01 · Bug triage and resolution
Root-cause fixes, not workarounds.
Reproduce, root-cause, and fix production bugs with clear documentation of what changed and why.
Bug fixes · Dependency updates · Monitoring
Keep production stable between releases.
Software degrades without ongoing care. We handle the unglamorous work — security patches, dependency upgrades, bug fixes, and performance tuning — so your team can stay focused on new features.
Capabilities
The unglamorous work that keeps production running.
Most teams skip maintenance until something breaks. We handle it before it does, on a schedule that fits your risk tolerance and budget.
02 · Dependency and security patching
Scheduled updates with regression testing.
Scheduled updates for npm, pip, composer, and system packages with regression testing before each release.
03 · Performance monitoring
Problems surface before users notice.
Uptime checks, error rate tracking, and slow-query alerts so problems surface before users notice.
04 · Database maintenance
Index analysis, vacuums, and backup verification.
Index analysis, vacuum schedules, slow-query optimization, and backup verification.
05 · Third-party integration upkeep
API changes, deprecations, and webhook failures.
Monitor and adapt to API changes, deprecations, and webhook failures from external services.
06 · Maintenance retainers
Predictable monthly capacity.
Predictable monthly capacity for teams that need ongoing support without a full-time hire.
How we work
Four phases. Same team across all four.
The phases that apply to every engagement, not just maintenance. The team that scopes does the building, and the operating.
-
Phase 01 · 2–4 weeks
Discovery and scope.
Stakeholder interviews, technical review of existing systems, risk register, written scope with milestones and exit criteria.
-
Phase 02 · 3–12 months
Build and iterate.
Two-week sprints with working demos. Senior leads on every sprint review. Code reviewed, accessibility checked.
-
Phase 03 · 2–6 weeks
Cutover and stabilization.
Parallel run with rollback path. On-call coverage during the launch window. Stabilization continues until incident rate trends to zero.
-
Phase 04 · ongoing
Operate and evolve.
Multi-year retainer with the same team that built the product. Monthly check-ins, quarterly business reviews.
Read the full engagement model on the How We Work page.
Industries we serve
Application maintenance across 15 verticals.
Six core verticals where OST has the deepest engagement experience. Plus nine adjacent industries served on selective engagements.
01
Education
K-12 charter networks, higher education, public sector portals.
02
Nonprofit & Civic
Donor-cycle nonprofits, advocacy organizations, civic platforms.
03
Healthcare & Wellness
HIPAA-aware platforms, medical directories, telemedicine adjacency.
04
Real Estate Technology
Multi-tenant SaaS, brokerage tools, self-storage operators.
05
E-commerce & Marketplaces
OpenCart specialists, custom commerce, $10B+ in transactions processed.
06
Manufacturing & B2B
Industrial platforms, B2B safety-tech, embedded engineering teams.
Also serves on selective engagements
Frequently asked questions
Common questions on maintenance engagements.
What does a maintenance retainer include?
Monthly hours allocated to bug fixes, dependency updates, security patching, and monitoring. Unused hours do not carry over but retainer rate is significantly lower than project rate. Scope and hours set in a written retainer agreement.
Do you work on code you did not write?
Yes. Most maintenance engagements start with a code review and documentation pass on inherited codebases. We document what is there before making changes.
How quickly do you respond to production incidents?
4-hour response on critical paths during business hours. 1 business day on standard issues. Weekend on-call coverage available as a retainer add-on with documented SLA.
How do you handle dependency updates without breaking things?
Scheduled monthly update windows with regression testing before each release. We test on a staging environment that mirrors production before anything touches live.
What stacks do you maintain?
Node, Python, PHP, Ruby, Java backends. React, Angular, Vue frontends. AWS, GCP, and Azure infrastructure. Most common CMS and commerce platforms. We flag anything outside our depth during discovery.
Ready to build?
Pick a path forward.
Multiple ways to start: schedule a discovery call, run our cost calculator for a budget bracket, or use the contact form for a written response.