Global Sourcing: Getting Started

Sourcing work to offshore locations and/or moving global resources to domestic
locations to perform work has been gaining momentum over the last several
years as companies increasingly are attracted to the efficiency and effective
gains promised through these approaches. As with all significant and complex
strategic initiatives, there are questions that arise as companies plan and
execute these programs. The following are some of the questions that are
commonly asked, along with one way to answer the question.

Why Did Global Sourcing Take So Long to Become Popular?

Many leading vendors have been focusing on this model for a number of years.
However, there were two key developments in the last decade that enabled the
model to gain in popularity.

The first is the evolution of the Internet. High-quality and low-cost bandwidth
has enabled remote workers to become highly productive and integrated with
their on-site counterparts, paving the way for creative development and maintenance
delivery models. Another byproduct of the Internet was the increased ability
for companies to import staff from offshore locations to domestic locations.

The second development focuses on the devaluation of currencies in a variety
of countries that are now focal points for offshore development. The devaluation
has pushed rate structures in offshore locations to a point where the value
proposition to adopt a global sourcing model is very compelling to many companies.
Between 1980 and 2003, India’s rupee lost over 80 percent of its value
against the US dollar. This devaluation has made it far less expensive for
US companies to conduct business in India. Similar currency devaluations have
occurred in Brazil and other popular offshore locations.

What Should We Look for in a Vendor?

There are a variety of IT research organizations that periodically publish
rankings/evaluations of the leading global sourcing companies. Some of these
organizations include Gartner, Forrester, Meta, GIGA, and others.

The reality is that the handful of leading companies can meet or exceed a typical
list of basic requirements published in a request for proposal and can provide
service that will meet or exceed most companies’ standard requirements.
So, how can a company separate one or two companies from the pack? The following
are a few ideas:

  • Value Add – Companies should ask vendors to submit a detailed response
    on the value add that they will bring to the table. This should include
    a section that identifies what is included at no additional cost and what
    options
    are
    available for an additional cost.
    This response will provide a view to how a vendor defines its offering.
    A limited response in this section might suggest that a company sees itself
    as a body
    shop and the company they are providing service to as a big cash register.
    A more thoughtful and creative response might suggest that the vendor
    is
    focused on a broader picture and providing solutions as opposed to bodies,
    and may
    be able to provide a far greater value proposition than competitors.
  • Delivery Team. One way to select one or two vendors from a group is based
    on the actual staff that will be on-site and off-site performing the work.
    It
    may be tough for a vendor to nail down the actual staff that will be
    working on the project if the start date is a moving target. Companies should
    commit
    to a start date and ask vendors to commit key members of their delivery
    team to start on that date. Once the project has started, the staff that
    is selected
    for the project may ultimately leave the project for a variety of reasons.
    As a result, a company should have a solid understanding of a supplier’s
    ability to back-fill quality. The following questions (and more) should
    be considered in an evaluation: Does the supplier have an industry-specific
    practice?
    Does the supplier have competency centers specializing in the required
    skill set? Does the supplier have staff visa-ready for travel? Does
    the supplier
    rely on contractors or are they actual employees? Does the staff provide
    a formal training program for new employees?
  • Selling the Decision. Across geographies and industries there are varying
    degrees of sensitivity to global sourcing. In some situations, the decision
    to move
    forward will be reviewed multiple times within a company and perhaps
    even with external stakeholders. This may factor into a company’s decision
    to work with one vendor versus another.

How Much Work Should We Perform Onshore and How Much Should We Perform
Offshore?

How companies structure their delivery models depends upon a variety
of different factors. In some industries and geographies, political and
regulatory
pressures
may prevent a company from configuring a solution as aggressively as
it would like. A recent example reported in the Nov. 21, 2003, edition
of
the Indianapolis
Star involved an Indian company winning a US state government contract
only to have it taken away as public pressure mounted to provide the
work to US
citizens. In the utility industry, there seems to be a higher sensitivity
to global sourcing resulting from regulatory and public interest group
influence. That aside, many utilities are quietly moving forward with
initiatives of
varying
degrees. A quick scan of the leading providers will provide the names
of a number of utility industry clients.

For companies that are looking to define a model that best meets their
needs, Figure 1 identifies three possible high-level approaches and issues
to consider
in selecting each.

For companies that decide to utilize an onshore-offshore model, there
is a continuum of staffing alternatives to consider based upon the type
of
work. Most companies will deploy a 20-80 to 40-60 model.

What Is the Difference Between Transition and Transformation?

In a rush to get to the benefits, more than a few companies have glossed
over two critical components of making a global sourcing initiative successful:
transition and transformation.

A transition involves preparing for and migrating the development and
maintenance services performed by the current organization to the new
organization
without disruption in quality or service. A transition focuses on defining
logical
groups or partitions of applications and then migrating the work performed
around those applications to the new organization. Underlying this process
is careful planning for human resource management, knowledge management,
and change management.

Transformation involves defining and institutionalizing processes consistent
with the Software Engineering Institute’s Software Capability Maturity
Model (SEI CMMI), which consists of best practices to address both development
and maintenance activities. With proper planning and execution, it is
an achievable goal for most organizations to achieve Level 3 within 12
months. Many organizations
will begin with a Level 1 or Level 2 capability. Figure 2 is an overview
of the levels corresponding to the SEI model and the corresponding characteristics:

How Should We Address Business Continuity Concerns?

There are a variety of events that could create problems for your delivery
model. With proper planning, even the most significant and catastrophic
events can be mitigated.

The following is a framework for thinking through various potential disruptions
in service and the resulting items that need to be addressed to mitigate
the disruption should it come into play. Many companies will identify
an alternate
offshore location that is prepared to provide service in the remote case
the primary location is not able to. Often this will just be another
location in
the same country.

A blue alert is a very low to no-impact problem on support. Typically
a temporary outage of the dedicated communications link occurs. Onshore
resources
should
continue to provide support for the critical systems, and the situation
will be monitored and escalated to yellow if needed.

A yellow alert will impact operations for a brief, but temporary, period.
The definition of “brief period” should be determined by
the business user. In this scenario, onshore resources will continue
to provide support
for critical systems. In addition, if needed, travel-ready Indian subject
matter experts will be brought onshore. Plans for moving work to another
location
will be prepared, and finally the situation will be closely monitored
to determine if it is needed to escalate to red.

In the case of a red alert, there are major impacts on the project. The
current delivery center becomes inoperable and support operations have
to be shifted
to an alternate center. As always, onshore resources will provide support
for the critical systems while locally available technical skills from
the US are
infused to the team. Alternate locations will be finalized and migration
plans will be generated. In addition, India subject matter experts will
travel to
the US or to the new country to lead knowledge transfer.

What Should Our Global Sourcing Partner Do to Protect Our Intellectual
Property?

Leading providers will be able to provide to a company with their corporate
standards outlining their policy and procedures to safeguard company
information. The policies should address personnel, infrastructure, and
data and network
areas. All vendor locations and projects should comply with these policies,
and the vendor should be periodically audited for compliance. A vendor
should be able to incorporate additional measures as needed by a company.

Personnel acquisition and management should be a formally defined process.
This should include background checks, language testing, and technical
testing. In addition, all staff should sign or be covered under a confidentiality
agreement. A formal indoctrination program should take place for all
staff providing training
on all policies and procedures. Compliance is a condition of employment.

Remote development centers should require photo identification for all
staff, with electronic card readers limiting access to specific areas.
External
entry should require badge access that is monitored and enforced by security
via
closed-circuit cameras. Around-the-clock security personnel should be
used for equipment sign-in and sign-out.

Project servers, workstations, and documents should be individually numbered
and physically safeguarded. All output devices should be centrally located,
localized, and secured at a project and infrastructure level. Offsite
archiving policies for business continuity are agreed upon with the company
prior
to implementation.

A comprehensive networking policy should be established for the protection
of the client’s LAN. The vendor LAN should be part of a security-enhanced
private network, protected by firewalls.

The client team’s LAN should access only the client’s servers.
The client’s LAN is fully isolated from the vendor WAN, and connection
to the LAN is possible only via specific, secure points. Workstations should
have desktop firewalls, thus establishing protection at the lowest levels of
access, and should be updated online by the vendor’s worldwide tools
and systems. TCP/IP vulnerability scans should be conducted on account servers.
Power-on passwords should be mandatory and must conform to established rules
for complexity and frequency of change. Anti-virus software should be pre-loaded
and kept up to date and synchronized online by the vendor’s worldwide
tools and systems.