Outsourcing your project to an outside vendor is fraught with risks and dangers if you don’t pay enough attention to the legalities and contractual obligations. You need to ask yourself, ‘Am I entrusting the project to the right partner?, ‘Is the outsourcing company capable of delivering results while keeping sensitive information and trade secrets safe?’, ‘What are measures should I take to make sure no part of the project is jeopardized due to mishandling of confidential information?’

The answer lies in doing your due diligence concerning the formulation of legal contracts and documents that can shield your ideas and data from illegal disclosure while also ensuring that all the procedures and processes to obtain stellar performance from the outsourcing vendor are in place. Let’s explore the documents you need


A Non Disclosure Agreement is signed between the client and the outsourcing vendor so that any sensitive and confidential information/concepts/ innovations are not revealed or disclosed to outside parties in any shape or form. 

There are two types of NDAs: Unilateral (only one party agrees to protect the other party’s information) and Mutual (both parties agree to protect each other’s data/ trade secrets and information). 

Below are the factors to consider before signing an NDA. 

Clearly define what falls under confidential information:

This can include but is not limited to the core concept/idea of the software, trade secrets, third party integrations, procedures, processes, passwords, databases, source codes, strategies, and architecture.

Terms of confidentiality should include the time duration for which the information should be kept confidential and the project under wraps. 

Also, a clause that states that only certain employees of the outsourcing company will have access to confidential information, can be included. 

Obligatory clauses for the two parties should include the following points:

The disclosures/representatives clause – to list down the people who can access confidential information, e.g. Development Teams, Freelancers, Project Leads, any other necessary personnel.

Legal obligation

The disclosure of confidential information is often required in the case of legal proceedings or other scenarios decided by the law. 

The remedy clause can specify the manner of mitigation and compensation if either party breach the contract. Generally, there are three types of remedial rulings. Mediation where a neutral party delivers a satisfactory solution for the involved parties. 

Negotiation where the client and the vendor solve the issue themselves. 

Arbitration is like a private court where a neutral party listens to both parties and adjudicates. 

The following are not considered Confidential Information: 

  • Information generally available to the public; 
  • Widely used programming practices or algorithms;
  • Information rightfully in the possession of the Parties before signing this Agreement; 
  • Information independently developed without the use of any of the provided. 


A Master Service Agreement is signed to continue regular contractual work with the outsourcing vendor, including project expectations, responsibilities, roles, provided services, terms, and conditions of services. It’s typically written by the outsourcing company and presented to the client for a consensus. 

It should include:

Comprehensive goals and missions for projects current and future.

Client’s requirements

Services offered with respect to individual Statement of Work (see below for explanation)

Clauses, financial charges, and system processes connected to project iterations or changes in Statement of Work. 

Rules for reporting on the progress of the projects. 

Details of the workflows, process model and description of working hours and other regional factors concerning outsourcing vendors. 


A Non-Compete Agreement is a legal contract that ensures that the outsourcing vendor doesn’t enter into a competition with the client’s company after the contract period is over and the project is completed. Usually, it’s part of a severance agreement. 


A Data Processing Agreement is signed to regulate the data processing and is signed by the controller and the processor, defining the scope, specifications and purpose of data processing in addition to the relationship between the controller and the processor. 

There should be a form of adherence to the General Data Protection Regulation which ensures that data is only processed for the purposes defined by the DPA and the processors at the outsourcing vendor are not allowed to use or process data for their purposes. Processors should be able to take the required measures to reduce the risk of a data breach.

Statement of Work

SOW is a working document that is essential for productivity. It defines the objectives and roles of the outsourcing team in general as well as individual responsibilities and includes factors like deadlines, methodologies at each stage of the project.

It should include the following:

Scope of work

CI/CD pipeline diagram

Schedule of each phase/sprint e.g. project discovery, testing, deployment, and any other complex subprocess. 

Reporting procedures

Milestones and deliverables

Individual tasks

Appointment of project leads and key authorities

Location, hardware, browsers, programming languages, technology and tools

Requirements and terms for enlisting third parties and sub-contractors

Penalties and compensation measures

What kind of contract to choose?

There are three main types of contracts.

  1. Time and materials contract where the rates are determined based on hours and materials provided by the outsourcing vendor and is good for short term projects or when a specialist service is needed. 
  2. A fixed-price contract entails a constant price based on the type of deliverables and project types. The time and budget are predetermined in such contracts as the scope is well defined beforehand. The client benefits from cost-effectiveness in larger projects with such contracts. 
  3. The Dedicated Development Team Model is also a good choice for long term projects as it breaks down the payment monthly, i.e. the client hires a team of developers for a monthly charge and manages the team by themselves. This type of contract allows for flexibility on all levels. 

Depending on your budget and requirements, you can decide which type of contract to pick, but don’t forget to get the aforementioned documents in order before entering into any contract.