STD-GOV-128: Build vs Buy Decision Framework¶
| Field | Value |
|---|---|
| Standard | STD-GOV-128 |
| Title | Build vs Buy Decision Framework |
| Status | Draft |
| Owner | CDO |
| Created | 2026-04-03 |
| Review | Annually |
Purpose¶
Provide a structured decision framework for determining whether Simpaisa should build a capability in-house, buy a commercial product or adopt a SaaS solution. Incorrect build-vs-buy decisions are among the most expensive mistakes a technology organisation can make — building commodity capabilities wastes engineering time, while buying strategic differentiators surrenders competitive advantage.
Scope¶
All new technology capabilities and significant capability extensions. Applies when: a new product feature is proposed, an existing vendor is being reconsidered, a team proposes building what a vendor already provides, or a commercial product is being considered for replacement of in-house code.
Decision Matrix¶
The primary decision driver is whether the capability is a strategic differentiator or a commodity:
| Capability Type | Default Decision | Rationale |
|---|---|---|
| Strategic differentiator | Build | Core IP, competitive advantage, must control roadmap |
| Commodity capability | Buy / SaaS | Faster to deploy, vendor maintains, not a differentiator |
| Regulatory requirement | Build (if vendor cannot comply) | Must guarantee compliance, data residency, audit trail |
Strategic Differentiators (Build)¶
Capabilities that directly contribute to Simpaisa's competitive advantage:
- Payment routing and orchestration algorithms
- Fraud scoring and risk models
- Channel adapter framework (PSP/bank integrations)
- Transaction lifecycle management
- Multi-market compliance engine
- Merchant onboarding workflow
Commodity Capabilities (Buy / SaaS)¶
Capabilities where Simpaisa gains no competitive advantage from building:
- Email delivery (transactional and marketing)
- Error tracking and APM
- CI/CD pipeline infrastructure
- Office productivity tools
- Design and prototyping tools
- Status page hosting
Regulatory Grey Zone¶
When a vendor claims compliance but Simpaisa cannot independently verify:
- Request vendor's compliance certifications and audit reports.
- Map vendor capabilities against specific regulatory requirements (per market).
- If gaps exist that the vendor cannot contractually commit to closing, build in-house.
- Document the decision and regulatory rationale in an ADR.
Total Cost of Ownership Analysis¶
Every build-vs-buy decision requires a 3-year TCO analysis covering:
Build Costs¶
| Cost Category | Calculation Basis |
|---|---|
| Development | Engineer-months × fully loaded cost |
| Testing & QA | 30% of development cost (standard multiplier) |
| Infrastructure | Compute, storage, networking for 3 years |
| Maintenance | 20% of development cost per year ongoing |
| Training | Team onboarding and knowledge transfer |
| Opportunity cost | What the team would otherwise build |
Buy Costs¶
| Cost Category | Calculation Basis |
|---|---|
| Licence / subscription | Annual cost × 3 years, including projected growth |
| Integration | Engineer-months to integrate with Simpaisa's stack |
| Customisation | Any bespoke configuration or development |
| Training | Team onboarding to the vendor product |
| Migration (exit) | Estimated cost to migrate away if vendor fails |
| Vendor management | Ongoing relationship, contract, security reviews |
Exit Cost Analysis¶
Mandatory for all Buy decisions:
- Data portability — Can Simpaisa extract all data in a usable format?
- Contract lock-in — What is the minimum commitment and termination notice?
- Alternative vendors — Are there viable alternatives if this vendor fails?
- Migration effort — Estimated engineer-months to switch to an alternative.
- Business continuity — What happens to Simpaisa's operations during migration?
Decision Process¶
- Proposal — Team submits build-vs-buy analysis via Beads issue with tag
build-buy. - TCO analysis — Complete 3-year TCO for both options using the template above.
- Exit cost analysis — Document exit costs for Buy option.
- Scoring — Apply decision matrix criteria. Score each option.
- Review — Present at ARB meeting for capabilities with annual cost > $10,000 or strategic impact.
- Decision — ARB approves. Decision recorded as ADR.
- Revisit — All Buy decisions revisited at 12-month mark and contract renewal.
Decision Documentation¶
Every build-vs-buy decision must be recorded as an ADR containing:
- Problem statement and capability description
- Decision matrix classification (strategic / commodity / regulatory)
- 3-year TCO comparison
- Exit cost analysis (for Buy)
- Risk assessment
- Final decision with rationale
- Review date (12 months from decision)
Historical Decisions (Examples)¶
| Capability | Decision | Rationale | ADR |
|---|---|---|---|
| Payment routing | Build | Core differentiator, proprietary algorithms | — |
| API gateway | Buy | KrakenD — commodity, well-maintained OSS | ADR-API-001 |
| Fraud scoring | Build | Proprietary models, market-specific rules | — |
| CI/CD | Buy | Bitbucket Pipelines — commodity infrastructure | — |
| Message broker | Buy | NSQ — commodity, proven at scale | — |
| Observability | Buy | Grafana stack — commodity, industry standard | — |
Actions¶
| # | Action | Owner | Deadline |
|---|---|---|---|
| 1 | Audit existing vendor contracts for exit clauses | Platform Lead | 2026-Q2 |
| 2 | Create TCO analysis spreadsheet template | Platform Lead | 2026-Q2 |
| 3 | Retrospectively document major build-vs-buy decisions as ADRs | Platform Lead | 2026-Q3 |
| 4 | Establish annual build-vs-buy review cadence | CDO | 2026-Q3 |
References¶
STD-GOV-127-VENDOR-EVALUATION-FRAMEWORK.mdSTD-GOV-124-ARCHITECTURE-REVIEW-BOARD-CHARTER.mdSTD-GOV-125-TECHNICAL-DEBT-MANAGEMENT.md