How to Vet a Development Agency (10-Point Checklist)

1. Verify Technical Expertise Beyond Marketing Claims

Every agency claims to be experts in whatever technology you need. The question is whether that expertise exists in their actual team or only in their marketing copy. Start by looking at public evidence of technical depth.

What to examine

• -GitHub activity. Do they have public repositories? Are their engineers contributing to open source? Active commit histories show real development work, not just project management.
• -Technical blog posts. Agencies that write about solving real engineering problems demonstrate a depth of understanding that marketing pages cannot fake. Look for posts that discuss trade-offs, not just tutorials.
• -Certifications and partnerships. AWS, Google Cloud, or Microsoft partner status requires verified project experience. Stack-specific certifications (e.g., Kubernetes, Terraform) show investment in skill development.

How to test

During initial calls, ask technical questions about your specific stack. If you need a React Native mobile app, ask about their experience with native module bridging, over-the-air update strategies, or performance profiling. If answers are vague or they redirect to a "technical team member who isn't on this call," that is a signal. Request to speak directly with the engineers who would work on your project.

Red flag: The agency cannot name specific engineers for your project, their GitHub is empty or only contains forked repos with no contributions, and technical questions are answered exclusively by sales staff.

Green flag: They proactively share engineer profiles, have a technical blog with in-depth content, and their team can discuss architectural trade-offs relevant to your project without preparation.

2. Demand Case Studies with Measurable Outcomes

Testimonials are easy to curate. Case studies with specific numbers are harder to fabricate. You want evidence that the agency delivered results, not just completed tasks.

What to examine

• -Business metrics. Did the project increase revenue, reduce operational costs, or improve user engagement? A case study that says "we built a mobile app" is worthless compared to "we built a mobile app that increased customer retention by 34% in six months."
• -Technical complexity. Look for projects that match your level of complexity. If you need a real-time data pipeline, a portfolio of WordPress sites is not relevant.
• -Client references. Ask to speak with past clients directly. A five-minute conversation with someone who managed the relationship will tell you more than any written case study.

How to verify

Cross-reference case study claims with LinkedIn profiles, press releases, and app store listings. If they claim to have built a product, you should be able to find it. If they claim a Fortune 500 client, the engagement should be verifiable through public records or a direct reference call.

Red flag: All case studies are anonymous, they refuse to provide client references, or the only measurable outcome mentioned is "delivered on time."

Green flag: Named clients with specific metrics, willingness to arrange reference calls, and case studies that honestly describe challenges encountered and how they were resolved.

3. Evaluate Communication and Process Transparency

Poor communication kills more projects than poor code. The way an agency communicates during the sales process is the best version of their communication you will ever see. If it is already difficult, expect it to get worse under project pressure.

What to assess

• -Response times. How quickly do they reply to emails? Do they follow up when they say they will? Consistent responsiveness during sales signals operational discipline.
• -Project management methodology. Ask them to walk you through their development process from kickoff to delivery. You want to hear specifics: sprint cadence, demo schedules, how they handle scope changes, and what tools they use for tracking.
• -Timezone overlap. If you are in New York and the team is in a timezone twelve hours away, you need a clear plan for synchronous overlap. At least four hours of shared working time is the minimum for effective collaboration.

How to test

Send a detailed technical question by email and measure the response time and quality. Ask for a sample project plan or sprint breakdown for a hypothetical project similar to yours. Observe whether they ask clarifying questions or just agree with everything you say.

Red flag: Slow or inconsistent responses during the sales process, no clear project management methodology, or they agree to every requirement without pushback or clarifying questions.

Green flag: Fast, thoughtful responses with clear next steps. They challenge your assumptions constructively and explain their process with specific tools, cadences, and escalation paths.

4. Scrutinize Team Structure and Continuity

One of the most common agency problems is the bait-and-switch: senior engineers present during the sales process, junior developers assigned after the contract is signed. Understanding how the agency structures teams and handles turnover is critical.

What to investigate

• -Team composition. Who exactly will work on your project? Ask for names, roles, and LinkedIn profiles. Understand the ratio of senior to junior developers.
• -Employee vs. contractor mix. Agencies that rely heavily on freelance contractors may have difficulty maintaining consistency. Ask what percentage of their team is full-time employees.
• -Turnover policy. What happens if a key developer leaves mid-project? Is there a knowledge transfer process? Will you be notified immediately or discover it weeks later?

How to verify

Request a contractual clause guaranteeing team composition. Ask to interview the developers who will be assigned to your project before signing. Check the agency's Glassdoor and LinkedIn for employee tenure patterns. High turnover at the agency means high turnover on your project.

Red flag: They refuse to name specific team members, the sales team cannot confirm who will do the work, or LinkedIn shows a pattern of developers staying less than a year.

Green flag: Named team members with verifiable backgrounds, contractual team composition guarantees, a clear knowledge transfer process, and low employee turnover visible on LinkedIn.

5. Assess Financial Stability and Business Maturity

An agency that is struggling financially will cut corners on your project. They will overcommit to win deals, stretch their team too thin, and prioritize new sales over existing client delivery. Understanding their financial health protects your investment.

What to research

• -Years in business. Agencies that have survived more than five years have typically weathered at least one economic downturn and learned to manage cash flow. Newer agencies are not automatically risky, but they require more scrutiny.
• -Client concentration. If 80% of their revenue comes from one client, losing that client could destabilize the entire business and your project along with it.
• -Team size relative to active projects. An agency with 15 developers and 20 active projects is spreading too thin. Ask how many projects they currently have in progress and how they allocate resources.

How to verify

Check public business registries, Crunchbase profiles, and any available financial filings. Ask directly about their current project load and team capacity. Agencies that are transparent about their capacity constraints are more likely to deliver realistically.

Red flag: They cannot answer basic questions about team size or project load, they pressure you to sign quickly with aggressive discounts, or you find negative reviews about missed deadlines and communication lapses.

Green flag: They openly discuss capacity, have a diversified client base, and are willing to delay your start date if their current workload is too high rather than overpromise.

6. Demand Pricing Transparency and Clear SOW

Ambiguous pricing is the number one source of agency-client disputes. Before signing anything, you need absolute clarity on what you are paying for, how costs are calculated, and what happens when scope changes. If you are weighing different pricing models like fixed-price versus hourly, understand the trade-offs of each before you negotiate.

What to require

• -Detailed Statement of Work. The SOW should list every deliverable, acceptance criteria, timeline, and cost. Vague language like "development services as needed" is not a SOW, it is a blank check.
• -Change order process. How are scope changes handled? What is the approval process? What happens to the timeline and budget when requirements change?

What to negotiate

• -Payment milestones. Tie payments to deliverables, not dates. Paying 50% upfront with 50% on completion gives you zero leverage if things go wrong. Monthly payments tied to accepted deliverables keep incentives aligned.
• -IP ownership clause. Confirm in writing that you own all code, designs, and assets produced for your project. This sounds obvious but many agency contracts retain IP rights by default.

How to verify

Have a lawyer review the contract, especially IP clauses and termination terms. Compare the line-item estimate against market rates for the specific roles and technologies involved. If their rate for a senior React developer is half the market rate, the person doing the work is probably not senior.

Red flag: They resist providing a detailed SOW, pricing is presented as a single lump sum with no breakdown, or the contract includes clauses that retain IP ownership or lock you into long-term commitments with no exit terms.

Green flag: A detailed SOW with clear deliverables, transparent hourly or milestone-based pricing, clean IP assignment, and a fair termination clause that protects both parties.

7. Test Their Discovery and Planning Rigor

The discovery phase is where good agencies separate themselves from order-takers. An agency that jumps straight to coding without understanding your business context, user needs, and technical constraints is setting the project up for failure. This is particularly relevant if you are building an MVP, where poor planning is one of the primary reasons MVPs fail.

What to expect

• -Stakeholder interviews. They should want to talk to the people who will use and manage the product, not just the person signing the contract.
• -Requirements documentation. Expect a written summary of requirements, user stories, or a product requirements document before development begins. This document becomes the shared source of truth.
• -Technical architecture proposal. For any non-trivial project, the agency should propose a technical architecture with justification for key technology choices and identification of technical risks.

How to evaluate

Ask them to describe their typical discovery process for a project similar to yours. How long does it take? What artifacts do they produce? Who is involved? An agency that skips discovery or treats it as a formality will cost you more in rework than the discovery phase would have cost.

Red flag: They provide a fixed quote after a single 30-minute call without asking detailed questions, there is no discovery phase in their proposal, or they guarantee timelines before understanding the full scope.

Green flag: They propose a paid discovery phase, ask probing questions about your business model and users, and produce a requirements document or technical specification before committing to a fixed timeline.

8. Check Security and Compliance Credentials

If your application handles user data, payment information, or operates in a regulated industry, security is not a feature request. It is a baseline requirement. The agency needs to demonstrate that security is built into their development process, not bolted on at the end.

What to verify

• -Security practices. Ask about their approach to OWASP Top 10 vulnerabilities, secure coding standards, dependency scanning, and secrets management. They should have concrete answers, not generic reassurances.
• -Compliance experience. If you need HIPAA, SOC 2, PCI-DSS, or GDPR compliance, ask for specific examples of projects where they implemented these requirements. Compliance is detail-oriented work and experience matters enormously.
• -Code review and testing practices. Do they run static analysis? Do they have a CI/CD pipeline with automated security checks? Are code reviews mandatory before merging?

How to test

Ask them to walk through how they would handle authentication and authorization for your application. Ask about their approach to data encryption at rest and in transit. If they stumble on basic security questions, they will stumble on implementing them.

Red flag: They cannot articulate specific security practices, have no experience with your required compliance framework, or treat security as a separate phase rather than an integrated part of development.

Green flag: They have documented security practices, can reference specific compliance implementations, run automated security scanning in their CI/CD pipeline, and include security considerations in their technical proposals.

9. Evaluate Post-Launch Support and Maintenance

Launching the product is not the finish line. Software needs ongoing maintenance, bug fixes, security patches, performance monitoring, and feature iterations. An agency that treats launch as the end of the engagement is leaving you vulnerable.

What to clarify

• -Warranty period. What is covered after launch? Most reputable agencies include a 30 to 90 day bug-fix warranty. Understand what qualifies as a bug versus a new feature request.
• -SLA terms. If you need guaranteed response times for critical issues, those terms should be in writing. A promise to "respond quickly" is not an SLA.
• -Knowledge transfer. At the end of the engagement, can your internal team take over? The agency should provide documentation, architecture diagrams, deployment guides, and a handoff session.

What to negotiate

Negotiate a maintenance retainer with clear terms before the project begins. It is much easier to negotiate support terms when the agency wants your development contract than after they have already been paid. Define escalation paths, response time commitments, and what happens if you decide to bring maintenance in-house.

How to verify

Ask their existing clients about post-launch support quality. The sales process will always promise great support. Only current clients can tell you whether the agency actually delivers on those promises after the check has cleared.

Red flag: No warranty period, no maintenance offering, vague support terms, or they discourage you from involving your internal team during development.

Green flag: Written warranty terms, a structured maintenance retainer option, documented SLAs, and a proactive knowledge transfer plan that enables your eventual independence from the agency.

10. Trust Your Gut (But Verify Your Instincts)

After nine checkpoints of structured evaluation, the tenth is about the intangibles. You will be working closely with this team for months. The quality of that working relationship matters beyond what any checklist can measure.

What to sense

• -Honesty over salesmanship. Does the agency tell you what you want to hear, or do they push back when your expectations are unrealistic? An agency that says "yes" to everything is either desperate for the deal or not experienced enough to know better. The best partners will tell you when your timeline is too aggressive, your budget is too small, or your technical approach has risks.
• -Cultural alignment. Do they communicate in a style that works for your team? Some agencies are very formal with detailed status reports. Others are casual with Slack-first communication. Neither is wrong, but a mismatch creates friction.
• -Genuine curiosity about your business. The best agencies ask questions about your market, your users, and your competitive landscape because they know that context makes them better builders. If they only talk about technology, they are builders for hire, not partners.

How to test

Pay attention to the small things. Do they remember details from previous conversations? Do they do homework on your company before calls? Do they introduce you to the actual people who will do the work, or do you only ever talk to account managers? Run a small paid pilot project before committing to the full engagement. Two weeks of real collaboration reveals more than months of evaluation calls.

Red flag: You feel pressured, your questions are deflected, conversations are dominated by the sales team, or your instinct says something is off despite everything looking good on paper.

Green flag: Conversations feel collaborative, they challenge your ideas respectfully, the people you talk to are the people who will do the work, and you leave every interaction feeling more confident in their capability.

Your Agency Vetting Scorecard

Use this scorecard to evaluate each agency consistently. Rate each checkpoint from 1 (poor) to 5 (excellent) and compare total scores across your shortlist.

• -Technical Expertise (1-5): Can they demonstrate real depth in your required stack?
• -Case Studies and References (1-5): Do they have verifiable outcomes from similar projects?
• -Communication and Process (1-5): Are they responsive, structured, and transparent?
• -Team Structure (1-5): Do you know who will work on your project and are they committed?
• -Financial Stability (1-5): Is the agency mature and sustainable?
• -Pricing Transparency (1-5): Is the SOW detailed with clear terms and IP ownership?
• -Discovery Rigor (1-5): Do they invest in understanding before building?
• -Security and Compliance (1-5): Can they handle your data and regulatory requirements?
• -Post-Launch Support (1-5): Do they have a clear plan for after launch?
• -Gut Feel and Culture Fit (1-5): Does working with them feel right?

Scoring guide: 40-50 points is a strong candidate. 30-39 points means proceed with caution and address weak areas before signing. Below 30 points is a pass unless there are extraordinary circumstances that justify the risk.

No agency will score perfectly on every point. The goal is not perfection but awareness. A low score on one checkpoint is manageable if you understand the risk and have a mitigation plan. A pattern of low scores across multiple checkpoints is a clear signal to walk away.

The Bottom Line

Vetting a development agency is an investment of time that pays for itself many times over. The companies that skip due diligence and choose based on the lowest bid or the flashiest pitch are the same companies that end up rebuilding their product twelve months later with a different agency.

Use this checklist systematically. Score every agency on your shortlist against the same criteria. Have the hard conversations about pricing, team composition, and security before you sign, not after. And when something feels off during the evaluation process, trust that feeling. It rarely gets better after the contract is signed.

The right development agency is not the cheapest, the fastest, or the one with the most impressive client logos. It is the one that demonstrates technical competence, communicates transparently, plans rigorously, and treats your project as a partnership rather than a transaction. This checklist helps you find that agency with evidence instead of hope.