Phase 3: Commercial & Contracting

Phase goal: Align commercial, legal, and procurement so the delivery team can kick off without contract or access blockers.

Activities

Proposal & pricing — fixed-fee, Time and Materials (T&M), retainer, or hybrid per phase; includes optional managed operations.
Statement of Work (SOW) — scope, deliverables, milestones, acceptance criteria, assumptions, change control.
Technical appendix — references assessment report, Architecture Decision Record (ADR), and artifacts catalog.
Legal & procurement — Master Service Agreement (MSA), Non-Disclosure Agreement (NDA), Data Processing Agreement (DPA), insurance policy, Google Cloud Platform (GCP)/partner vendor registration if relevant.
Client internal approval — budget, vendor security review, and invoice/Purchase Order (PO) contact.

Section	Example contents
Scope	Landing zone, Development, Security, and Operations (DevSecOps) pipeline, hardening, specific applications
Out of scope	24×7 operations outside package, third-party licenses
Deliverables	Document list, code, infrastructure as code, runbooks
Milestone & payment	Tied to phase or sprint review
Service Level Agreement (SLA) for communication	Escalation response — see Communication
Change request	Scope change process and cost/time impact
Intellectual property & licenses	Code ownership, Infrastructure as Code (IaC), open source licenses
Confidentiality	Data, environments, and production access

2–8 weeks — highly dependent on enterprise procurement cycles.

Next: Engagement checklist then Phase 4: Kickoff