If you’re looking to build a website for your business, a proven approach is to work with an agency and have them deliver the project for you. This could be a bespoke website design and development agency or solely a website or platform development agency.
Before you approach an agency, however, you’ll first need to reach a clear, detailed understanding of your requirements.
This article will provide an in-depth guide to help you through the briefing process and ensure your chosen agency delivers your project successfully, including a free template you can use to create your own brief. This template can also be used for other types of development projects as well, including anything from an online portal to an internal training platform.
Where to Start
Whether you need to design and develop a new website, or rebuild or migrate an existing site, a natural first step is to take your idea to an agency with a view to launching a web development project.
However, it’s a common mistake to go to an agency too early with just a raw, under-developed concept. Rather than meeting with an agency prematurely, we strongly suggest going through the process of defining your specific requirements and creating a project brief first.
The first thing to do is hold a discussion with the relevant people internally. Talk through the idea, and try to define what it is you need and what you want to achieve with it. Get a clear picture of what that idea or a concept will turn into, but also think carefully about what it should do from the perspective of your end-users.
Once you have a more tangible understanding of what you’re looking to build, you should begin creating a brief.
This is a document outlining the key details and requirements for the project. It’s something you’ll need to take with you to your introductory meetings with the agencies you’re considering, as it will be a very useful tool in helping you explain your idea clearly.
A brief doesn’t have to be complicated. It’s just a simple written document that lists everything you want at this early stage. However, while a brief can be simple, it’s important that it’s as specific as possible too. The more detail you provide for your agency, the more chance you’ll have the project delivered on time, within your budget, and meeting your expectations.
Why Having a Brief is Crucial
There are some potential pitfalls to be aware of that could create challenges for you if you don’t create a thorough brief.
Unfortunately, some agencies will be willing to work with you without a detailed brief, glossing over important details and keeping the expectations and requirements vague. This is a red flag to look out for, as it will likely result in one of several outcomes:
- You risk going through a long, expensive discovery and definition exercise that you could’ve done yourself internally for no cost.
- You risk being given a quote that’s too expensive, or a project timeline that’s longer than necessary.
- You risk receiving a service from the agency that doesn’t align with your request or meet your expectations. In turn, you’ll then have to spend even more time and money on a new project to get your original idea developed.
A brief is what gives you and the agency a mutual understanding of the work that needs to be done to successfully deliver the project. Without that specificity, you might end up disappointed. That’s why it’s always wise to put some time and effort in up front before taking your idea to an agency.
Once you submit your brief, you may be invited to participate in a follow-up session to further explore the requirements you’ve listed. This is perfectly normal, and actually a good sign. Experienced agencies will want to talk through each of the elements of your brief with you to help determine the best possible way to deliver those in the project.
How to Create Your Brief
When you begin to discuss and plan the requirements of your project between your team, we recommend thinking carefully about the following points.
Please note: There are a lot of things that could go into a project brief, depending on how complex your requirements are, so we won’t include everything here in this article.
The Project’s Purpose and Goals
Start by thinking about what the purpose of the project is. There’s no use speaking to an agency until you have a clear, specific understanding of exactly what you’re trying to achieve with this project. This should relate to your strategic business objectives, but it should also be designed to meet the needs of your end-users.
Ask yourself how this will allow you to improve your end-users’ experience or solve a problem for them. Answering this might involve working on user personas or developing user stories, or potentially even working directly with some members of your target audience to gather their input.
Project Timelines and Deadlines
Timing is another important point to think about, particularly how much time you have to deliver the project. Deadlines can sometimes relate to certain dates that are out of your control, so it’s better to start as early as possible in those cases. If there’s any flexibility with the timeline for delivery, make a note of that as well.
Make a list of all the stakeholders involved. This is a good thing for the agency to be aware of early on, because the project becomes more complex with a higher number of stakeholders.
Depending on the size of your business, and the nature of your site, your project team will usually be some combination of: A marketing director or marketing manager, someone from your operations department, and someone from IT.
However, if you also have people like someone from your IT team responsible for security, a content writer to provide all the written text, or any external consultants, that should be made clear in advance. If your site will need to integrate with other platforms, such as your CRM system, you may have an integration manager specifically in charge of overseeing that as well.
It’s useful to designate roles to certain stakeholders, such as project sponsors, product owners, administrators, and so on. This will help you understand who’s responsible for different aspects of the project internally.
If you plan to work with external agencies for things like SEO or branding, it’s important to note that in your brief. This is necessary for the development agency to be aware of as early as possible, because collaborating with other third-parties at different stages of the project requires a lot of coordination.
Certain processes may also have to run differently if other third-party agencies want to be more hands-on or handle some parts of the site themselves. The earlier this is made clear, the more smoothly the project will run.
If you have any preference of technology platform or any requirements related to your existing tech stack, that will be something you’ll need to decide early on. For example, would you prefer to use WordPress due to its scalability, or do you have any existing investment in any other platforms?
Think about any preference you have for the various technology choices available, why they’re important to you, and whether your agency will have to tailor their approach to accommodate that.
Try to determine a minimum and maximum budget for your project, even if it’s just a loose range for now. It will help you evaluate agencies, and will also help you prioritise the various aspects of the project as “must have” or “nice to have” in many cases.
Design Look and Feel
This is where your company’s brand comes into play. You’ll want your site to reflect your brand and that will come through in the design. Bring any brand guidelines to the table, and think about what sort of tone or experience you want to convey to your end-users.
If you don’t have any recent brand guidelines and want help updating them, or need to go through a rebranding process, mention that in your brief as well. Design and development agencies will often be able to help you in these areas too, or at least refer you to a trusted partner who can.
User Interface (UI)
How your end-users will interact with your site, and what kind of experience they’ll have, is largely determined by the user interface. When it comes to design and UI, simplicity is usually the best approach. However, depending on the function you’re providing, you might have some specific or bespoke UI requirements.
Consider your target audience carefully here as well. For example, if most of your users will be accessing your site from a mobile device, it’s probably wise to opt for a mobile-first design.
Some other important things to think about here include how you’d like your sitemap to be structured, especially if you have an existing site that you’re already happy with.
If your project will involve rebuilding or migrating an existing site or platform, it will be helpful to gather any existing data sources, such as Google Analytics, that will provide insight into your current site.
Non-functional requirements are all the aspects of your site that happen behind the scenes. These are things that allow your site to do its job properly for your end-users, but won’t be evident to those people while they’re using it.
There’s a lot of things to consider with non-functional requirements, so we won’t cover everything here.
If you have any specific hosting requirements, such as a preference for a certain cloud-based platform, or a particularly secure data centre, those will be important to identify as early as possible.
Say, for instance, that sustainability is a core value for your business, this could also have an influence on how and where your hosting is managed.
If you have an internal IT team that will be contributing towards the hosting decision, make sure you involve them in the discussion.
Security and Compliance
Security is a growing concern for all businesses today. It’s crucial to think about security as a core component of any web development project, to minimise any potential risks for your business.
If you have someone in your team responsible for security, they should begin to think about issues such as:
- How will you be backing up the site’s data?
- What level of data encryption do you need?
- How will users’ personal details be stored and protected?
- Will you have two-factor authentication?
- What password recovery process will there be for users?
Robust security also involves keeping compliant with any specific security or industry regulations that may affect your business. Of course, compliance with things like GDPR should be planned for at this stage too.
Some other common non-functional requirements include things like session management capabilities to track and things like log-in time, session length, pages visited, and so on. Search engine optimisation (SEO) tools, analytics, or other capabilities might need to be built into your site as well.
Accessibility, Usability, and Responsive Design
When it comes to aspects that will make your users’ experience as seamless as possible, such as accessibility, a good agency will ensure all these things are taken care of for you. This is also the case for ensuring all major web browsers, operating systems, and devices are fully supported and compatible. Development should always be compliant with industry standards, taking into account optimum accessibility and usability.
However, if you have any additional or bespoke requirements for any of these things, those will be useful to note early on.
The term ‘functional requirements’ refers to everything that your site will be able to do for its users, in terms of its features, functionality, and capabilities.
As mentioned earlier, one of the first things you discussed was what the site will help your end-users achieve. From the perspective of building something your target audience can use, you should start to get a feel for what functionality is required to ensure they can achieve that.
Your features are the things your site will allow your users to do. These can be very simple, or very sophisticated, depending on what you’re aiming to provide for them.
When putting your brief together, think of any and all features and functionality that might benefit your users. Your agency will then work with you to explore these and find the best way to turn that into intuitive, user-friendly features for you.
What to Do Next
Once your team has been through the process of talking through all the points listed above, you should have a very thorough, useful brief to work with. The next step is to take that brief to any introductory meetings you have with agencies and ask them what they think of the project initially.
It’s normal for an agency to ask lots of questions at that stage and really dive into the ‘WHY’ behind all the things you’ve put into your brief. A good agency will even challenge you on certain decisions, to help you determine the best possible way to build what you need.
Once you’ve discussed your brief with an agency, determine which one feels like the best fit. Choosing the right agency is crucial, as it will have a huge influence on whether or not your project is successful.
As mentioned earlier, some agencies will agree to launch into a project without a brief, and that can be extremely problematic. While the main purpose of a brief is to help you and your agency understand exactly what you need, it should also be used as a way to spot partners who may not be sufficiently thorough or conscientious.
Whichever agency you choose, a detailed brief will help you ensure you’re given a fair quote, realistic timelines for completion, and a finished product that meets your requirements and expectations.
More Helpful Resources
If you’re considering a bespoke development project, our related article provides useful guidance to help you choose the right technology platform for your specific needs:
Would you like these insights straight to your mailbox?
- Auto-updates – When your platform’s software is automatically updated, changes in the code can cause new security weaknesses to arise.
- Plugins – Using WordPress plugins from untrustworthy sources, or neglecting to update and maintain your plugins properly, can also cause security issues.
- Review the results and analysis of any previous tests (if there are any)
- Define the scope of the testing, including which tests will be performed
- Gather all necessary data and information on the system to conduct the testing
- Determine the criteria of success or failure for the tests.
- Use automated tools to scan for vulnerabilities and identify weaknesses
- Attempt to exploit the identified weaknesses
- Repeat the tests with different types of user roles and permissions
- Measure the outcomes against criteria for success or failure
- Create a report on the outcomes and results of the tests.
- Review the reports and analyse the results
- Remediate and resolve the vulnerabilities that were able to be exploited
- Re-test the vulnerabilities to ensure remediation was successful.
- Configured firewall options, IP access lists, and anti-phishing attack technologies
- Full responsibility for rapidly patching OSes and libraries
- Long-term-supported Linux distributions for maximum security.
- Compliance with ISO 27001/PCI-DSS/TIA-942
- A 100% pass-rate for any data centre audits
- 24/7 data centre staffing with experienced engineers and specialist security teams
- Document review services for your external audits
- Bespoke consultancy available if you have any major certification requirements.
- A fully-managed service provided by a team with decades of experience
- Round-the-clock, hands-on assistance, 365 days per year
- Deep technical understanding and expertise
- Proactive support from dedicated engineering teams and account managers
- High-level consultancy, including advice on new projects and technologies.
Latest from agency
24 November, 2022
SoBold obtain Skilled Worker Sponsorship Licence
SoBold are delighted to announce that we have obtained a sponsor licence in order to sponsor international skilled workers to come and work at SoBold.
SoBold have always put heavy emphasis on hiring the best global talent for our needs, and we have strengthened our ability to do this by obtaining a Skilled Worker Sponsorship Licence.
With all sponsorship licences that the Home Offices grants they need to be reassured that the sponsors can live up to the “significant trust” that the department places in them. The Home Office further made checks that SoBold is a “honest, dependable and reliable” workplace, and capable of meeting the responsibilities that it expects from sponsors.
Since being granted our Skiller Worker Licence, we have been fortunate enough to put it to use to hire two new team members.
Anna de Moraes, joined SoBold, from Portuguese company, SpringParrot. Anna had been able to work remotely, and was living and working from the UK, when she got in touch with SoBold. Anna, who is natively from Brazil, said of the process:
“The steps were pretty clear and the whole process was quite simple. I’ve had friends waiting years for their visas to be approved while we were able to complete everything in a short period of time! I was already excited to start and, in a blink of an eye, I was finally part of the SoBold team!”
More recently, SoBold hired Santosh Gajera as a Back End WordPress Developer. Santosh has relocated from India in order to provide his services to SoBold. When asked about the process behind him getting his Skilled Worker VISA granted, Santosh said:
“To keep my IT career moving forward, I needed sponsorship from an organisation that sponsored my visa. SoBold has been an invaluable help in obtaining my Tier-2 (Skilled worker) visa. I am very thankful to their hard work and professionalism. My documents were handled very scrupulously by them, and they provided full support throughout the whole application process . I got my visa approved in two days, which is amazing, and they handled everything for me.”
SoBold worked with all-in-one digital platform, Nation Better in order to achieve our sponsorship licence and the process was streamlined, affordable and transparent.
SoBold already have a diverse talent pool, with staff from all over Europe, and with the help of Nation Better, we have been able to improve the way in which we hire international talent and open up opportunities further afield. We look forward to continue growing our team with exceptional overseas talent and have access to a wider talent pool.
SoBold Managing Director, Will Newland said:
We are absolutely delighted to welcome both Anna and Santosh to the SoBold team. Without our Sponsorship Licence we would be missing out on a large pool of talent that is the future of our business. We very much look forward to continuing to use our Sponsorship Licence to our advantage and giving skilled employees the opportunity to come and work here at SoBold.
For more information on what current vacancies we have, please visit our website careers page.
Would you like these insights straight to your mailbox?
1 November, 2022
SoBold announce Cyber Essentials certification
SoBold announce their Cyber Essentials certification for the third consecutive year which demononstrates their commitment to delivering secure technical solutions to their new and existing clients.
Cyber Essentials is scheme which helps guard your organisation against a range of common cyber threats. SoBold’s resilience across a range of internet facing devices was tested and approved, ensuring there were not any major critical vulnerabilities discovered
SoBold Technical Director, Sam Phillips said:
With an ever growing cyber threat, Cyber Essentials certification is becoming more and more important to maintain. Protecting both our clients data and websites is of the upmost importance and successfully passing the more thorough Cyber Essentials guidelines new for 2022 shows our commitment to this.
Would you like these insights straight to your mailbox?
14 July, 2023
A Guide to Penetration Testing: Strengthen Your Website Security and Minimise Risk
Penetration testing, often abbreviated as pen testing, is an essential process to ensure you maintain a safe and secure website. But what exactly does pen testing involve, and how can you rest assured your agency partner is covering all potential vulnerabilities for you?
This article will provide a detailed guide to penetration testing, helping you minimise your security risks and ensure your website is fully protected.
In a recent series of articles published in our resource library, we provided an in-depth explanation of the end-to-end process of building a high-performance, enterprise-grade website. (If you’d like to read that series first before learning about pen testing, you can start here).
After you’ve worked with your agency partner to successfully build your website, you’ll also need to ensure your site is protected from cyber security threats. With that in mind, you should understand the important role that pen testing plays in effective website security and maintenance.
What is Penetration Testing?
Penetration testing is a form of website testing that’s used to identify security vulnerabilities When conducting pen testing on your site, your agency will simulate a range of cyber attacks that could be used by cyber criminals or malicious software (malware).
The purpose of this is to identify security weaknesses within your site and take action to prevent them from being exploited in the real world. This approach goes beyond basic tests, as it doesn’t just list the vulnerabilities, it examines how they could be exploited and helps to prevent that from happening.
Why is it Crucial for an Agency to Conduct Penetration Testing?
Website security is critical in today’s digital business landscape. Cyber security threats have become highly intelligent and sophisticated, now capable of penetrating even the strongest security networks.
The outcomes of a cyber attack on your website could be catastrophic, either through sensitive data being stolen, lengthy losses of business continuity, or even reputational damage.
Remember, your site’s security isn’t just vital to you as a business, it’s also something your clients need assurance with when they agree to work with you. You should be taking as many proactive steps as possible to ensure your security measures are rigorous enough to match high levels of risk.
Covering All Bases for Robust Security (in WordPress)
It’s useful to be conscious of the common security weaknesses and pitfalls cyber criminals typically aim to take advantage of.
Security vulnerabilities can be created when your website is running on outdated versions of your platform, or if something hasn’t been configured or integrated properly. Other common pitfalls include weak authentication measures and insufficient protection from the perspective of your users.
With platforms like WordPress, there are some areas in which less experienced agencies could allow security vulnerabilities to creep in as well. For instance:
This is one of many reasons why it’s important to work with an experienced agency partner who has proven platform-specific knowledge and expertise. Your agency should know your CMS of choice inside out, and should therefore be well aware of all the most common security pitfalls and targets for cyber attacks.
What Does Effective Penetration Testing Involve?
To conduct pen testing, your agency’s security experts will run through a process that attempts to penetrate your site’s security measures.
This is usually done in stages, as follows:
1 – Planning and Preparation
2 – Running the Tests
3 – Post-Testing
The Benefits of Thorough Penetration Testing
Working with an agency partner who can support you with ongoing pen testing is a necessary step towards gaining enterprise-grade security for your website.
Technology changes so quickly today. Your platform receives updates regularly, your site is always growing, and cyber criminals are constantly finding new ways to breach your defences and gain access to your data. Penetration testing allows you to keep the pace with new emerging vulnerabilities.
Conducting regular pen testing can also help improve client relationships and create competitive advantages as well. In certain industries, a demonstrable commitment to security will be greatly appreciated by your target audience. This can help to differentiate you from the competition and provide the trust required to attract more prospective clients to work with you.
Website Security is a Never-Ending Battle
While every business with a website faces tremendous security risks today, this is a proven process that can help to minimise that risk and give you the confidence you need in your site’s security.
Any agency partner you work with should have the knowledge and expertise to understand the importance of pen testing, and should insist on making this an integral, ongoing part of your site’s maintenance.
Would you like these insights straight to your mailbox?
20 June, 2023
Enterprise-Grade Web Hosting Explained
The type of hosting environment you select will have a strong influence on the success of your website. It’s important for you to find a secure, scalable web hosting service that you have 100% trust in to deliver high-performance at all times.
To simplify the options available to you, this article will break down the various types of web hosting services, and explore the non-negotiables we believe you should be considering in your criteria when making your decision.
The Fundamentals of Enterprise-Grade Hosting
Some of the most important things to look for with your hosting environment include:
Security – Cyber security is obviously an essential priority, and this should be top of your list of criteria in the current climate.
Performance – Your hosting environment should be set up in a way that makes your site capable of handling large surges of traffic.
Scalability – As your business grows, it’s likely that your site’s audience will grow. You need a hosting provider with the capacity to scale your services seamlessly to meet your needs, both now and in future.
Resilience – It’s important to ensure your hosting infrastructure is robust, and that it can gauruntee you certain performance levels and up-time.
Support – If anything does go wrong, you need to be assured that you have a quick, efficient support service in place to get your site back up and running as soon as possible.
Sustainability – With sustainability a growing priority on the corporate agenda, the carbon footprint of your data centre may be another important factor in your decision.
Option 1 – Shared Hosting Services
Shared hosting services can provide you with a basic secure server for your website. However, as the name suggests, these servers will be shared with a large number of other businesses. You won’t have any dedicated server of your own with shared hosting.
This approach does have some advantages, particularly in the area of cost. These shared hosting environments can cost as little as £1,000 per year. However, the down-sides to this often outweigh that cost benefit.
In many cases, the low cost of shared hosting services can often be reflected in the performance levels. This is because, with such a high volume of websites hosted on the servers, your performance has no protection if other sites are experiencing high volumes of traffic.
It’s also likely that you’ll only have access to limited support services when any issues arise. Many of the shared hosting options will have a ticketing system for support, where you’ll be at the mercy of the number of requests ahead of you in the queue. This could result in your website being ‘down’ during times where it’s business-critical.
Option 2 – Private Servers with Shared Hosting Providers
Most shared hosting providers will offer the option of having your own private server for an extra cost. This is often referred to as a VPS, which stands for virtual private server.
Rather than sharing a server with thousands of other businesses, you’ll only be sharing with a few others. While this is significantly better than the regular shared hosting options, you can still end up facing similar problems with performance and scalability.
This is another cost-effective approach, though, with some improvements over standard shared hosting. If you rely on an agency to set this up for you, they’ll likely put their smaller clients on a shared VPS and give their larger clients their own dedicated servers to minimise any potential problems.
Option 3 – Enterprise-Grade Private Web Hosting
Often the most reliable and trusted approach to take is to have your own dedicated server, which comes with a wide range of additional benefits.
With this option, your website is placed on its own private server in the cloud, managed by a dedicated team of specialists who offer personalised, hands-on support and ongoing optimisation.
Enterprise-grade security should be a core part of the hosting service you choose, regardless of whether it’s private or shared. However, you’ll be guaranteed far greater security, with drastically reduced risk, when you work with a private hosting service.
For instance, a hosting provider should offer robust protection for your site, including:
Of course, compliance and certifications are another crucial aspect of cyber security these days. While some shared hosting providers may have the basic levels of compliance in place, most private hosting services will boast:
When taking this approach, you’ll receive your own bespoke service and will be provided with a hosting environment tailored to your specific requirements.
This will optimise everything included in your hosting package, from your preferred caching, loading speeds, performance requirements, up-time, and more.
You’ll also be able to set up a content delivery network (CDN) to make your website faster and more readily available to all visitors around the world.
Private hosting gives you the capacity and flexibility to scale seamlessly anytime your website’s traffic increases, or if you have peak times for traffic.
This is an intelligent way to future-proof your investment, with the confidence that your website’s performance will be consistently excellent as the size of your audience increases and your site expands. This also applies to situations in which you need to scale unexpectedly due to short-term increases in demand, ensuring business continuity is always maintained on your site.
Private hosting providers have guarantees for their resilience, and for your site’s up-time, covering all possible bases. This even counts for unusual scenarios like floods or fires.
It’s wise to look for a provider who offers back-up and disaster recovery services for the maximum resilience.
Back-Ups: Managed back-up services provide you with a tailored regiment, alongside rigorous testing, for guaranteed restorability.
Multi-level back-ups are taken for you, both locally and remotely, to minimise risk. You’ll also be able to choose from a range of replication technology options for your load-balancing and various fail-over scenarios.
Disaster Recovery: Private hosting providers will also use disaster recovery measures, such as geographically-distributed platforms and back-up data centres, providing you with full assurance that your performance and up-time are always maintained.
Your primary hosting platform will be replicated to a disaster-recovery platform, which means that if the primary data centre is ever out of action for a prolonged period of time you can fail-over to the back-up systems.
While the more basic hosting services can take days to recover in similar situations, which could result in losses of business and even reputational damage, disaster recovery can often be done in a matter of minutes with a private hosting environment.
Support and Optimisation
Trust and confidence in your provider’s ability to deliver on your requirements are a vital part of your hosting service.
It’s highly beneficial to take an approach that gives you – or your agency partner – a close working relationship with your hosting provider. Availability and accountability are much greater with a private hosting service than with a shared approach.
A close working relationship provides other advantages as well. For instance, anytime you want to make upgrades to your hosting environment, they can analyse your traffic and identify the best time and date to do that with minimal disruption.
This is all part of collaborating with your agency and hosting provider, so they understand your unique business and tailor your hosting services. This is all done based on the conventions of your target audience and your specific requirements to deliver the best possible service.
In terms of support, private hosting providers will have powerful automation tools to proactively, continuously monitor your environment. That allows them to resolve the majority of issues before they’re able to have an impact on your site.
This can also involve 24/7 custom alerting systems, as well as a fully customisable monitoring portal, and multi-channel systems to alert engineers rapidly in the event of any problems.
In terms of your overall service with an enterprise-grade private hosting provider, you should also expect to gain:
If your business has sustainability as a priority or core cultural value, then this is another reason to opt for a private hosting service. While it’s not impossible to find shared hosting services with carbon-neutral data centres, it’s much less common.
Sustainability is also a key focus for us here at SoBold as an agency. As a result, we’ve worked hard to ensure we have an environmentally-conscious, carbon-neutral service offering.
Having a fully dedicated, bespoke private server is usually the preferred choice of web hosting services. This is due to the unmatched levels of security, scalability, and performance that come with private hosting providers.
Of course, it’s important to note that this does also come with a higher cost than other options. However, the benefits and trust gained through their strengths in these key areas ensure strong ROI.
Not only do their flexibility and optimisation provide you with a high-performance website set up for success, but enterprise-grade security and resilience will also minimise your risk and save you significant costs in the long-term.
Would you like these insights straight to your mailbox?
Latest from agency
8 December, 2022
Sam Phillips and Will Newland interviewed by Cloudways
SoBold has been working with Cloudways since 2019 to help host development environments for all of their clients.
You can learn more about Cloudways, Managed Cloud Hosting services by visiting their website here.
See what they had to say in the video below.