DD Questions

Category Response
Sub-category Question
Technology Front-end &
Stack & Back-end - What specific languages, frameworks, and libraries are used
Architecture Technologies for front-end and back-end development?
- How are APIs designed and secured for internal and
API Architecture external integrations?
- Does the platform use a microservices or monolithic
architecture? What are the advantages and challenges of the
Architecture chosen approach?
Data Storage & - What database technologies are used? How is data secured
Management and backed up?
Scalability & - Can the platform handle anticipated growth and traffic
Performance spikes? How is this ensured?
Development - Describe the development process, testing procedures, and
Lifecycle deployment strategy.
Security & Security - Explain the layered security approach, including access
Compliance Architecture controls, encryption, and intrusion detection.
Penetration
Testing & - What is the frequency and methodology used for security
Vulnerability assessments and addressing vulnerabilities? Can we see
Management results of last pen tests done?
- How does the platform comply with relevant Kenyan and
Regulatory international security and data privacy regulations (CBK, PCI
Compliance DSS, GDPR)?
Open-Source
Software (OSS) - What inventory of open-source software components is
Usage used? How are known OSS risks managed?
Incident - What are the procedures for identifying, containing, and
Response Plan reporting security incidents?
Cloud Specific AWS - Which specific AWS services are used (EC2, S3, Lambda,
Computing Services etc.) and for what purpose?
(AWS Specific)
Security Best - How are AWS security best practices implemented (IAM
Practices roles, VPCs, encryption)?
Data Residency - How does Kaleidofin comply with regulations on data
& Sovereignty storage location and access?
- What is the ability to migrate from AWS if needed? What are
Exit Strategy the potential challenges?
Coding & Coding
Development Standards & - What coding standards and style guides are used to ensure
Practices Style Guides code consistency and maintainability?
Version Control - Which version control system (e.g., Git) is used and what is
System the workflow for managing code versions and changes?
- Does Kaleidofin employ continuous integration and
continuous delivery (CI/CD) practices? How are automated
CI/CD testing and deployment processes implemented?
Code Reviews &
Quality - What processes are in place for code reviews, testing, and
Assurance bug fixing?
- Does Kaleidofin have any existing code issues (technical
Technical Debt debt)? If so, is there a plan for addressing them?
Additional Tech Machine - How is AI/ML employed for tasks like credit scoring or fraud
Questions Learning & AI detection?
Data
Anonymization & - What techniques are used to anonymize data and protect
Privacy user privacy while enabling analytics?
Disaster
Recovery &
Business - What strategies are in place for mitigating and recovering
Continuity from outages or disasters?
Technology - What are Kaleidofin's future plans for technology upgrades,
Roadmap innovation, and integration with new technologies?