How to Evaluate a Software Development Agency Before Hiring

Hiring a software agency is a high-stakes decision that most companies make with insufficient information. The consequences of the wrong choice — lost time, wasted money, code you can't maintain, and the need to rebuild — are severe. Most of the signals that actually matter are not in the portfolio or the proposal.

This guide covers how to evaluate a software development agency before committing — what to look for, what to ask, and how to structure the engagement to protect yourself.

The agency evaluation problem

Most companies evaluate agencies on the wrong things:

• Portfolio case studies are curated marketing. They show the best work, often built by the best people the agency has, who may no longer be there.
• Awards and certifications (Google Premier Partner, AWS Partner, etc.) indicate marketing investment, not engineering quality.
• Proposal quality tells you about sales skill, not engineering skill.
• Pricing is not correlated with quality in the way most people assume.

The signals that actually predict outcome are harder to surface — but not impossible.

What actually predicts a good engagement

Client retention and repeat work

• What percentage of their revenue comes from repeat clients?
• How long do client relationships typically last?
• Can they name clients they've worked with for 3+ years?

An agency that retains clients has demonstrated ongoing value delivery. An agency whose clients consistently complete one project and move on is a signal.

Code ownership after the engagement

Ask explicitly: after the engagement ends, who owns the code? Who can read it? Who can maintain it?

Agencies with strong client outcomes produce codebases that:

• The client team can extend and maintain without the agency
• Have documentation sufficient for a new developer to onboard
• Don't require calling the agency for every production issue

Agencies that optimise for dependency produce the opposite: bespoke, undocumented code that only they can maintain.

The team that actually works on your project

The team presented in the pitch is often not the team that will build your product:

• Ask to meet the specific engineers who will work on your project, not the CTO or senior partner
• Assess those engineers directly — a technical phone screen is not unreasonable
• Ask about their experience with your specific technical requirements (e.g., if you need Kafka experience, ask the developer who will work on your project about their Kafka work)
• What is the agency's turnover? If engineers leave frequently, the team you evaluate today may not be the team working on your project in month 3.

Technical depth assessment

The technical interview

Before signing, run a technical evaluation of the people who will work on your project:

• A system design discussion relevant to your product (how would you design this feature or system?)
• Code review: give them a piece of code with deliberate problems and ask for feedback
• Past project deep dive: ask them to explain the technical architecture of a past project, including the trade-offs they made

You're not looking for perfect answers. You're looking for engineering judgement — do they think clearly about trade-offs, do they know what they don't know, and are they honest about limitations?

Stack fluency vs. stack familiarity

There is a significant difference between an engineer who has used a technology for 3 years in production at scale and one who has done a tutorial. Ask specifically:

• What is the largest production system you've built using [technology]?
• What problems did you encounter at scale?
• What would you do differently?

Surface-level answers indicate surface-level familiarity.

Security and quality practices

• How do they handle security? What is their process for securing user data, preventing common vulnerabilities (OWASP Top 10), and managing secrets?
• What is their testing approach? What percentage of code is covered by tests?
• What does their code review process look like?
• How do they handle production incidents?

Agencies that don't have clear, process-level answers to these questions are telling you something.

Red flags in proposals and pitches

Scope that isn't specific

A proposal that describes deliverables in vague terms ("user authentication system," "admin dashboard") without specific functionality definitions is a contract for future disputes. Every ambiguous requirement will be resolved in the agency's favour.

Before signing, every feature should have:

• A specific description of functionality
• Acceptance criteria (how you'll know it's done correctly)
• What's explicitly not included

Unrealistic timelines

Most agencies underestimate project duration by 40–60% to win deals. Ask:

• What projects have you delivered that are similar in scope to this one?
• How long did those take vs. the initial estimate?
• What caused the variance?

An agency that claims all projects come in on time has either very simple projects or selective memory.

Fixed-price for undefined scope

Fixed-price contracts on software with unclear requirements create a structural conflict of interest. The agency will interpret ambiguity narrowly (to protect margin); you will interpret it broadly (to get what you expected). This conflict, repeated across dozens of features, typically results in either a budget overrun or a product that doesn't match expectations.

No warranty period

Any reputable agency should offer a warranty period — typically 30–90 days post-delivery during which they fix bugs (not new features, not scope changes) at no additional charge. The absence of a warranty period is a signal about confidence in their own work quality.

Contract protections

IP assignment, not licence

The default in many agency contracts is that the agency retains copyright and licences the code to you. You want an IP assignment — you own the copyright. This matters if you ever raise funding, are acquired, or need to enforce your rights.

Review the contract carefully for language like "licence to use" vs. "assigns all right, title, and interest."

Source code access throughout the engagement

You should have access to the code repository throughout the engagement — not just at completion. This allows you to:

• Monitor progress (is code actually being written?)
• Review code quality as the project proceeds, not at the end when it's too late
• Reduce your risk if the relationship breaks down

Agencies reluctant to grant repository access are reluctant for a reason.

Milestone-based payments

Never pay 100% upfront. Structure payments around verifiable milestones:

• 20–30% upfront
• 30–40% at mid-project milestone with demo
• Remaining on delivery and acceptance

Define "acceptance" explicitly — it should be based on agreed acceptance criteria, not on the agency's declaration that they're done.

Structuring the engagement for success

Start with a paid discovery

Before committing to a full build, commission a discovery phase (2–4 weeks, fixed scope):

• Technical architecture design
• Detailed specifications and user stories
• Technology decisions with rationale
• Revised timeline and cost estimate based on actual scope clarity

This costs money but surfaces problems before they're expensive. An agency that refuses a structured discovery is optimising for their speed-to-contract, not your project success.

Internal technical ownership

The single biggest predictor of a successful agency engagement is having technical leadership on your side:

• Someone who can review code and assess quality
• Someone who can push back on technical decisions
• Someone who understands when the agency is padding scope and when they're genuinely flagging complexity

Without internal technical context, you're dependent entirely on the agency's self-reporting. That's a structural risk.

---

Evaluating a software development agency for a product build or custom development project? Contact us — we conduct vendor assessments covering technical capability, past work quality, and contract structure to help you make the right hiring decision.