I am struggling with the definition of outsourced development at the moment and seek advice.
My CTO’s view is that we do not have any outsourced development which , if true, would mean that we should be able to exclude A.14.2.7. But I am not really sure what I think. We have a small team of developers in another country (Poland) hired by a consultancy firm. We have a dedicated Team leader (hired by us) leading that team (operationally) and the developers in the team are otherwise handled as any other developer in our organisation. Most of them being consultants, the only thing that differ is that the team in Poland is hired by a third party. They follow the same processes, use the same information (located in the management system) and are monitored in the same way as all other developers in our organisation. They are a part of our internal communication with department meetings, company meetings, using our organisations MS Teams etc). They have the same access (depending on their role and their need) and are added in our people register as any other consultant. This is the reason to why we are saying at the moment that we don’t have Outsourced development. But is this enough? Or are we, just because we are using a third-party firm to supply these developers by fact having an outsourced development?
Really appreciate if you take time to read my question and any help to become a bit wiser in this =)