UpTeam Resources

We know your time is valuable. Here are three steps we use to help us both see if and how our services can help you get your technology built and running. We know it works because it makes our customers successful faster. Here’s a quick checklist:

Discover

It’s perfectly fine if everything you need is not exactly clear yet (if it was, you’d probably have already done it). Let‘s invest a few minutes on the following:

• Your objectives: What’s the problem you haven’t solved, and when would you expect to have it solved? Why is the problem valuable enough to make it worth the investment?
• Your company’s needs: Companies build products to solve problems for customers. How does this effort help your customers?
• Your stakeholders: Who is it who asked you to find an answer to this problem? How will they judge if your work is successful?

Curious about our work with other customers? Feel free to ask us. We’ll also have some questions to better understand our homework.

Collaborate

Once we’ve both agreed to invest further effort, let’s convene your product and technical leadership with your counterparts from our side. (Have a PRD? Send it to us, with whatever NDA works best for you. No PRD? That’s OK too). Here’s the agenda; plan on about 60 minutes.

• Your market landscape: Users and customers have had to make do without your product; what makes this better than prior alternatives? How soon do you need to get it done to beat the other guys? How will you know it’s a success?
• Key technical challenges: By this point, you’ve probably already spent time wrestling with the technical challenges. How have you tackled them in the past, or seen them built into other products or technologies? Are there skills gaps or expectations? Our team is technical and will have technical questions. Let’s be sure you have the right people on hand to answer
• User stories & customer experience goals: Without your putting words in their mouth, how do your customers describe what they care about? If you’ve got formally defined use cases and user stories, great. If not, we can get to it in our conversation.
• Your team: Who else is involved, and what needs and skills do they bring to the table? What are the expertise gaps you hope we can fill? Who has the up/down vote at key points in the project?

That’s all we need at this point. We’ll do some homework and come back with a tighter definition of the experts required, ideas about the tools and technologies that are the best fit, and clarity about the economics.

Decide

With the homework is done, we give you the following, so can make an informed decision:

• Project scope
• Planned team roster
• Statement of Work (SOW).

Ready to proceed? Let’s get it inked and we’ll get to work.

The UpTeam® Accelerator creates and operates software development teams that work well together by design. Just as product goals don’t deliver themselves, team setup requires a coordinated approach. The team setup process focuses on preparing the ground for your team to succeed. Our goal is to apply our technical know-how to organize all skills and expertise to deliver and support your product and make your team a place where each member who joins sees his or her role in technical product success as a compelling opportunity for career advancement.

For every client, we start with a Team Formation Group (TFG), made up of one of our CTO-level execs, a Technical Program Manager (plus a Technical Product Manager as applicable), and backed by a member of our talent operations staff.  They are charged with understanding your development needs. Their objective is to translate your product needs into the foundation of technology strategy, and get the right people in place to execute.

The TFG works with you to elicit your short and long-term team goals and think ahead to a development plan that connects them. Under NDA, show us your vision decks, product plans, customer decks, and so we can understand your strategy. It lets us better recommend which skillsets are needed when, and how best to structure the team, especially as your business grows.  

The structure of your existing in-house team is an essential input. We will work with you so we can engage directly with everyone involved most collaboratively and productively.  It’s especially vital that we work with you to set expectations for those who will be interacting with this new Dev team. One skills gap or one personality mismatch risks affecting productivity across all sides of your organization. Here, we apply our know-how to solve those issues proactively, with team structures and expectations setting, along with aligning for accountability, career goals ,and incentives, monetary and non-monetary alike.

We do more than take an opinionated technical point of view. We want to be sure we understand the tech that you have so far, as well as architectural constraints and extensibility going forward. Selecting top-tier talented practitioners is a given.  Because we have built many successful teams and products for Silicon Valley venture-funded start-ups, we take you well beyond an a-la-carte collection of geeks, so the team can be productive from the get-go.

If you need to bootstrap a project with focused technical expertise immediately, we recommend you consider starting with one or more offerings from our expert services company, CloudGeometry. We can focus on a narrow set of objectives. Our CTO and Solution architects will coordinate to stay on track as your TFG organizes around your strategic long-term development goals.

Our technical perspective also informs the job descriptions we create for you. We draft them and review them with you, to be sure that we’re on the same page. Your team members are drawn from two pools: experienced UpTeam employees and new hires. It’s by viewing your forthcoming team as an organic whole that we can optimize the initial conditions for a successful search, recruiting, interviewing, hiring, onboarding, and execution.

Based on the job descriptions and the org chart for the roles that make up your team, we tune them to the talent market best suited to your needs (location-specific, centralized/distributed, hybrid-remote, and more) and review that with you.

Right team, right players

Getting the right players requires a tiered approach; we begin recruiting on three fronts.  

• Experienced permanent UpTeam staff: All of our projects are long-term engagements.  Our managers review career goals and progress with every employee regularly. It’s not unusual for a talented individual to be ready for new challenges. We look closely at the opportunity for their growth, balanced against the needs of their existing projects, and potentially joining your team. (Occasionally, we have projects that are winding up just as yours begins, but that’s more the exception than the rule).
• UpTeam pre-vetted candidate database: We maintain a pre-screened database of 2000 technical professionals across our geographic base. These are people who have expressed an active interest in joining projects running in the UpTeam Accelerator. They have already passed soft skills and technical skills interviews. Our in-house recruiting team is charged with maintaining relationships with our database of active candidates.
• UpTeam recruiting network: Our in-house team also manages working relationships with dozens of IT recruiting partners in major European technology hubs. They know us, and we have worked with them successfully in the past. We know they can be trusted to be both aggressive and selective. They know the kind of people we are looking for and who can successfully meet our standards.

Across all three sourcing channels, we take pains to be transparent with candidates on

• The sequence of the recruiting process
• Both our org structure and yours
• Software development norms they can expect in the UpTeam Accelerator

Aligning their career goals align with your product and business goals makes them better prepared to commit to executing them for you.

Interview Process

Interviewing is an art and a science. Our approach covers structured expectations, human interaction, well-specified assessments, and measurement.

The process is built around standardized questions, structured conversations, open dialogue, and recording observations at every step. Our process is structured to allow specific questions that you want us to cover for various roles,  so we can make sure you can draw the observations you need to ensure a successful outcome to the interview and technical vetting. We are also happy to set up supplemental 1:1 acceptance interviews with candidate finalists by your managers.

With the necessary prerequisites in place, interviewing begins. Candidates who make the first cut can expect a well-structured interview and evaluation process. They get a timetable of the conversations to expect and with whom will interview them.

Interviews begin with a screening conversation to consider soft skills. We start with candidates we believe can both do the work and speak the language. We use also these first conversations to judge if we think they will also play well with others.

This removes an important barrier to candidate outreach.  Each candidate we select for deeper screening receives our remote employment package, which explains in detail how we manage remote employees as first-class citizens in our company. We specify work hours, communication, video equipment, reporting, and visiting our dev centers that he is connected to.  He or she gets a clear view of professional life for the next 1-2 years (or more) and can make an informed decision about whether it is a good fit.

Technical interviews are built around structured criteria. We want to see two things: see how well a candidate measures up on detailed parameters, and gauge technical skills to compare between candidates. We do use coding tests and other assessment mechanisms. They are an important indicator, but they are not a standalone predictor of team member success. For remote candidates, interviewing is done over video conference, with coding exercises.

Finally, we validate technical and personal references to make sure all the dots are connected. We typically have to choose from at least 3 qualified candidates for each position, and we introduce them to clients for final selection.

Onboarding & Trial

As each candidate on your team is green-lighted, we take care of all paperwork and onboarding logistics. Day Zero is done; your new team is ready to go from Day 1.

When a brand new hire starts work, our onboarding phase continues with a 3-month trial period. Your new hire and his or her manager establish clear trial-period goals.

Your input is a key part of the successful conclusion of the 90-day trial phase. We then include your new employee in our standard personal development plan process. All of it aligns with your product milestones and product goals, reviewed and updated quarterly. If your company has existing workforce management processes, we’ll be happy to integrate with that. Put us in touch with your HR pros, and we’ll make it happen.

Assembling the right team is the essential foundation for making your team productive. It’s how to get your product to market in the hands of countless happy, profitable customers.

The UpTeam Accelerator delivers software development momentum by eliminating barriers to sustainable, reliable, scalable team operations. Team formation (see UpTeam.init()) prepares the foundation. Development Team Operations transforms that initial preparation into continuously optimized software product development. Unlike recruiting agencies, we never stop at hiring.

The UpTeam accelerator gets its power through the combination of technical expertise, tooling, quality, learning agility, and motivated team members. Technical details matter. Our job is to stay on top of the details. Architecture and tooling together need to create value, velocity, and improvement. This is where our management spends the majority of our time and effort. It’s how we deliver great results.

You can expect us to communicate proactively to stay well-synched. Both our CTO office and our tech leads use agile/scrum ceremonies and artifacts to get you the visibility you need into the progress of technical and non-technical problem-solving. The goal: keep every minute of remote work focused on project goals and make transparency more useful.

Our agile/scrum process works great for early-stage start-ups that frequently pivot, and enterprises with strict security and compliance requirements. Learning is part of the process with every successful team and project. We want our teams to feel challenged professionally and personally. We get rid of any less useful work that’s dragging on productivity and causing team fatigue.

We can readily customize these process functions to fit your current product development and engineering operations. And if you want to step back and focus exclusively on requirements prioritization and acceptance testing of sprint deliveries? We’ve got that too.

Successful dev team operations run with the following functions:

• CTO Office Advisory
• Project charter
• Communications
• Scrum
• CI/CD
• Centralized QA  and compliance
• Continuous talent development
• Issue resolution
• Achievement celebrations

CTO Office Advisory

Our CTO office plays an active role in every single project that runs the UpTeam accelerator. It doesn’t end with hiring or stopping at project inception. You get the benefits of decades of collective hands-on experience across hundreds of projects. CTO leadership never ends at the beginning of the project. Our technical execs stay engaged throughout. Their oversight extends to inspection, review, discussion, guidance, and more. The UpTeam accelerator provides leverage to all aspects of the technology strategy and direction of your team:

• Provides ongoing guide rails for development team members as they break problems into digestible components.

• Leveraging team and stakeholder feedback to improve the application and process, with continuous learning and development opportunities at all skill levels

• Ensuring effective alignment of technical decision-making and risk management with business goals and deadlines

• Surfacing and prioritizing issue management and resolution in the appropriate communications vehicles and ceremonies

• Designing for zero-trust security, audit-ready compliance, compliance, and secure data multi-tenancy

The bottom line with continuous advisory is our technical executives can consistently be available to you. In short, our job is to keep on top of the full context of the development of your solution at both strategic and tactical levels. We deliver the flexibility and adaptability your business demands from its engineering investment.

Project charter

This single reference document creates a single source of truth. Everyone on the project can orient on it. It’s a clear anchor point. All Participants and stakeholders, especially managers distributed across time zones. The charter includes a collection of written assumptions defining “who, what, why, when, how” driving the project. It records documents and communications that everyone who needs to can read them. The same goes for the roles and responsibilities of each team member. It shows the checklists that gauge critical readiness milestones. The charter also includes links to online interactive resources like JIRA and Slack.

Communications

It’s no exaggeration to say that communication serves as the oxygen supply of any ambitious project. We rely substantially on the principles outlined by GitLab. Both scheduled and spontaneous interactions drive the pulse of the project. Distributed work demands a deliberate balance between formal and informal communications. Bonus: it helps avoid useless meetings.

• Unscheduled offline: Conversations and whiteboarding can create a good feeling of flow. It’s the discipline of writing things down that forces us to clearly articulate proposals, designs, and ideas.
  Less variance in interpretations saves time. It also exposes questions faster, in chat/Slack or later in meetings. Transparency is a truly valuable side effect, whether small-scale comments in code or Jira issues, or large-scale documents.
• Scheduled offline: Timeboxing with Agile/Scrum flows scheduled communications at different levels. Agile artifacts create a clear picture for leadership and team members alike. These include meeting summaries, release notes, monthly reports, and more.
  The monthly reports we give you? They give your exec leadership a concise description of who’s doing what, what’s working or not, and what happens next.
• Scheduled online: Google Meet, Microsoft Teams, Zoom, and video-conferencing with chat are essential. We use them across defined schedule windows, with different team members to streamline dialog, handoffs, and problem-solving. They apply as much to daily standups as they do to coordinate 1-1 and small groups in a distributed work world.
• Unscheduled online: Defined escalation paths elevate problem-solving to the right level. Problems framed and fixed sooner save time and toil later (see: issue resolution, below).

Scrum

Distinguished from other processes by specific concepts and practices. Scrum helps manage complex software and product development using iterative and incremental practices. Its processes operate across three functions: Roles, Artifacts, and Time Boxes. Taken together, they enable organizations to adjust smoothly to rapidly-changing requirements. It’s the best way to produce a product that meets evolving business goals. An agile Scrum process benefits the organization by helping it to:

• Increase the quality of the deliverables
• Cope better with change (and expect the changes)
• Provide better estimates while spending less time creating them
• Be more in control of the project schedule and state

Scrum supplies stability and productivity because it ensures a simple set of roles, responsibilities, and meetings that never change. It removes unnecessary unpredictability. It lets your team take on the necessary unpredictability of continuous discovery and learning.

CI/CD

Faster development depends on consistent and reliable processes – backed by proven tooling. DevOps at the UpTeam accelerator put QA and coders on the same page. End to means we start from pull requests through builds to QA and the deployment pipeline up to the point of deployment. Every team pays careful attention to ongoing automation. They prioritize automating error-prone and manual tasks to achieve a code base that can always be ready for production release. It’s just as important to avoid automating the wrong things. That results from careful attention to the person-to-person dialog and collaboration required.

However, real acceleration and scalability cannot rely on automation alone. It starts with rationalizing architecture and building standards that apply across the team and the codebase. The real test is whether your team can quickly onboard new or replacement talent as the business grows. A stable and complete set of CI/CD tooling, collaboration methods, and release processes make up the secret sauce. That makes it easier for you to spin up new teams, shift more work to remote, leverage new geographies, and more.

Centralized QA & Compliance

With UpTeam, product QA never risks becoming an afterthought; we consider QA a core competence. It’s why we invest aggressively in QA processes, QA automation infrastructure, and ISTQB-certified personnel. It’s how we build quality into your products and your development team deliverables. We offer various QA packages and service levels to guarantee the quality of your products at every stage.

• StartUp: Our QA professionals work closely with the product team. They shadow development efforts closely. They understand ever-changing product requirements. They update QA matrixes and reports. , continuously update all quality reports. You have the information you need to approve new releases.
• Growth: Clients who already have paying customers expect and need to give more serious attention to product and service quality. We offer QA Automation, including business processes with test/tooling integration into CI/CD pipelines. We also provide your managers with dynamic hourly updated quality charts.
• Enterprise: For mission-critical production systems, we extend QA automation to run 24/7. That includes production monitoring, performance, integration, security, and scalability testing. Our compliance office prepares audit artifacts for infrastructure and development processes. We also support documentation and review for PCI, FedRamp, HIPAA, HITRUST, and more.

Read more about how to use QA to drive growth.

Continuous Talent Development

Our talent development program focuses on keeping every member of our team sharp and challenged. It’s a major attraction to candidates who want to join projects like yours at the UpTeam accelerator. They want to prove their skills in the practical context of solving real problems.  

Each employee has his or her own formal Personal Development Plan (PDP). Each works on the PDP 1-1 with his or her manager(s). They evaluate their success in meeting individual project commitments and skill development at least quarterly. Expect to hear from us regularly to elicit your input for their development opportunities.

Our full-time UpTeam Learning and Development staff works jointly with the CTO office. Together, they develop and maintain training courses and certifications for in-demand technologies. Courses in cloud-native and distributed platforms, data engineering, web, and mobile languages are much sought after.  Employees look for technical cross-pollination opportunities with their peers across the accelerator. We help them prepare for certifications, schedule hackathons, and help set up peer programming experiences.

We also invest in non-technical curriculum opportunities.  Coaching for written, presentation, and conversational language skills makes communication work better for everyone.

Issue Resolution

The natural outcome of change and discovery in any project is problems that need solving:

• Product owners rarely want to give up the ability to improve on their vision as they talk to more users and see how the product performs for them.
• Development teams can hope they get it all right the first time. In reality, they know they can’t know for sure until (a) the entire stack gets integrated, (b) functionality gets demonstrated, and (c) changes in requirements are rationalized.
• It’s certainly the case that problem-solving processes have problems of their own.

The UpTeam Accelerator does more than build a higher level of expertise inside your dedicated team. Our extended team of technical experts and the CTO office means you (and your project leads) can draw on broader experience. We can lend expertise to boost problem-solving at just about any level. That includes training, consulting, changes to work structures, and more. Finally, we build clear escalation paths into all agreements. That way, problem-solving gets framed appropriately and channeled down the right path quickly.

Achievement celebrations

Celebrations are important to show everybody who put their head and shoulders into reaching big milestones a way to mark the accomplishment. It’s important wherever they live and work. Creating a shared sense of achievement and success needs to be a well-planned part of the process. Your remote team will be far away from all your HQ festivities and travel is not always an option. That’s why we encourage our teams and our clients to celebrate quarterly milestones together and get creative. Virtual events can be split across time zones. A real-life example: toast with coffee in morning time zones simultaneously with beer and wine where it’s evening. And of course, it’s rarely a bad idea to mark a big accomplishment with great old-school parties. Celebrate with your team in our offices, or even outdoors so you can get out of the office.

Secure information, secure work, secure value

In this remote-first world, it’s impossible to separate information security from information value. At the UpTeam Accelerator, speed and trust are built into our processes, policies, and tools from the ground up. Everyone who works with our customers, their software, and their infrastructure works within strict, clear security protocols.

Making the best of location-independent talent means mitigating risks for people and devices no matter where they are. There are many best practices derived directly from the world of cloud computing which we inhabit. Controls and processes derived from central office environments can also apply successfully to distributed work. Our goal is to secure and protect all the work on all the data at all times. It requires corrective avoidance of risky situations, rapid mitigation of incidents, and continuous improvement in the face of the evolving threat landscape

We believe is that this discipline and mindset apply not only to our team but also to our work with you and your team. We work to continuously raise the security and operations standards across all of the work UpTeam does with your organization.

Security Operations Objectives

Security is a core element of our operating model, both for individual customer teams as well as the UpTeam Accelerator as a whole. The following objectives drive security operations:

• Maintain and update company-wide security policies
• Train all employees on security norms and protocols and keep them up-to-date
• Operate a toolset that regularly executes security audits for all teams and products
• Manage, triage, and root cause all security incidents
• Operate and maintain a database of attack vectors and remediations
• Maintain an active backlog of security improvement opportunities based on continuous monitoring of global security threats

Security Foundations: Policies & Procedures

Securing Cloud Services

As a cloud-first software development company, many of the operating assumptions of our development and deployment processes derive directly from cloud services. This inherits critical security benefits:

• Distributed platforms with no single point of failure
• Multiple levels of redundancy within and across platforms and data services
• Security Management using managed services and online tools
• Managed services for end-user mobile devices, laptops, and smartphones
• Avoid using network access control lists or network firewalls.

These assumptions also extend how end-users work with these resources.

• Multi-factor authentication, also known as 2FA, is a critical verification step offered by cloud service providers. It’s a very effective barrier against intrusion and unauthorized access.
• Google Authenticator provides a validated separation between the end-user and the service they use, based on the classic security tactic of “something you have in something you know.”
• All confidential information is shared on channels that use 2FA to prevent spoofing, including and especially password recovery codes.
• All password management is cryptographically controlled using LastPass. This streamlines logins, stores access credentials securely, and manages safe sharing for password recovery.
• Our IT operations team can control usage policies and user management using LastPass as a secure centralized resource, streamlining the global application of policies and procedures wherever members and end-users work.
• Google Meet and Zoom are our default live communications tools (whichever a client prefers). Session access is managed centrally using Google authentication mechanisms.  

Secure document sharing and access

Fine-grained access control is critical. There’s no merit in making it easy with shortcuts that expose critical information, just as there is no point in making information secure by making it inaccessible.  Document distribution and collaboration must be both secure and frictionless.

Our default identity and document access platform is Google G-Suite. It’s a unique combination of integrated cloud identity and easily manageable document sharing and management. It builds clear standards for data ownership, data use, security, transparency, and accountability. That gives us control over compliance, reporting, as well as day-to-day identity and collaboration needs.

G-Suite as the backbone of our collaboration identity management confers several important advantages:

• Google Authenticator significantly reduces the risk of unauthorized access. Admins can also manage these keys at scale, and readily separate access based on organizational rules.
• Context-aware access ensures that employees have access only to assigned documents and resources. By default, members of each client team in the UpTeam Accelerator are denied access to any clients they are not assigned to
• Structured privileged roles add another layer of confidence and authorization. Compliance and oversight are managed with complete transparency within the scope of our contracted client relationship. For example, your team leads have access credentials that individual line staff members do not. Similarly, our global infrastructure specialists have clear policies and guidelines separating who can access what.
• Email security can be bolstered with customized rules such as using Secure/Multipurpose Internet Mail Extensions (S/MIME), as and when specific content is detected in email messages.
• Two-factor authentication can be added to any access within Google G-suite document collaboration.
• Single sign-on and 2FA together control access for  AWS, Azure, Microsoft 365, and the like.

Access Control policies and procedures

All processes for account creation and termination are automated and centrally controlled. These are audited regularly. VPN is the default access mode for all distributed resources. Exceptions are granted only by joint approval of the CTO and a VP-level executive.

Provisioning and revocation are formally managed for all services and systems. Using mechanisms  SSO, password management, 2FA, and more, we can verify and monitor user legitimacy, and remove credentials/change access seamlessly and securely.  

All accounts and resources are by default set to zero trust. This means that all access grants at any level must be explicitly approved by privileged users in the management chain of command. We perform frequent audits to validate the relationship between user and role, as well as which roles are granted to which users. This keeps us up-to-date and ensures all users are accounted for with appropriate permission levels. We also use a user’s email and G Suite credentials to control access to third-party systems that contain company or client data.

Privileged access rights and responsibilities

Management of Privileged Access Rights

Resource administrators at the UpTeam Accelerator have significant access to systems and resources. As such, they have added responsibilities tied directly to security.

• Ensure any user has received appropriate credentials and security training before gaining access to any system
• Advise and approve security plans, documentation, processes, and risk assessments for resources and team leads, on a need-to-know basis.
• Consult with team leads and resource owners on any changes to DR or contingency planning, such as when client systems are deployed into new geography or availability zones.
• Implement a system for appropriate system auditing, log review, and applicable access procedures and mechanisms
• Document, report, or investigate violations or incidents, whether confirmed or suspected and work with both client and security specialists from discovery to remediation

Confidential Authentication Credential Management

Anonymity is not compatible with rigorous security. Complete, comprehensive access and identity management means that all interactions must be associated with unique user identification information.

As it turns out, a complete understanding of who does what also has meaningful benefits outside of security, by providing transparent observability throughout the development process.

These dual benefits mean that ID and auth for systems and users are deliberately controlled. Usernames and service accounts are unique. Only authorized users receive user IDs for the systems. Written authorization, at a minimum through a Slack chat, is required for access.

Audit and Compliance

Successful ongoing security operations require ongoing review and audit to ensure compliance is maintained and improved as necessary. We perform global reviews and audits of all centralized control policies every six months to ensure they interoperate seamlessly with all other security policies. As a result of these audits, any improvements must be implemented within no more than 30 days.

When we introduce new technologies or services, we evaluate them against our existing policies. To be accepted, they must integrate with auditing, monitoring, reporting, event notification, and management.

The global infrastructure professionals at the UpTeam Accelerator have three discrete areas of responsibility:

• Security operations: regular monitoring of accounts and access control, incident reporting, and remediation of non-compliance
• IT operations: provisions and revokes account access across all UpTeam staff for common services, such as G Suite, JIRA, Slack, GitHub, etc.
• Compliance: works with third-party service providers to create and review audit-ready compliance reports and recommend actions to close compliance gaps.

The Compliance group can also work with specific UpTeam Accelerator clients in support of customer-specific compliance requirements, such as HIPAA, PCI-DSS, and FedRamp.

Data Security

At UpTeam, our security operations principles are derived from international standards for security controls, security management risk assessment, and mitigation. These include International Standardization Organization (ISO) 27005:2011, 27001:2013, and 27002:2013.

In addition, we apply security practices on data storage platforms, addressing data in transit and data at rest, as follows:

• G-suite, our default cloud storage and document management platform, provides 256-bit SSL/TLS encryption in transit and at least AES-128 for data at rest.
• GitHub Is our default for code versioning and Storage. get up hosts have encrypted disks, and transfer data using SSH and HTTPS.
• Amazon Is our preferred data storage service. BLOBs and database backups are stored in S3, transferred via S3 encrypted connection, and encrypted (AES-256) by default.
• Each application has its separate database. In case of a security breach, this contains or at least minimizes any potential exposure. Databases are backed up to S3 with these same protocols.
• Device provisioning & endpoint management is implemented for Apple devices using Apple Business Manager and Microsoft devices using Microsoft InTune.

Encryption Policy

As is the case in all modern cloud services, encryption is the default for any access or service. HTTPS requires TLS (we do not use standalone SSL). All resources must be served via HTTPS, and all requests received via HTTP must be redirected to the HTTPS counterpart, or be denied. Here is a list of the key cryptographic hash functions, systems, and algorithms we use.

Threat Prevention and Mitigation

No security discipline is complete without recognizing the need for continuous vigilance in defending the attack surface. Global service level, incident mitigation, and penetration testing work hand-in-hand to expose vulnerabilities and close them before they can cause harm.

Malware and scams worldwide are continuously growing as a threat in sophistication and pernicious effect. We engage our employees actively on the front lines, to make it as easy as possible for them to avoid and defend against such intrusions. Collaboration is critical. Team members avoid scams and exploit by maintaining open interaction with their colleagues across customers in company-wide Slack channels. Any staffer can raise a question about an inbound inquiry for information, so we can confirm the legitimacy of the message.

Slack also provides a rapid and seamless alert channel about phishing or scams targeting a company or a marketplace. The same is true for devices. We make it easy for any staffer who suspects he or she has come across something questionable to report this to our IT security operations group. They follow well-documented protocols, including disconnecting the system for all resources until it can be cleaned, validated, and restored.

As part of end-user device management, we run malware protection solutions for all users. They are set up to perform regular in-depth inspections, including automated removal of suspect code, and disconnecting suspect devices. Malware detection runs in active protection mode. It concurrently notifies the user and quarantines any threats.

Global Developer Tech support

Making every developer successful starts with ensuring he or she has the knowledge and support to find and fix problems on their own – and making it easy to get expert help when they can’t. Our IT operations and security group provides up-to-date guidelines and policies in our employee handbook, provided to all new staff and regularly updated for veteran employees.

Part of the handbook includes FAQs. We regularly update them with inquiries from both new and experienced employees through the IT Operations Slack channel. Slack also provides consistent opportunities for the improvement of our processes and procedures.

Remote-first software development and delivery extend to active troubleshooting and corrective action. Our IT operations group can provide remote support through Google Meet and Slack Video Conferencing. Slack also supports remote takeover of the end user’s device, so that the IT and security operations expert can intervene directly and speed time to restoration on behalf of our developers.

Our centralized/distributed model is well-suited to teams with a variety of technical missions. It can also ramp quickly to be at least as productive and focused as organically grown teams in your HQ.

An essential feature of the model is a centrally-located office in one of our permanent locations in major European metro areas. It’s where Technical Project Managers (TPMs), Team Leads & DevOps reside. This time zone alignment maximizes the window of collaboration every day.

Each office comes complete with co-working type desks and breakout rooms. This advantages team leadership with permanent workplaces. It also streamlines on-demand face-to-face interaction for team leads, senior developers, and others.

Developers and specialty experts are hired into or assigned to your team from wherever they live. We select for superior talent and availability rather than daily commute distance. Any candidate selected opts into our well-defined team participation guidelines, including clear expectations for both individual deliverables and teamwork:

• Standard working hours are 9am-6pm CET; teams working with West Coast clients shift to 11a-8p.
• Video calls 2x/day for morning stand-up and evening report-out
• Accessible on Slack and for video calls the rest of the time during the working day.
• Regular travel required to the central office location; visits timed to major development milestones (e.g., releases, major scrum ceremonies, team building events).

Clear teamwork guidelines also drive speed. The setup of a complete dev team with as many as 20 Developers in a single month (which we do often)relies on robust processes. This ensures team stability, productivity, and collaborative norms that align with Agile (including timeboxing, communications artifacts, transparency, and the like).

Team operating norms also extend to organizational intangibles, like team structure and professional development. Every team has documented roles, management accountability, and escalation paths. Each member has a documented professional development plan. It includes long-term career plans and near-term skills attainment objectives which he or she developed with their line manager. These are reviewed by both our head of talent and the CTO.

This centralized/distributed model has proven successful across a range of businesses. It fits agile start-up teams, as Sprint scope can change daily; it fits with Enterprise support engagements where we guarantee 24/7 support with 15 min SLAs.

To build value and sustain long-term execution, software development teams need to align with global corporate processes, culture, and structure. There is no need to compromise team effectiveness based on where the individuals in the team live. That means taking the long view in thinking about how your software development team fits with other functions: customer success, product management, finance, HR, strategic planning, corporate governance, and more.

As a dev team accelerator, we work with many Silicon Valley technology start-ups helping them to create a natural extension of their software organization. A critical factor in our success is a well-structured division of labor across distributed locations. In practice, that means engagement of Product and Development Management leaders in North America backed by an extended dev team in Europe, 7–10 hours ahead.

The majority of our clients and partners are devoted practitioners of The Agile Manifesto – from individual and interaction levels to collaboration and effective response to change. As a result of our experience across dozens and dozens of projects and running thousands of sprint cycles, we’ve found the following structure to be the most effective.

Timing is everything. Experience has demonstrated using a clearly-structured cadence, with set rhythms and tools for communication, ensuring all members of the project team can deliver high-quality results on a daily.

Scrum as Applied Agile

Scrum processes enable organizations to adjust smoothly to rapidly-changing requirements and produce a product that meets evolving business goals. An agile Scrum process benefits the organization by helping it to:

• Increase the quality of the deliverables
• Cope better with change (and expect the changes)
• Provide better estimates while spending less time creating them
• Be more in control of the project schedule and state

A critical factor in the success of our work with clients is a well-structured division of labor across geographies. In practice, that means engagement of Product and Development Management leaders in North America backed by an extended dev team in Europe, 7-10 hours ahead.

A Scrum process is distinguished from other agile methods by specific concepts and practices, divided into the three dimensions of Time Boxes, Roles, and Artifacts. Let’s focus on each of these and the part they play. We’ll then show how Scrum Events converge into a sustainable teamwork playbook.

Want to see how it all fits together without understanding the moving parts first? Skip to the last section below.

Time Boxes: Following the Sun

First off, this means working normal hours wherever people are across the planet, for continuous productivity and resilience (and no less critical, avoiding burnout). Thanks to our experience executing dozens and dozens of projects, run through thousands of Sprint cycles, we’ve found the following structure to be most effective:

We use Pacific Time in these examples, but the model works just as well for time zones further east.

Time boxes differ from other dimensions of our Scrum working model in that they are not optional. Despite what Einstein calculated about the rest of the universe, time here on Earth works quite well as a constant. Sticking with a schedule, even working around holidays and other out-of-band events, helps cement team accountability to product deliverables and the customers to whom they are delivered for.

Roles

While it’s essential never to take consensus for granted, teams work better when roles are clearly and universally understood. Our teams are built around a Product Owner, Development Team and Scrum Master

• Product Owner
  The project’s key stakeholder represents users, customers, and others in the process. The product owner is often someone from product management, a key stakeholder, and/or a key user. The Product Owner is responsible for continuously communicating the vision and priorities to the development team. At the same time, Product Owners must be available to answer questions from the team. Depending on the size of the project, they may have varying degrees of the direct customer and stakeholder engagement

• Development Team
  Responsible for self-organizing to complete work. A Scrum development team contains about seven fully dedicated members, ideally in one team room protected from outside distractions. A typical team includes a mix of software engineers, architects, programmers, analysts, QA experts, testers, and UI designers. In each sprint, the team is responsible for determining how it will accomplish the work to be completed. The team has autonomy and responsibility to meet the goals of the sprint.

• The Scrum Master
  Responsible for making sure the team is as productive as possible. The Scrum Master does this by removing impediments to progress, protecting the team from the outside, and so on. The Scrum Master does not manage the team.

Key Sprint Tools and Entities: Practical progress

Culture and communication and collaboration are abstractions made effective by translating them into practice. In the context of Scrum, this works on two levels: first, an agreed-upon set of artifacts for structuring signals among members of the team, and second, capturing shared understanding for a shared commitment to results.

• Jira
  Across almost all our projects, we use Jira for issue tracking, bug tracking, and Agile product management. (We also use Microsoft DevOps, Slack, Zoom, and just about any collab tool you might name.)
• The story
  A user story is an issue type in Jira that acts as the primary method of conveying requirements to the developers/development team. It’s a short, simple description of a feature in the system under development told from the perspective of the person who desires this new capability.
• Product Backlog & Sprint Backlog
  The backlog is like a to-do list for your next-gen Software project. It’s a dedicated space for keeping track of tasks that you want to do in the future (and if you’re sick of keeping all your to-do’s in a column on your board and pretending that it’s more than just a list).
  
  There is a crucial distinction between a product backlog vs. a sprint backlog. The product backlog represents a range of aspirations for what the product will do in the future. The sprint backlog represents a time-bound increment of work to bring your product closer to realizing its aspirations.
  
  By definition, the sprint backlog is much more precise and constrained than a product backlog.  These two backlog types are maintained in parallel, to effect an ongoing translation between the work you need to do next and the work you need to do eventually. Many people confuse the two, leading to poorly-defined product aspirations crammed into a time insufficient to realize them.  By the same token, it’s important that any particular issue that makes it onto the sprint backlog ties to deliverable progress against some part of the product backlog.

• Jira Sprint Board
  For straightforward story & status tracking, we use the Jira Sprint Board

There are many additional artifacts and process progress indicators that work. We’ve tried just about all of them. The truth is they work in varying degrees depending on the company whose product we are building, and the goals for the product roadmap. If there’s something that works for you, we’re all ears.

Convergence: Scrum Events

Across our projects, we put teamwork into play by combining time boxes, roles, and artifacts through scrum events. That means we work iteratively through each of the Grooming Meeting, Sprint, Sprint Planning, Daily Standups, Sprint Review, and Sprint Retrospective.

• Grooming Meeting
  Grooming (or refinement) is a meeting of the Scrum team in which the product backlog items are discussed and the next sprint or sprint cycle is prepared. Product grooming is critical in product management because it means keeping the backlog up to date and getting backlog items ready for upcoming sprints. Backlog grooming is often named pre-planning. The product owner and the team arrange this every week. The grooming involves splitting big items into smaller ones, rewriting backlog items to be more expressive, deleting obsolete or no longer needed items, and so on. Also, during the Grooming Meeting, the team size the story and estimates it as a story point (we use the Fibonacci sequence for that).

• Sprint
  A time-box of one week to one month during which a “Done”, useable, and potentially releasable product Increment is created. Sprints have consistent durations throughout a development effort. We’ve found two weeks works best in most cases.

• Sprint Planning
  A time-box is generally held on the first day of a sprint where the team decides “what” to complete during the sprint from the product backlog and defines a sprint goal.

• Daily Stand-ups
  A 15-minute time-boxed event for the Development Team to synchronize activities and create a plan for the next 24 hours. The Daily stand-up (aka “Daily Scrum”) takes place is held every day of the sprint.

• Sprint Review
  Generally, a one-hour meeting on the last day of a sprint where the team presents the shippable version of a product to stakeholders and discusses, story by story, what was completed during the iteration. All stories are discussed one at a time, paying close attention to the acceptance criteria. In addition, the demo for the new product version is showing.

• Sprint Retrospective
  Our teams hold Sprint Retrospective after each Sprint Review and before the next Sprint Planning. During this critical structured ritual, the team should answer the following questions:
• What went well during the sprint?
• What went wrong?
• What should we do differently during the next sprint?

Bird’s eye view: the Sprint Cadence

Now let’s look at the whole picture together and see the scrum methodology in practice in a complete incremental cycle. Generally, our sprints last ten working days. Here is the summary description of the sprint milestones that we use:

See more about how we execute agile for distributed development here. It’s a key part of the five essential steps that make the UpTeam Dev Accelerator the proven choice for software development momentum to drive business growth.

UpTeam Accelerator converts software development horsepower into business growth. Better leverage between business & engineering creates better momentum. Benefits include better-informed product roadmap planning, faster release of new offerings to your customers, clearer accountability to your investors, and more. Once your first UpTeam workgroup is up and running to reach your first objectives, what’s next?

Trade-offs between features, integrations, or system components can impact short and long-term growth. Work with us to make more informed technology investment decisions. We have extensive experience working with B2B sales companies. Our CTO office and executive team are here for you. Here are four proven approaches to leveraging the power of the UpTeam accelerator to further your growth.

Sign & Integrate New Clients and Partners to your SaaS Platform.

The more your customers come to rely on your B2B SaaS offering and services, the more they will need depth of integration with their other systems. Sometimes, they expect customization and new features that may not match your platform roadmap. These can be cumbersome and a drag on velocity, becoming costly one-offs. It’s the dilemma of diverting scarce resources to make one big customer happy.

Add Client Engineering with UpTeam to your technical resource pool. We help you add new markets and geographies via streamlined onboarding and client systems integration. Keep your core product R&D focused on your committed product roadmap. Client Engineering gives you a dedicated team that learns the technology inside out. It’s a reliable path to reducing technical barriers to growth by:

• Specialized data and API integrations to help your customers make the most of your platform with the systems and data sources they already have
• Aligning technical customer deployment directly with your product and engineering managers,
• Consistent coordination with your product and operations management, prioritizing customer feature requests
• Continuous monitoring of technical service performance and issue remediation through service monitoring and technical helpdesk
• Closed-loop feedback on technical issues to document and release fixes/features faster

Acquire New Clients through Partner AppStores and AppMarketplaces

App stores and marketplaces across the modern B2B service ecosystem create new channels for you to get new subscribers. Platforms like Salesforce AppExchange, QuickBooks AppStore, Azure Marketplace, Apple AppStore, Google Play, GSuite Marketplace, Chrome Store, Slack App Directory, Atlassian Marketplace, and dozens of others.

But each platform has its unique requirements. Each demands specialized knowledge of platform-specific APIs, services, certification, and release processes. That means continuous attention to always be up to date, both with each marketplace and your latest features.

The UpTeam Accelerator offers Technical Marketplace to cut the cost of marketplace leverage. We provide a complete suite of product management and engineering services for every combination you need. We maintain up-to-date knowledge of the broadest range of APIs and platform certifications. We help you and your customers to subscribe and consume your latest and greatest:

• Manage the launch and engineering release of your application on to each new platform, without fragmenting your codebase
• Expert guidance to your product managers as multiple platforms release new capabilities
• Test and certify upgrades to your software packages to get features and fixes out faster
• Ongoing monitoring, support, and new feature integration for your customers across multiple marketplaces

Setting New Enterprise Quality Standards

Market acceptance and customer growth create rising expectations for your product quality. Simple exploratory testing for new releases done by your product manager won’t do it. Last-mile validation by your QA rep to meet release deadlines won’t suffice either.

At UpTeam, the variety of our client portfolio contributes directly to deeper and more complete QA best practices. There’s no need for you to start from scratch to drive more effective QA and test automation. Our approach combines processes and tools with a deep bench of ISTQB-certified professionals.

Software quality also pays off indirectly. You gain increased satisfaction with all your software efforts, both for your employees and your customers.

Key features of our integrated approach include:

• Complete test requirements analysis: scenario development, detailed plan creation, and competitor analysis to benchmark user experience
• End-to-end QA framework with API-driven automated tests for major use-cases
• “Shift left” test tactics to drive test automation and release readiness upstream into the software development process
• Issue management via close collaboration with technical support to capture, replicate, document, and eliminate customer-identified bugs
• A scalable blend of manual and automated testing, including smoke tests, user acceptance tests, load and stress tests, security/compliance assessment, and penetration testing

DevOps to Eliminate Cloud Engineering Barriers to Growth

Modern cloud platforms such as AWS, Azure, and GCP unleash formidable coding creativity. At the same time, the rush to minimum viable product release can reach a tipping point that can reverse those games. You may find it challenging to transform that creativity into reliability and ROI. It requires a disciplined approach to fit the business-critical expectations of enterprise customers.

At the UpTeam Accelerator, you can benefit from a full portfolio of cloud engineering practices. Our proven expertise with full-stack SaaS applications helps you sustain product development momentum. It adds process transparency to the non-technical side of your organization (e.g., sales, marketing, finance, customer success, and more). UpTeam ensures you can lock in your engineering gains for competitive advantage, as you scale up and scale out.

• DevOps tooling and processes for continuous release management to simplify planning, transparency, and collaboration across engineering
• 24 × 7 monitoring for responsive, nimble, business-focused incident monitoring, management, and Remediation
• Cost optimization to ensure  transparency in cloud resource utilization, financial observability, and thorough operational analytics
• Continuous compliance and audit readiness supporting PCI, HIPAA, FISMA, and 50+ other major compliance frameworks, from assessment to Remediation to automated reports.
• End-to-end CI/CD tool suites provide an integrated solution for development, deployment, release management, and production operations.