We often start building a company and the technology that a company delivers and it just kind of evolves over time. There's a general idea of where it's going, but we build features, options, integrations, and focus on aspects that allow us to acquire new customers. And that's important. But we should ask ourselves a number of questions routinely.
I've long felt a good annual planning meeting (even in a company of two) helps us make sure that we aren't just building out tons and tons of new features without spending some of our time working on the foundations of our products. If we do that, we will eventually slow down the development of new features. Aging technology, or technical debt, can also become a liability as security problems crop up in libraries or services that don't get patched.
The technology covered in that annual review often comes in a variety of themes for web applications. Namely around getting smaller and smaller services that can be more easily and economically hosted, that can then be more easily developed as the application grows, additional logic is added, etc. The questions posed in this article are meant to provide a good starting point for that annual review for earlier stage startups - and maybe even for some larger organizations as well.
What is the back-end developed on?
Is the database schema version controlled?
Do we use an API gateway?
Is there a REST API on the data?
Is the API versioned?
Is there a graph API representation on the data (or one planned)?
Is there an API style guide?
Are grammatical rules for the API consistently applied?
Do we employ any kind of “contract testing” on API endpoints?
Is the front-end developed based on the API?
What third parties have access to that data?
Code Maturity Level
What languages are in use and where?
Do have any classes with more than 1,000 lines of code?
Is an ORM (Object Relational Mapping) being used?
Are we planning for Microservices to be leveraged in the environment?
What kind of dependency management tool is being used?
Where are user identities stored? Is that accessible via an IDP (a la OAuth, SAML, etc)?
Do we have any automated testing? Manual testing? And what is the testing environment like?
What is the process for onboarding new customers into the environment post-sales?
What technical debt do we see needing to be addressed in our software over the next few months?
Data Center Operations
Do we have an on-premises offering, cloud offering, or both?
Where is our data stored?
What services are being used?
What is the containerisation strategy?
What is our process like for continuous integration/continuous delivery?
Hosting costs: What is our average spend on compute time? What is the average spend on storage or other hosted micro services?
Is there anything in use that is outside of our control?
How many requests per second are processed?
Compliance and Security
Can developers access the database?
Can a single developer post a product change directly or is a review process required?
What version control tools does our software employ?
Is there a comprehensive list of all third-party projects being used in projects, and the license used for them?
Do we produce any open source tools?
Do any third parties integrate into our solution?
Have we run the code through any security analyzers or manual penetration testing? Do we do so automatically upon commits?
Do we perform any automated or manual penetration testing on servers?
What's the process for planning new features?
How do we test new features?
Do we provide support for multiple languages? If so, which languages?
Are leads from the pre-sales efforts connected to accounts in the product database?
What type of drip campaign do we employ for leads?
What type of tracking and logging products are we using (e.g. pendo, etc)?
Are we properly notifying users of these?
What is our roadmap like for the next year?
Of the items on the roadmap, which are commitments that have been made to customers?
What type of quantifiable results are expected from each item on the roadmap?
Take any example of recent software changes. What are the qualifiable and quantifiable expectations for that change?
What are our release management processes like?
Do we do standups? Agile? Scrum? Kanban?
Are there any areas of the code that only one person knows?
In no way are these meant to be universally applied. Every organization has a different stack and so different words that matter. Nor should the conversation end with a simple answer. As the organization grows, new engineering hires will want to be included and the scope of an annual meeting of the minds will naturally increase. The fall or early winter is one of the best times to have such a meeting, so we hope this helps you to get started deliberately planning for next year!