companies will be looking at outsourcing QA and testing as an independent validation and acceptance phase in order to ensure high quality deliverables and gain competitive advantages.

To achieve these benefits, organizations select an outsourcing partner who will typically have local and offshore test centers and capabilities as well as a strong onsite consultancy presence.

Some of the critical success factors for outsourcing QA and testing engagements include:

When taking on the challenge of outsourcing your testing,there are many things that should be considered and accounted for before any contract is signed. This paper outlines 10 key considerations that organizations should consider when outsourcing QA and testing services.

Based on AppLabs. extensive experience in this field,the following are some of the major considerations for companies to consider and provision for when they want to outsource their testing services:

1. Engagement Models

Selecting an engagement model is a crucial aspect of developing the outsourcing plan. The process involves several factors, including aspects of international business strategy, selecting the geographical location, understanding the landscape and deciding on the outsourcing strategy. Some of the engagement models are:

Incremental Outsourcing

Organizations can mitigate their risks of outsourcing by dividing the work into small, more manageable projects that they outsource to service providers. Managers at the client organization therefore have well defined deliverables, programs that work under an umbrella contract with associated schedules. The location of the work is determined on a project by project basis.

Total Outsourcing - Onsite/Offshore

In this model, multiple projects and programs at the client organizations are outsourced to a service provider, which also takes on the end-to-end program management and delivery on behalf of the client. The service provider takes on the project, module or program from a client organization, deploys a small team onsite that works with the client managers and teams and coordinates work with the offshore team that does the bulk of the work . typical models range from 20-30% onsite to 70-80% offsite.

2. Service Level Agreements (SLAs)

The SLAs should detail the minimum level of service to be provided by the outsourcing vendor. They should be objective and measurable and have no ambiguity. This helps both parties in the long term. Some good examples of the type of SLAs that should be considered are:

It is also good to ensure that SLAs are tied into the contract,sometimes on a risk/reward basis to ensure that there is mutual interest in meeting them.

3. Mobilization

Once the contract is signed there will be a period of mobilization for both parties. This phase generally includes setting up communication protocol with the client, defining work breakdown structure, sharing standard templates (used for authoring test cases, reporting project status, presenting the key metrics etc.) with the client, building test strategy etc. Some of the key elements of this can be seen below:


The outsourcing providers maintain a pool of highly qualified and dedicated professionals including QA engineers, QA leads, project managers and technical specialists. Many outsourcing providers have unique centers of excellence to train their interns and employees on various testing methodologies and tools that are required for seamless execution of the engagement. Ensuring the most appropriate resources for your requirements are in place is critical for the success of the engagement.

Knowledge Acquisition

Outsourcing providers follow various approaches to obtain adequate knowledge for the test engineers to understand the core business requirements and also the critical functionality to be tested. Test leads or managers will be sent onsite long/short term to meet various stakeholders in the client organization to understand the product/system and its features. They will assume the responsibility of training the offshore team on the product/system to be tested and all the features of it that the client and the outsourcing vendor have agreed to be tested.


Some applications require extensive compatibility testing in different environments and back-end database systems. Other applications need to be tested in production-sized environments that closely resemble the final production environment. Outsourcing providers, with their extensive test labs, should simulate the production environment for performing such complex levels of testing. The cost for setting up this environment offshore would be negotiated with customers with a cost effective solution being drawn in favor of both parties.


Outsourcing providers in this competitive industry are continuously working on raising their standards with respect to adhering to CMMi Level 5 and other standard ISO processes to ensure tangible benefits for their customers. These include low project risk, on time/on budget deliveries, minimal error rate, high process visibility and enhanced customer satisfaction. Process implementation not only suggests complying to standard guidelines and procedures but also gives greater visibility to customers by delivering metrics (such as schedule/effort variance, productivity etc.) that measure the quality of the product/system which is the ultimate aim for any outsourcing provider.

4. Integration with other third party service providers

Independent QA and testing is becoming more and more common. One of the reasons for this is that it provides objective rigor and thoroughness that might not be provided by a single vendor. However, in this scenario, it is important that all the parties (client, testing vendor and development vendor) work harmoniously to achieve the right result.

The testing provider should have a good understanding of the challenges involved in working with multiple vendors spread across geographies and develop appropriate interfaces and best practices in communication to ensure successful completion of engagements. Understanding other SDLC methods is also imperative.

A clearly defined defect management and resolution process should be established as a high priority and ensuring consistent reporting styles on progress will make it easier on all parties to assess the readiness of any application throughout its lifecycle.

5. Communication

Outsourcing providers facilitate seamless communication between the client and their stakeholders. As communication is considered a key obstacle in outsourcing, providers maintain effective channels and points of contact (POC) open to clients.

An effective model and plan (including methods) should be tailored to the needs of the client and would help both parties in identifying and resolving issues promptly. A typical communication flow model is shown below:

communication flow model

Escalation and Issue Resolution

There needs to be a clear and objective escalation and issue resolution process agreed from the outset. Early identification should be built into the standard project risks and issues logs as well as action plans for mitigation. Successful processes work best when there is a trusting relationship between the vendor and the client.


It is important that formal reporting is put in place and communicated by a regular set of reports and deliverables updating the client on the engagement (at project/IT organization level). These reports will be sent to the client on a daily, weekly, bi-weekly or on a monthly basis based on the nature of the reports and the agreed plan. This should be in addition to the less formal reporting that will become apparent through the personal relationships formed.

6. Flexibility and Scalability

QA and testing outsourcing agreements demand a degree of flexibility and scalability to help ensure fluctuations in scope and timescales can be met. Some of the scenarios where flexibility is required are:

The outsourcing provider must have an organization with infrastructure and resources sufficiently sized so that the client demands are met. The correct scope and planning helps prevent this but some eventualities are unavoidable. It is therefore important that clients have an expectation that should the nature of the requirements change, there will be provision made within the contract or through good change management processes.

7. Quality Improvement

The key objective of the client is often to gain a significant improvement in quality and this can be achieved through outsourcing. In order to do this, there are some fundamental steps that need to be taken.

The outsourcing provider needs to assess and map the client.s testing capability to understand how the engagement is going to work. Identifying the "major gaps" in test processes from the outset and implementing positive changes to address these will result in quality improvements. As the relationship matures between the two parties, there should be a willingness to continually improve process and working methods etc. This should not necessarily be restricted to just testing, but the whole lifecycle if it improves the end product.

8. Configuration and Change Management

Many businesses have frequently changing requirements which if handled badly can have a significant impact on time, quality and cost. To help clients overcome this, QA and testing outsourcing organizations maintain a comprehensive change and configuration management system.

A typical scenario would be that a Change Request is raised by a client and sent to the vendor. The team then consolidates all Change Requests and performs an impact analysis on the Project Schedule, resources, costs and assesses the technical feasibility of the changes. These are all taken into account before the assessment is discussed with the client. Upon approval, an updated Project Schedule will be laid out to execute that change request.

9. Intellectual Property Protection

Intellectual Property (IP) protection is one of the important considerations for customers when outsourcing services. QA and testing outsourcing providers have to protect all PERSONALLY IDENTIFIABLE INFORMATION (PII) given by clients or otherwise obtained in the course of outsourcing engagements and treat it as proprietary and/or trade secrets. Unauthorized use or disclosure by the QA and testing services provider of any PII will be detrimental to the client.s competitive position and on-going business operations. The QA and outsourcing provider.s staff should not duplicate, distribute, disclose, convey or in any other manner make available to third parties any PII.

Most of the outsourcing providers have well established security standards and measures in place to prevent unauthorized access to and misuse of PII. The IP protection policies of most of the outsourcing service providers have the following:

10. Security

All the major outsourcing providers have Information Security Policies, Information Security Standards and Business Continuity Management policies in place, primaily to protect data.

The facilities of the outsourcing providers will have the controls and capability to prevent loss or accidental release of data or proprietary functionality. In the event of a disaster they should have the capacity to subsequently restore a service relevant to this.

The testing facilities of most of the outsourcing providers are assessed for BS7799 security management standards. Security measures are implemented at various levels at the facilities of the outsourcing provider that include physical security, infrastructure, network security and other ad hoc security measures based on specific case/project. Some of the physical security measures provided by outsourcing vendors include measures to restrict the entry and exit of personnel, equipment and media from a designated area. These controls address not only the area containing system hardware but also the locations of wiring, supporting services, backup media and other elements required for the system.s operation.


Clients should do their homework thoroughly when looking into outsourcing. A good service provider will identify potential pitfalls at the outset so that a customer is not caught unaware later in the relationship. Software testing is an essential phase of software development, but is definitely not the core activity of most companies. Outsourcing of this function enables the company to concentrate on its core activities and leading innovation, whilst the QA and testing providers work efficiently, ensuring quality results and a positive business outcome.

While organizations are deriving value from outsourcing software development, outsourced software testing will maximize returns from their investments and provide the right level of objectivity and rigor required to create a high quality product. If an independent QA and testing service provider is chosen whose focus is on ensuring quality products/systems are implemented, benefits will be fully maximized.

previous next