High-Complexity Application Considerations

Use this comprehensive considerations checklist to interview stakeholders, conduct due diligence, and assist in scoping your Unqork applications. As you complete this document, pay close attention to the complexity check as this will help determine resource requirements and may provide an opportunity to dive deeper, reevaluate in scope requirements, or change the expected complexity of the application.

Target Profile: Internal and/or External-facing, multi-level approvals and complex roles, 5-8+ integrations (including batch), advanced UX/UI, and/or multi-language support. Requires a complex team and robust governance.

Additionally, please note that this is not an exhaustive list. There may be additional considerations you need to make, teams you need to speak with, or areas that require additional due diligence. For questions that do not apply to your application, please feel free to skip after you've had a discussion with your team.

Project Team

Use the following table to list out all team members who will be involved in the development of this application. The recommendations in this section are not requirements, but should be used as guidelines when assigning team members to this project.

Role	Name	Recommendation
Technical Champion		Full time resource
Business Champion		Full time resource
Project Manager		Full time resource
Developer		Multiple full time resources
Solution Architect		Full time resource
Environment Admin		Full time resource
Quality Assurance		Multiple full time resources

1. Project Overview

Question	Answer	High-Complexity Check/Details
Application Name
Current Process to be Replaced		Legacy system being retired/modernized, mission-critical application being built
Primary Goal of Application		The "Why" - must be a single, concise statement (e.g. New product launch, core system replacement)
Estimated Application Modules		10+ Modules (Complex structure)
Target User Count		High volume (e.g., 500+ internal/external users)
Number of distinct User Personas		5-8+ Personas (Highly diversified roles)
Is this application internal or external facing?		External brings additional complexity
Is this application a dependency for any other critical production system?		Must identify cascading failure risk

2. Business Functionality & Workflow

Question	Answer	High-Complexity Check/Details
How many distinct steps are in the workflow?		10+ steps (Extensive orchestration)
How many approval levels are required?		3+ levels (Complex hierarchical approvals)
Is multi-language support required?		Yes (Expected for external-facing apps)
Will the application require complex conditional logic?		Yes (High-volume, highly non-linear logic)
Are there any required decision-making rules?		High complexity rules (Involving rating, scoring, or eligibility engines)
If approval/rejections workflows are required, how are users to be notified?		Third Party Email/SMS or other service to be set up and integrated
To what extent do user actions and approvals need to be audited?
Do submissions/tasks need to be categorized by status? If so, what are the statuses?		Make sure to account for edge cases
Are there document generation requirements?		Complex, branded, highly dynamic generation (e.g., PDF/Excel generation)
Is there any process logic that must be decoupled or run externally (e.g., microservice call)?
Is transactional integrity required (i.e., the entire process must succeed or fail automatically)?		Requires defined compensation logic for failures.

3. Technical Scope & Data

Question	Answer	High-Complexity Check/Details
How many external systems must be integrated?		5-8+ API integrations (e.g., Salesforce, Legacy CRM, Active Directory)
Are the services the application relies on available today or will they need to be built?
Is data transformation required?		Yes (Complex data manipulation, validation, or mapping. E.g., Must reformat system A's response for display)
What is the submission volume (per day)?		High volume (e.g., 500+ per day)
Should incomplete submissions be retained?		If yes, list timeframe and detail situation
Can users return to an incomplete submission?
Are there API timeout considerations or general limitations that need to be accounted for?		Make sure you set realistic timeouts, align timeouts across application layers
What validation is needed for APIs?		Need agreement across business on API requirements(e.g., payload, data type, format, fields, etc.). optimize usage, and use asynchronous processing
What error handling and mitigation must be in place for APIs?
Do API responses need to be filtered or sorted for downstream processes?		It's important to think through how data is returned and how it will be used throughout the application.
Are there any batch file processing requirements?		Yes (e.g., Importing large spreadsheets daily)
Is sensitive data (e.g., PII) being stored/processed?		Must align with standard encryption methods
What is the data retention policy?		See APM and Audit Logs (e.g., Must keep records for 7 years)
Are there any required asynchronous jobs?		Yes (e.g., Scheduled data cleanup, delayed notifications)
Are there data storage concerns across regions?
Will any data be stored in Unqork? Are there any requirements to not store data in Unqork?
How often (if ever) should submissions be cleared to maintain performance?
What is the error handling and retry strategy for failing external API calls (timeouts, circuit breakers)?		Must define specific resilience patterns.
What are your data export needs?		What data needs to be sent where, and how often?

4. UX/UI and Environment

Question	Answer/Detail	High-Complexity Check/Details
How will users access the application? What does the launch of this software look like?		(E.g. intranet, consumer portal)?
Are there any custom domain or SSL certificate requirements?
Are there specific accessibility (e.g., WCAG) requirements?		Yes (Mandatory for compliance/external use.)

5. Security & Access Control (RBAC)

Question	Answer/Detail	High-Complexity Check/Details
What compliance standards apply?		(E.g. WORM, COOL, HIPAA, CCPA, GDPR)
How will users be authenticated (e.g., SSO, OIDC)?		Could require Multi-Factor Authentication (MFA)
Is a user deprecation process needed? What happens to in progress or assigned work if initiated?
How are new users added to the system? How are user details updated (if necessary)?
Are there complex role hierarchies within the app?		Yes (Highly complex, multi-level hierarchies are expected)
Does a user's Group/Role restrict the data they can see?		If yes, it's helpful to have this conversation separately for each module once the schema and UI are more developed. (Data visibility restrictions should be mandatory. E.g., Regional sales manager only sees their region's data)
Are there granular permission requirements per field/component?		Yes (Expected for data-heavy apps)
How is PII/PHI/CII data handled, encrypted, and masked within the application?
What is the mandatory frequency for vulnerability/penetration testing (e.g., quarterly, pre-release)?		Must adhere to enterprise security calendar.
Will users from one application use the same level of permissions in another application?

6. Governance & Lifecycle

Question	Answer/Detail	High-Complexity Check/Details
What is the expected peak concurrent user load?
What are the required load testing/performance test scenarios and success benchmarks?
Are there platform monitoring requirements?		Advanced monitoring (SLA, Performance, Health) required
Which artifacts are required from your delivery team? (e.g., Technical Design, Data Dictionary)?		Full, comprehensive SDLC artifacts (Runbook, TDD, DR Plan)
Is a formal disaster recovery (DR) plan required for this application?
Does the application require an immutable audit trail of all transactions and data changes?		Required for most financial/insurance compliance.