Who should perform QA -- the vendor or the client?

Both. The vendor should perform internal QA with dedicated testers (not the same developers who wrote the code). The client should then perform acceptance testing to verify the product meets their expectations. This two-layer approach catches the most issues.

What if the vendor says QA is not needed because they test as they develop?

Developer testing is not a substitute for formal QA. Developers tend to test the "happy path" and miss edge cases. Insist on dedicated QA time (20-30% of the development timeline) with independent testers. If the software outsourcing company resists, consider it a red flag.

How do I classify issue severity?

Use three levels: Critical (system crash, data loss, security vulnerability -- must fix before launch), Major (feature does not work as specified, significant UX issue -- must fix before acceptance), Minor (cosmetic issue, minor inconvenience -- can be fixed during warranty period).

Software Outsourcing QA Checklist -- Quality Assurance Guide

Why QA Is Critical in Outsourcing Projects

When you hire a software outsourcing company, quality assurance is the step that separates a successful delivery from a costly disaster. In our experience, projects that skip or minimize QA face 3-5x higher post-launch bug fix costs.

The cost of bugs by discovery stage:

Found during development: 1x cost to fix

Found during QA/testing: 2x cost to fix

Found after launch: 5-10x cost to fix

Found by end users: 10-50x cost (including reputation damage)

Why QA is especially important for outsourced projects:

The development team is external, making communication gaps more likely

Assumptions about "obvious" functionality often differ between client and vendor

The vendor may prioritize speed over quality to meet tight timelines

Without QA, the definition of "complete" is subjective and prone to disputes

At minimum, allocate 20-30% of the total development timeline for QA activities. This is not optional overhead -- it is insurance against far more expensive problems later.

Functional Testing Checklist

Verify that every feature works as specified in the requirements.

Core Functionality:

All screens display correctly according to the designData creation, reading, updating, and deletion (CRUD) work correctlySearch, filter, and sort return accurate resultsPagination works correctly with varying data volumesForm validation catches invalid input and displays appropriate error messages

Authentication and Permissions:

Sign-up, login, and logout function correctlyPassword reset flow works end-to-endSocial login (if applicable) works for all configured providersAccess restrictions are correctly enforced per user roleUnauthorized access attempts are properly blocked and logged

External Integrations:

Payment processing works correctly (test and production modes)SMS and email notifications are sent and received correctlyExternal API integrations return expected dataFile upload and download work correctly (all supported formats)Webhook receivers process incoming events correctly

Edge Cases:

Empty states are handled gracefully (no data, no results)Long text, special characters, and Unicode input are handled correctlyConcurrent user actions do not cause data corruptionSession timeout is handled gracefully (redirect to login)Network errors display user-friendly messages

This checklist should be customized for each project. Ask the software outsourcing company to prepare a test plan based on the requirements specification and review it before testing begins.

Non-Functional Testing Checklist

Beyond "does it work," verify that it works well.

Performance:

Page load time is under 3 seconds on standard connectionsThe system handles the expected number of concurrent users without degradationDatabase queries execute within acceptable time limitsImage and file loading is optimized (compression, lazy loading)API response times are under 500ms for standard operations

Security:

SSL (HTTPS) is properly configured on all pagesCommon vulnerabilities are absent (SQL injection, XSS, CSRF)Personal data is stored in encrypted formPasswords are hashed using a strong algorithm (bcrypt or better)Server error details are not exposed to end usersAPI endpoints require proper authenticationRate limiting is in place to prevent abuse

Compatibility:

Works correctly on Chrome, Safari, Edge, and FirefoxMobile responsive design functions correctly on iOS and AndroidTablet layout is acceptableWorks correctly on current and previous major browser versions

SEO and Accessibility:

Page titles and meta descriptions are set correctlySitemap is generated and accessibleImages have alt textHeading hierarchy is logical (h1 > h2 > h3)

Freesi includes comprehensive QA as part of every project, with dedicated QA reviewers who test independently from the development team.

Deliverable Verification Checklist

Before signing off on acceptance, verify that all deliverables have been provided.

Source Code:

Complete frontend source code delivered via Git repositoryComplete backend source code delivered via Git repositoryCode is reasonably documented (README, inline comments)Environment configuration sample (.env.example) is providedBuild and deployment scripts are included

Documentation:

Database schema (ERD) document providedAPI documentation provided (Swagger / Postman Collection)Deployment guide (server setup, build, deploy procedures)Admin user manual providedArchitecture diagram provided

Access and Credentials:

Server access credentials transferred to clientDomain and SSL certificate management rights transferredExternal service accounts (PG, SMS, email) owned by clientGit repository ownership transferredCI/CD pipeline access provided

Design Assets:

Original design files (Figma) with editor access transferredIcon and image assets provided in original formatBrand guidelines document (if created during the project)

A software outsourcing company should provide all of these deliverables as standard practice. If any items are missing, do not release the final payment until they are provided.

Recommended QA Process

Follow this structured QA process for outsourcing projects.

Phase 1: Test Plan Review (Before Development Starts)

The vendor prepares a test plan based on the requirements specification

The client reviews and approves the test plan

Both parties agree on acceptance criteria and the QA timeline

Phase 2: Developer Testing (During Development)

The development team tests each feature as it is built

Unit tests and integration tests are written (if in scope)

The vendor provides weekly QA status updates

Phase 3: Formal QA (After Development Completion)

Duration: 5-10 business days

Independent testers (not the same developers) execute the test plan

Issues are logged in an issue tracker with severity classifications

The vendor fixes Critical and Major issues

Phase 4: Client Acceptance Testing (After QA)

Duration: 5-10 business days

The client independently tests the product against the requirements

Any additional issues are reported

The vendor addresses remaining issues

Phase 5: Sign-Off

Both parties review the test results and outstanding issue list

Minor issues are logged for the warranty period

Acceptance confirmation is signed

Final payment is released

This process ensures that quality is verified systematically, reducing the risk of post-launch surprises.

Software Outsourcing QA Checklist -- Quality Assurance Guide

Why QA Is Critical in Outsourcing Projects

Functional Testing Checklist

Non-Functional Testing Checklist

Deliverable Verification Checklist

Recommended QA Process

Want to discuss your project in detail?

Frequently Asked Questions

Related Guides