What is meant by outsourcing?
The meaning of "Outsourcing" is: "A company or person that provides information; to find a supplier or service, to identify a source". It is very important to be clear about what is meant by outsourcing. Outsourcing essentially refers to how things are done rather than what is done. It describes how for example IT services are obtained; not what the services are.
Very simply outsourcing can be seen as a process in which a company delegates some of its in-house operations/processes to a third party. Thusoutsourcingis a contracting transaction through which one company purchases services from another while keeping ownership and ultimate responsibility for the underlying processes. The clients inform their provider what they want and how they want the work performed. So the client can authorize the provider to operate as well as redesign basic processes in order to ensure even greater cost and efficiency benefits.
IT service outsourcing
In today's world of complex IT solutions, intense competition, and global expansion, many organizations have come to realize that they can't do everything. The need to focus limited capital, resources and management attention on core areas of expertise has accelerated the outsourcing of non-core, non-strategic activities to business partners that have expertise in a specific service or function. In short, if the IT department spends most of its time struggling with routine IT services, then it will have no time to move onto the higher demands the business makes of it—better business intelligence, better processes, and a sharper focus on the strategic goals of the business.
- Reduce Costs
- Flexibility to Add/Reduce Services
- Flexibility to Add/Reduce Staffing
- Focus on Core Competencies
- Establish Local Presence
- Build World-Class Processes
- Improve Overall Competitiveness
Mixing contemporary culture with its European heritage, Le Meridien creates a culturally refined, meaningful and stimulating atmosphere which inspires participants to celebrate the beauty of a moment and the possibilities for insight that live within common occurrences. Currently, Le Meridien is a global hotel group with a portfolio of more than 120 luxury and upscale hotels in over 50 countries worldwide. The majority of its properties are located in the world's top cities and resorts throughout Europe, Africa, the Middle East, Asia Pacific and the Americas.
Le Meridien Vision and Mission:
At Starwood Hotels & Resorts Worldwide, Inc., we are dedicated to protecting your privacy and safeguarding your personally identifiable information. Starwood's mission is to consistently exceed our guests' expectations in terms of the products and services we provide to our business and leisure travelers. We strive to create an experience that is responsive to our guests' needs by using the information you entrust us with responsibly. Starwood is committed to respecting your privacy and adhering to the principles of applicable data protection and privacy laws throughout the world.
Le Meridien involvement in Information Technology
Almost 90% of Le Meridien customer relationship management (CRM), payment gateways, and online claims with potential clients are handled by the internet. This means to say that information technology has played a main role in establishing and building sustainable growth of its operation for the past decade.
The inter-connectivity of Le Meridien branch wise network also uses its networks to connect both locally and globally. This technology has created immense opportunity to reduce cost of the organization and also utilize the same for the betterment of Le Meridien.
Outsourcing of its non-core business
Hotel being its core business Le Meridien, most of its Finance, Call centre and online payments have moved out from Le Meridien business as usual operations. This decision was in the sole intension of focusing a higher degree in its insurance business and to strength its share in the world market.
Cutting your costs and upgrading the quality of the services you offer will allow you to concentrate on your core activities and expand the competitive capacity of Le Meridien business.A number ofIT Services Outsourcinglend themselves to outsourcing, such as help desk services, asset management, support, etc. IT Services Outsourcingmay be the only the way out.
Strategic Role of IT in Offshore Outsourcing
Competitive pressures are compelling United States and European companies to consider offshore outsourcing. Many have already moved software development to places like Russia, India, and China. And the trend is expected to continue.
We look at the strategic roles of information technology when outsourcing is crucial. This would include how IT helped to support the organization and its components, how the management of the employees and business as a whole did were linked with its involvement and how it would in future help the pipeline to be linked with offshore outsourcing.
- Long-term core team
- Optimal utilization of resources across multiple project
- Domain and functional expertise
- Technology expertise
- Access to our methodologies backed by processes and tools
- Increase in client's business efficiency
Why do they do this?
They do this for several reasons.
- Product release cycles are shrinking
- Technology and customer requirements continue to evolve, forcing companies to look at how effectively they have trained and re-skilled their development teams
- There are greater risks associated with relying on a technical talent pool from a single geography
- Resource requirements always fluctuate, making planning difficult
For organizations dealing with these challenges, the appeal of offshore outsourcing is growing, and not simply for the cost savings. The trend being seen by the various analyst organizations is that outsourcing is being seen as a business enabler. While reducing costs is still the number one reason that companies look to outsource, freeing up internal resources to focus on more critical initiatives has emerged as a key factor.
Companies that are thinking about outsourcing will want to consider a variety of approaches before making a decision. In this paper, we offer a brief review of the typical offshore models. We will focus in on one in particular the Offshore Development Center Model. We believe that this model is the most effective for the small to medium size organizations.
There essentially five approaches to consider when considering moving software development and maintenance work offshore.
- Tactical Outsourcing
- Offshore Development Center (ODC)
- Build Operate and Transfer (BOT)
- Do It Yourself
There are essentially two choices.
- Tactical Outsourcing
- ODC (Offshore Development Center)
Contracting out your development work to an offshore vendor means outsourcing on a project-by-project basis.
- You avoid the cost and challenge of updating your organization's technical skills every time a project requires a special capability.
- As your development cycles ebb and flow, you are able to staff your projects with appropriate numbers of low-cost resources.
- If performance becomes an issue, you are able to terminate the outsourcing relationship
- Pricing is based on project scope - either time & materials or a fixed bid.
ODC (Offshore Development Center):
Like tactical outsourcing, an ODC provides your company with an extended development arm that already has space, infrastructure and people. The important difference is that the ODC provides you with resources that are 100% dedicated to your development work for the length of time you desire. This creates a more stable and reliable production environment and gives you the workforce you need to support your ongoing development programs. It also gives you cost benefits
- Dedicated resources are made available to you for a flat rate based on the number of developers you need
- You commit to a fixed time period and from that time initial time period you can add or subtract from your minimum commitment
- You mitigate your risk in hiring and building a team
- Very little of your management bandwidth is required to get your teams up and running
- You have access to a wide range of skills and technology expertise
- You retain continuity of business and process knowledge around your applications and users
Companies, who have a longer-term view, should consider an ODC model. Unlike tactical outsourcing, an ODC is a long-term relationship that provides a ready team of offshore developers for ongoing program execution - a relationship managed by experts who understand the local culture and can deliver the most value to your organization.
ODC built with established organizations further optimize the model:
- Full access to physical location and infrastructure day one
- Access to "flex" resources for special skills and variable workload requirements
- Standing process maturity, which accelerates software development, knowledge transfer, project management, and quality assurance
ODC's retains long term flexibility as market cycles, corporate development goals, and economic conditions continue to evolve. ODC's ensures a safe and effective means of remaining competitive in the global marketplace.
Potential areas of IT Security failures in Offshore Outsourcing
When top official of company's who are thinking to outsource, sit down to discuss the topic of offshore outsourcing, discuss its security - data-security risks and privacy concerns, and how these issues can be mitigated.
The financial industry is used to taking precautions to mitigate the risk of hackers and intruders stealing data and unauthorized personnel viewing sensitive data within corporate headquarters.
These need to be analyzed and implemented as IT security
Typical Security Problems in Outsourcing
The security issues associated with securing customer data are relatively similar, whether you outsource or not. With outsourcing, however, there's an added problem. When key functional areas such as call center operations, are outsourced, people dealing with your customers must have access to the databases containing your data; otherwise, they won't be able to do their jobs. There's no way around it.
Here are some of the typical security problems companies that outsource expose themselves to when they provide access to their data:
- Dishonest insiders
- Exposure online -- another form of hacking
- Lost backup tapes
- Lost and stolen computers
On the surface, the problem seems relatively straightforward. Access control rules should solve the problem. Unfortunately, it's a lot more complex than that, and that's where organizations leave themselves vulnerable
Cost Reduction Expectations
The biggest risk with offshore outsourcing has nothing to do with outsourcing - it involves the expectations the internal organization has about how much the savings from offshore will be. Unfortunately, many executives assume that labor arbitrage will yield savings comparable to person-to-person comparison (e.g., a full-time equivalent in India will cost 40% less) without regard for the hidden costs and differences in operating models. In reality, most IT organizations save 15%-25% during the first year; by the third year, cost savings often reach 35%-40% as companies "go up the learning curve" for offshore outsourcing and modify operations to align to an offshore model.
IT organizations evaluating any kind of outsourcing question whether vendors have sufficiently robust security practices and if vendors can meet the security requirements they have internally. While most IT organizations find offshore vendor security practices impressive (often exceeding internal practices), the risk of security breaks or intellectual property protection is inherently raised when working in international business. Privacy concerns must be completely addressed. Although these issues rarely pose major impediments to outsourcing, the requirements must be documented and the methods and integration with vendors defined.
The Capability Maturity Model (CMM) becomes an important measure of a company's readiness to adopt an offshore model. Offshore vendors require a standardized and repeatable model, which is why CMM Level 5 is a common characteristic. META Group observes that approximately 70% of IT organizations are at CMM Level 1 - creating a gap that is compensated for by additional vendor resources on-site Companies lacking internal process model maturity will undermine potential cost savings.
The time and effort to transfer knowledge to the vendor is a cost rarely accounted for by IT organizations. Indeed, we observe that most IT organizations experience a 20% decline in productivity during the first year of an agreement, largely due to time spent transferring both technical and business knowledge to the vendor. Many offshore vendors are deploying video conferencing (avoiding travel) and classroom settings (creating one-to-many transfer) to improve the efficacy of knowledge transfer. In addition, employee turnover often places a burden on the IT organization to provide additional information for new team members.
Loss of Business Knowledge
Most IT organizations have business knowledge that resides within the developers of applications. In some cases, this expertise may be a proprietary or competitive advantage. Companies must carefully assess business knowledge and determine if moving it either outside the company or to an offshore location will compromise company practices.
Vendor Failure to Deliver
A common oversight for IT organizations is a contingency plan - what happens if the vendor, all best intentions and contracts aside, simply fails to deliver. Although such failures are exceptions, they do occur, even with the superb quality methodologies of offshore vendors. When considering outsourcing, IT organizations should assess the implications of vendor failure (i.e., does failure have significant business performance implications?). High risk or exposure might deter the organization from outsourcing, it might shift the outsourcing strategy (e.g., from a single vendor to multiple vendors), or it might drive the company toward outsourcing (if the vendor has specific skills to reduce risks). The results of risk analysis vary between companies; it is the process of risk analysis that is paramount.
Minimize the Risk of Offshore Development
Market intelligence firm IDC predicts that US-based companies will increase their offshore outsourcing contracts from $5.5 billion in 2001 to $17.6 billion in 2005. The Offshore Development Center (ODC) provides a proven approach to offshore outsourcing by extending a company's development capacity by assigning low-cost, scalable and highly skilled technical resources to support fluctuating development cycles.
Competitive pressures are compelling companies across the United States and Europe to implement offshore development quickly. For small to medium size companies, they often lack the time or resources to build their own ODC. Bridge Quest offers dedicated infrastructure and human resources within an established, St. Petersburg, Russia based facility. Bridge Quest ODC solutions optimize cost and quality for critical initiatives.
Bridge Quest ODC Solutions:
- Provide highly skilled software developers at low cost
- Accelerate time-to-market with expanded development capacity
- Apply a proven development methodology or adopt our clients to ensure consistency of output at the highest level of quality
Bridge Quest is a United States based company with a long history of delivering offshore services to its clients. Through its facility in St. Petersburg Russia, Bridge Quest consistently provides predictable, high quality, and low-risk development services to small to medium size organizations.
INTEGRATED OFFSHORE DEVELOPMENT
Bridge Quest, provides a secure environment staffed by a team of skilled teams engaged in:
- Legacy system maintenance
- Custom application development
- Custom IT development
- Technology localization
Bridge Quest integrates with your development organization acting as Extended Team TM member providing our clients with a cost-effective process-efficient solution.
Planning, monitoring, and reporting are required to ensure that you achieve a reduced total cost (not just low hourly rates). With Bridge Quest, you get metrics-based performance tracking, proactive international communication, and careful knowledge transfer. Our understanding of business issues and various cultures eliminates many of the challenges that can derail an otherwise sound offshore program
With proven program management methodologies and strong communication skills, we effectively manage diverse teams and projects across multiple time zones, while giving you a single point of contact.
Proving a single point of contact is an important issue. Every Bridge Quest client has a dedicated local account manager and project manager in Russia. Through our methods of communications we ensure that we provide a flexible framework for which a free flow of information flows between technical teams. However, providing a local single point of contact guarantees quality and consistency of service.
HIGH-VALUE Offshore Services
Bridge Quest ODC solutions offer small to medium size companies a seamless extension of their development environments. We create value by applying a mix of scalable tools, methods, processes, and technology. Thanks to a mature infrastructure, our seasoned project managers and our offshore developers bring our clients expanded capacity, improved quality, faster time to market, and significant cost savings through efficiencies and reduced offshore labor rates.
For over a decade, Bridge Quest has managed projects in the United States and Europe. This depth of experience provides the flexibility, high quality and the dependability that you should expect from your offshore partner.
Conclusion and Recommendations
DPM (Detail procedural Manual)
We take all possible measures of quality while working on client's application, so that we can deliver the best possible product to our customer. A complete process of our working is mentioned below:
Securing Your Information
If you want to outsource -- and, indeed, you may have no choice but to do so -- the challenge you face involves securing the process without running up such a huge bill for security that the entire practice becomes a financial loser. Despite the risks you face as a company that outsource, you can protect your data when you work with service providers. Here are nine steps you can take to do so:
- Get Your House in Order
- Choose Vendors Carefully
- Principle of Least Usage
- Understand the Privacy and Intellectual Property Mindset
- Use Protection
- Monitor Traffic
- Provide Education
- Conduct Security Audits
- Review Prevention Technologies
Before going outside, make sure your own house is in order. Have a realistic security policy that includes data classification and that distinguishes common from sensitive data, as well as how each type of data should be handled. A good security policy includes clearly understood standards and guidelines that have been agreed upon by both business managers and information technology professionals in your firm.
Make sure the service provider you use also has strict security policies, starting with the hiring process. This rule applies to all types of vendors, but especially to offshore companies. Security policies look great on paper, but make sure they're enforced to the fullest extent. The fact that a vendor doesn't allow people to bring USB devices into an organization is useless, unless there's a specific control that prevents your data from being copied to this type of device or there's a way to disable access to the devices altogether.
Adhere to the principle of least privilege as a guide and have a way to enforce it. In other words, have a means to monitor and enforce material exceptions. If an employee works with 10 records at a time, don't allow access to 10,000 records at one time.
Many countries have very lax intellectual property protection laws. Make sure that the vendor you chose is willing to abide by your privacy and intellectual property policies since a misunderstanding can be costly.
You can address the two issues above with a combination of database monitoring gateways and application layer firewalls. These devices have the ability to enforce usage policies as well as prevent privilege abuse and vulnerability exploitation. Some vendors integrate both functionalities, which is the best approach.
Make sure the service provider monitors outbound Internet traffic and emails for potential information leaks.
Make sure the vendor educates its employees on handling and safeguarding sensitive data, since data disclosure isn't always malicious. Many cases exist where an employee took data home to work on and left it sitting in a laptop in unencrypted files.
Wherever the data is stored, make sure you conduct an application/database security audit as well as regular network security audits. An audit identifies issues with the applications, databases and devices on the network serving them and unearths potential vulnerabilities.
Inquire about prevention technologies and the policies associated with them. Does the service provider have the technology available to control data flow? Are its policies enforced by its IT staff and are they adhered to by employees? For example, if there is sensitive data stored on a specific file server, is there a way of preventing those files from being emailed to other people or copied to removable media?
None of these steps will protect customer's data completely, but they will minimize the risk, exposure and liability data theft brings. A good rule of thumb when dealing with an service provider in an outsourcing scenario is to make sure it has as good a security system as you do, if not better. And make sure your IT team stays on top of the latest advancements in data security. You can't secure what you don't understand.