Scope and Purpose
This Co-Development Governance Framework ("Framework") is established to guide the collaborative development efforts of Unique (herein referred to as “Unique” or "Company") and its client (herein referred to as "Client" or "Customer") in the joint development of the software identified as Unique FinanceGPT ("Software"). The purpose of this Framework is to ensure that the Software's integrity, quality, security, and functionality are maintained throughout the development process, especially when both parties are contributing code and features.
The goal of this framework is to allow Contributors from Clients (or External companies that were hired by our Clients), to add to the core code of Unique in their repositories. This enables Clients to introduce features and improvements that are critical for the business of the Client without being dependent on Unique’s resources.
The guidelines in this document aim to facilitate contributions while ensuring the code's security, quality, and scalability, and safeguarding the interests of Unique's clientele.
This Document only discusses contribution to the code in repositories of Unique. Any other software interacting with the API or similar to Unique is exempt from the restrictions posed in this document.
Definitions
Client: Client refers to the Financial Institution (e.g. insurance, bank, private equity) who Unique has a master service agreement or Proof of Concept contract in place. The contract outlines the terms, conditions, and obligations governing the collaboration between Unique and the Client, ensuring a clear and legally binding framework for their business relationship.
External Contributors. External Contributors or Collaborators refer to employees of Clients as well as developers/consultants employed by third parties (e.g. consulting firms) that work on specific tasks and want to contribute outside of the initial SoW between Unique and the Client. The Collaborators that are not employees of the Client can either be contracted by the Client or by Unique.
IP Rights: In this agreement, 'Intellectual Property' refers to all software code, algorithms, and data sets, as well as any documentation and its associated materials encompassing the Unique solutions.
Merged code: Integration of code into the code base.
Onboarding of Collaborators
Approval of Collaborators
Collaborators to Unique must have an adequate education and qualification in software development to be able to contribute to Unique FinanceGPT.
Prior to the commencement of Onboarding, Unique and the Client shall jointly conduct a review of the External Contributor's qualifications and must provide mutual consent for approval. Each party retains the right to either endorse or reject the proposed Collaborators based on this assessment, ensuring that the individual's qualifications meet the qualification requirements and both parties' standards.
Limitation of Onboarding of External Contributors
Under the terms of Unique’s co-development agreement, Unique shall provide onboarding and guidance for a maximum of two (2) External Contributors per Client per year. Should the Client require the onboarding and guidance of additional External Contributors beyond this specified number, such arrangements may be accommodated subject to mutual agreement between the parties. Additional charges may be applicable for onboarding and guidance of any External Contributors in excess of the agreed-upon number.
Process and Governance
The process and required documents/equipment for the on-and off-boarding of External Contributors are documented and agreed on in a separate document which defines the On and Off-Boarding steps.
Roles and Responsibilities
Roles and Responsibilities need to be strictly distributed to ensure smooth coordination and timely resolution of issues. This is outlined in a dedicated list containing the roles and responsibilities of each individual involved. The list will be distributed to the external during onboarding.
Confidentiality and Non-Disclosure
To safeguard proprietary information exchanged during the co-development, the parties agree to maintain strict confidentiality, refraining from disclosing or using such information for any purpose other than the agreed-upon project. This obligation extends beyond the termination of the co-development agreement, ensuring a lasting commitment to protecting sensitive data.
All External Contributors must sign an NDA before onboarding.
Compliance with Laws and Regulations
The External Contributor commits to compliance with all applicable laws and regulations throughout the co-development process, including but not limited to data protection laws, banking secrecy, and industry-specific mandates. This mutual agreement ensures that the collaborative efforts adhere to legal standards, promoting a secure and lawful development environment. The External Contributor ensures adherence to the terms, conditions, and obligations outlined in the Master Service Agreement or POC contract between Unique and the Client, ensuring a clear and legally binding framework for their business relationship.
External Contributors may work outside of Switzerland unless they get access to production data or the client strictly forbids it. If an External Contributor, who is based in Switzerland wants to work outside of Switzerland for a definite or indefinite time, approval needs to be given by Unique and the Client. The external has to submit such an inquiry at least 2 weeks in advance.
Performance Review of External Contributor
In the event that Unique determines the capabilities of an engaged External Contributor are inadequate for a substantive contribution—such that the time spent on assistance or review by Unique personnel exceeds the time it would take for said personnel to author the code directly—Unique reserves the right to either request a substitute contributor or to levy charges for the supplementary services necessitated by this deficiency in expertise. Such charges will be invoiced on an hourly basis to maintain product integrity and operational efficiency.
Contribution process
Guidelines for new features
All new features, enhancements, or significant changes must be formally proposed using the specified tools. Each proposal will be reviewed and must be mutually agreed upon by designated representatives of both Unique and the Client.
External Contributors must adhere to the following guidelines:
Guidelines for new features
Each feature should be capable of being activated or deactivated for any customer, primarily through the use of configs or feature flags to manage the introduction of new features. This allows for incremental development and testing without affecting other customers or the production environment.
If new features have a front-end impact, Unique Design should provide the UX/UI direction.
No new feature should be added to the Unique code base if the same outcome can be achieved externally, while still adhering to the intended purpose of the software.
Should the development of a new feature be achievable by utilizing existing APIs, such functionality must be developed through the use of these APIs and shall not be developed within the repositories of Unique. Examples of using the APIs:
new module
specific ingestion pipeline
new chunking method
Feature Approval Process
Unique will act as the gatekeeper to ensure that the integrity of the Software is preserved. Unique reserves the right to refuse the development of new features, enhancements, or significant changes in cases where it deems such refusal to be justified, including but not limited to instances where the requested features could result in a violation of legal or regulatory standards, does not follow the guidelines or if changes negatively impact the functionality, performance, or security of the Software as experienced by other customers.
Prior to the incorporation of new features into the code base, such features must be deliberated with designated Unique personnel, typically including an architect and/or a product owner. The Contributor shall provide a solution design according to Solution Design for Code Implementation before asking for approval.
Progress Tracking and Communication
The feature must be tracked using one or more GitHub Issues. Each Issue should be clearly assigned to a team member, with labels and milestones used to indicate the current status and expected timeline. Additionally, these Issues should be organised within a GitHub Project Board to provide a visual overview of who is working on what and at what time.
It is expected that the Contributors reach out on a regular basis to discuss their progress of the development. Both parties agree on milestones, timelines, and terms for the contribution of the new feature.
Code Review and Merge Policy
All proposed code changes, including patches, enhancements, and fixes submitted by the Client, must be reviewed and approved by Unique before being merged into the main codebase. Unique will act as the gatekeeper to ensure that the multi-tenant integrity of the Software is preserved and will assign a designated team or team member(s) to conduct the reviews.
The code review process is outlined in the GitHub Code Contribution Guide
Quality Assurance
Maintenance of Quality
Unique is the ultimate gatekeeper of code quality. All contributions must meet or exceed established quality metrics, which will be clearly communicated and updated by Unique as necessary.
Test Coverage
The Client is required to maintain or increase the test coverage with each contribution. All new features and code changes must be accompanied by automated tests where applicable (unit, integration, and end-to-end as appropriate) that validate the changes and ensure that existing functionality is not broken.
Bugs
If any bugs or regressions are found on any of the implemented features, the External Contributor ensures that such bugs are resolved with the highest priority to not compromise the quality of the product. Complimentary regression tests are added to ensure that it never happens again
Security Compliance
Unique must ensure compliance with the specified level of information security and services as per our agreements, in accordance with our ISMS (Information Security Management System) guidelines for supplier relationships.
Security Protocols
Security is paramount. All code changes must adhere to the highest security standards as defined by the Company. This includes but is not limited to, adherence to secure coding practices, regular security audits, and the integration of security measures into the Software's design.
Security Review
The Company will conduct security reviews of all PRs to ensure that no vulnerabilities are introduced. The Client must remediate any identified security issues prior to the merge of their contributions.
Unauthorized Activities
The External Contributor is not allowed to perform any form of load, security, penetration or performance test unannounced or without permission on any of our clusters and guarantees not to introduce any ‘disabling codes’, ‘worms’, ‘viruses’ or similar into the results.
The Employee agrees not to involve any external third party in the performance of his contractual duties without the prior permission of the Employer, and to use no external services which could involve the protective rights of a third party.
IP rights (Intellectual Property Rights)
Upon integration of code into the code base, all intellectual property rights associated with the merged code shall be exclusively assigned to Unique. Unique shall retain the right to utilize, license, or otherwise permit the use of the merged code by any of its clients at its discretion. All rights of the merged code and derivatives are retained by Unique.
In case of any conflict between the terms of this Agreement and the Master Service Agreement and its Annexes or those of the customer and the terms of one or several stipulation(s) between a Customer and Unique or with an employee of Unique, the terms of the Master Service Agreement and its Annexes shall exclusively prevail, in particular with regards to, but not limited to intellectual property rights.
External contributors shall indemnify, defend and hold harmless Unique, its officers, directors, employees, agents and affiliates from and against any and all losses, liabilities, claims, obligations, costs and expenses (including reasonable attorneys´ fees) arising out of or relating to any third-party claims with respect to the use by Unique, its officers, directors, employees, agents and affiliates of the Services and the Software procured by the Collaborators under this Agreement or any orders relating to this Agreement or furnished by any of Provider´s agents or subcontractors, that such use infringes any patent, trademark or other intellectual property rights. External contributor undertakes to include similar clauses in its contracts with its agents and subcontractors.
Unique shall promptly notify the External Contributor in writing of such claims for infringement and shall render the External contributor reasonable assistance as may be required for the defense against such claims.
Usage of Hardware and Software
Hardware
Unique will provide an Apple MacBook if agreed upon. The device will be set up according to our Device Management Policy and enrolled in MS Intune to ensure that the device stays compliant throughout the length of the agreement.
External collaborators are permitted to use their own devices (BYOD) for collaboration purposes, provided that these devices are either Mac or Unix-based. Additionally, it is mandatory that these external devices are managed by the client company, which is responsible for ensuring that each device complies with our minimum security requirements. These requirements will be explicitly outlined within the contractual agreement.
E-Mail Account
Depending on the collaborator an E-Mail may or may not be provided. In the case that Unique provides the E-Mail Account, the address will have a different address pattern than employees of Unique for a clear distinction.
Costs
Hardware and License
The costs for hardware and licenses and external licenses will be covered by the Client. These costs can include:
Macbook Pro
MS Azure account
Confluence/Jira Account
Slack Account
etc.
Effort provision
Unique allocates a consultation budget, which covers onboarding, synchronisation meetings, and reviews, amounting to 5 days annually for each Collaborator.
Should the consultation budget be surpassed, Unique retains the discretion to determine whether advisory services for each additional feature will be provided as part of the existing agreement or if they will be billed based on the amount of work required. In instances where charges are applied, the daily fees previously agreed with the Client will be enforced.
Amendments to the Framework
This Framework may be amended from time to time by mutual agreement of the Unique and the Client. All amendments must be documented and communicated to relevant stakeholders.
Terms and Termination
For each project, the the duration of the co-development agreement and conditions under which either party can terminate the agreement, including any notice periods have to be agreed upon. We reserve the right to terminate the agreement upon determining that the services of the External Contributors are no longer required.
Acceptance
By participating in the co-development of the Software, the Collaborator agrees to adhere to the terms and conditions outlined in this Framework.
This framework constitutes an amendment to the existing POC contract/ master service agreement established with the client, and all mutually accepted provisions, particularly those pertaining to Service Level Agreements (SLA), warranty, liability and indemnification, shall persist unaltered.
Owner | |
---|---|
Version | V 1.2 |