Global Sourcing: Getting Started by Chris Trayhorn, Publisher of mThink Blue Book, March 11, 2004 Sourcing work to offshore locations and/or moving global resources to domestic locations to perform work has been gaining momentum over the last several years as companies increasingly are attracted to the efficiency and effective gains promised through these approaches. As with all significant and complex strategic initiatives, there are questions that arise as companies plan and execute these programs. The following are some of the questions that are commonly asked, along with one way to answer the question. Why Did Global Sourcing Take So Long to Become Popular? Many leading vendors have been focusing on this model for a number of years. However, there were two key developments in the last decade that enabled the model to gain in popularity. The first is the evolution of the Internet. High-quality and low-cost bandwidth has enabled remote workers to become highly productive and integrated with their on-site counterparts, paving the way for creative development and maintenance delivery models. Another byproduct of the Internet was the increased ability for companies to import staff from offshore locations to domestic locations. The second development focuses on the devaluation of currencies in a variety of countries that are now focal points for offshore development. The devaluation has pushed rate structures in offshore locations to a point where the value proposition to adopt a global sourcing model is very compelling to many companies. Between 1980 and 2003, India’s rupee lost over 80 percent of its value against the US dollar. This devaluation has made it far less expensive for US companies to conduct business in India. Similar currency devaluations have occurred in Brazil and other popular offshore locations. What Should We Look for in a Vendor? There are a variety of IT research organizations that periodically publish rankings/evaluations of the leading global sourcing companies. Some of these organizations include Gartner, Forrester, Meta, GIGA, and others. The reality is that the handful of leading companies can meet or exceed a typical list of basic requirements published in a request for proposal and can provide service that will meet or exceed most companies’ standard requirements. So, how can a company separate one or two companies from the pack? The following are a few ideas: Value Add – Companies should ask vendors to submit a detailed response on the value add that they will bring to the table. This should include a section that identifies what is included at no additional cost and what options are available for an additional cost. This response will provide a view to how a vendor defines its offering. A limited response in this section might suggest that a company sees itself as a body shop and the company they are providing service to as a big cash register. A more thoughtful and creative response might suggest that the vendor is focused on a broader picture and providing solutions as opposed to bodies, and may be able to provide a far greater value proposition than competitors. Delivery Team. One way to select one or two vendors from a group is based on the actual staff that will be on-site and off-site performing the work. It may be tough for a vendor to nail down the actual staff that will be working on the project if the start date is a moving target. Companies should commit to a start date and ask vendors to commit key members of their delivery team to start on that date. Once the project has started, the staff that is selected for the project may ultimately leave the project for a variety of reasons. As a result, a company should have a solid understanding of a supplier’s ability to back-fill quality. The following questions (and more) should be considered in an evaluation: Does the supplier have an industry-specific practice? Does the supplier have competency centers specializing in the required skill set? Does the supplier have staff visa-ready for travel? Does the supplier rely on contractors or are they actual employees? Does the staff provide a formal training program for new employees? Selling the Decision. Across geographies and industries there are varying degrees of sensitivity to global sourcing. In some situations, the decision to move forward will be reviewed multiple times within a company and perhaps even with external stakeholders. This may factor into a company’s decision to work with one vendor versus another. How Much Work Should We Perform Onshore and How Much Should We Perform Offshore? How companies structure their delivery models depends upon a variety of different factors. In some industries and geographies, political and regulatory pressures may prevent a company from configuring a solution as aggressively as it would like. A recent example reported in the Nov. 21, 2003, edition of the Indianapolis Star involved an Indian company winning a US state government contract only to have it taken away as public pressure mounted to provide the work to US citizens. In the utility industry, there seems to be a higher sensitivity to global sourcing resulting from regulatory and public interest group influence. That aside, many utilities are quietly moving forward with initiatives of varying degrees. A quick scan of the leading providers will provide the names of a number of utility industry clients. For companies that are looking to define a model that best meets their needs, Figure 1 identifies three possible high-level approaches and issues to consider in selecting each. For companies that decide to utilize an onshore-offshore model, there is a continuum of staffing alternatives to consider based upon the type of work. Most companies will deploy a 20-80 to 40-60 model. What Is the Difference Between Transition and Transformation? In a rush to get to the benefits, more than a few companies have glossed over two critical components of making a global sourcing initiative successful: transition and transformation. A transition involves preparing for and migrating the development and maintenance services performed by the current organization to the new organization without disruption in quality or service. A transition focuses on defining logical groups or partitions of applications and then migrating the work performed around those applications to the new organization. Underlying this process is careful planning for human resource management, knowledge management, and change management. Transformation involves defining and institutionalizing processes consistent with the Software Engineering Institute’s Software Capability Maturity Model (SEI CMMI), which consists of best practices to address both development and maintenance activities. With proper planning and execution, it is an achievable goal for most organizations to achieve Level 3 within 12 months. Many organizations will begin with a Level 1 or Level 2 capability. Figure 2 is an overview of the levels corresponding to the SEI model and the corresponding characteristics: How Should We Address Business Continuity Concerns? There are a variety of events that could create problems for your delivery model. With proper planning, even the most significant and catastrophic events can be mitigated. The following is a framework for thinking through various potential disruptions in service and the resulting items that need to be addressed to mitigate the disruption should it come into play. Many companies will identify an alternate offshore location that is prepared to provide service in the remote case the primary location is not able to. Often this will just be another location in the same country. A blue alert is a very low to no-impact problem on support. Typically a temporary outage of the dedicated communications link occurs. Onshore resources should continue to provide support for the critical systems, and the situation will be monitored and escalated to yellow if needed. A yellow alert will impact operations for a brief, but temporary, period. The definition of “brief period” should be determined by the business user. In this scenario, onshore resources will continue to provide support for critical systems. In addition, if needed, travel-ready Indian subject matter experts will be brought onshore. Plans for moving work to another location will be prepared, and finally the situation will be closely monitored to determine if it is needed to escalate to red. In the case of a red alert, there are major impacts on the project. The current delivery center becomes inoperable and support operations have to be shifted to an alternate center. As always, onshore resources will provide support for the critical systems while locally available technical skills from the US are infused to the team. Alternate locations will be finalized and migration plans will be generated. In addition, India subject matter experts will travel to the US or to the new country to lead knowledge transfer. What Should Our Global Sourcing Partner Do to Protect Our Intellectual Property? Leading providers will be able to provide to a company with their corporate standards outlining their policy and procedures to safeguard company information. The policies should address personnel, infrastructure, and data and network areas. All vendor locations and projects should comply with these policies, and the vendor should be periodically audited for compliance. A vendor should be able to incorporate additional measures as needed by a company. Personnel acquisition and management should be a formally defined process. This should include background checks, language testing, and technical testing. In addition, all staff should sign or be covered under a confidentiality agreement. A formal indoctrination program should take place for all staff providing training on all policies and procedures. Compliance is a condition of employment. Remote development centers should require photo identification for all staff, with electronic card readers limiting access to specific areas. External entry should require badge access that is monitored and enforced by security via closed-circuit cameras. Around-the-clock security personnel should be used for equipment sign-in and sign-out. Project servers, workstations, and documents should be individually numbered and physically safeguarded. All output devices should be centrally located, localized, and secured at a project and infrastructure level. Offsite archiving policies for business continuity are agreed upon with the company prior to implementation. A comprehensive networking policy should be established for the protection of the client’s LAN. The vendor LAN should be part of a security-enhanced private network, protected by firewalls. The client team’s LAN should access only the client’s servers. The client’s LAN is fully isolated from the vendor WAN, and connection to the LAN is possible only via specific, secure points. Workstations should have desktop firewalls, thus establishing protection at the lowest levels of access, and should be updated online by the vendor’s worldwide tools and systems. TCP/IP vulnerability scans should be conducted on account servers. Power-on passwords should be mandatory and must conform to established rules for complexity and frequency of change. Anti-virus software should be pre-loaded and kept up to date and synchronized online by the vendor’s worldwide tools and systems. Filed under: White Papers Tagged under: Utilities About the Author Chris Trayhorn, Publisher of mThink Blue Book Chris Trayhorn is the Chairman of the Performance Marketing Industry Blue Ribbon Panel and the CEO of mThink.com, a leading online and content marketing agency. He has founded four successful marketing companies in London and San Francisco in the last 15 years, and is currently the founder and publisher of Revenue+Performance magazine, the magazine of the performance marketing industry since 2002.