Mumbai attacks spur reality check even as major companies are left unscathed.The big fear of offshore outsourcing customers has become a reality: a major bombing attack in an outsourcing hub.
On July 11, at least 200 commuters were killed by terrorist bombings in Mumbai, India, a key outsourcing locale. In the wake of the attacks, outsourcing providers in Mumbai scrambled to make sure employees and customer data were safe and secure. Meanwhile, outsourcing customers sought reassurances that their Indian partners could handle future unforeseen events.
The terrorist attack in Mumbai—and conflict between Israel and Lebanon, for that matter—raises a series of questions for companies sourcing technology globally. Do you know the disaster recovery plans of your offshore services provider? Are its plans integrated with yours? And how prepared is your provider?
Louis Rosenthal, managing director of group shared services for IT for ABN AMRO Bank in Chicago, said he has inspected the readiness of his outsourcing providers, which include Tata Consultancy Services, Infosys Technologies and Patni Computer Systems.
"We were very explicit about the construction, operation, location and resilience of the offshore development centers that our vendors developed for us. These facilities are in Mumbai, as well as a number of other cities," said Rosenthal, whose operations werent affected by the bombings.
Heres an early survey of how the leading players in India handled the Mumbai attack.
For Tata Consultancy Services, with 16,000 employees at 16 locations in Mumbai, including its headquarters, the margin between safety and disaster was a narrow one. Because Tata workers routinely stay at work until after 6:30 p.m., the hour of last weeks attacks, TCS several thousand employees who take Mumbais commuter trains escaped the explosions—no TCS employees were killed or injured in the blasts.
Nonetheless, the TCS crisis management center in Chennai—on the other side of the Indian subcontinent—was activated. Augmented by human resources and security staff, TCS managers in Mumbai called workers to tell those at work to stay put and those who were on the night shift to stay at home, said R. Vaidhyanathan, the TCS corporate crisis management leader in Chennai. TCS backs up critical data from its Mumbai offices to Chennai and can shift operations to Chennai and Bangalore in emergencies.
Patni Computer Systems, which has major operations in Mumbai, was touched by the attacks. "One employees father was killed, and another employees wife was on another car on one of the trains and was really spooked," said Russell Boekenkroeger, executive vice president of Patni, in Cambridge, Mass.
Even though Indias biggest technology center, Bangalore, was unscathed, reverberations of the Mumbai attacks were felt. "This particular episode doesnt have any impact. But our customers are interested in understanding in detail our business continuity planning," said Nandan Nilekani, CEO of Infosys in Bangalore, in an interview. Infosys has a disaster recovery facility on the island of Mauritius, near Madagascar, and simulates many scenarios, including flooding and political violence. "Customers come in and evaluate our plans," Nilekani said.
Customers of these Indian giants said the response to the Mumbai attack was encouraging. Indymac Bank, in Pasadena, Calif., outsources business processes such as credit risk analysis, incentive compensation calculations and back-office servicing to WNS Global Services in Mumbai. "Our first concern was an impact on operations. The vendor was in contact with us immediately," said Mark Nelson, executive vice president of global resources at Indymac.
"We were hoping the people were OK. The people on the evening shift had already arrived. The cell lines were jammed, but text messaging worked. They tracked everyone down, and they were OK," said Nelson. WNS has 75 people working on the Indymac account in Mumbai. Indymac also contracts with outsourcer Cognizant for application development in Pune, India, about 90 miles from Mumbai. In all cases, Indymacs data resides entirely in the United States. "It never goes offshore. People access our systems by way of secure lines," said Nelson.
LeftHand Networks, a storage software vendor that contracts with Patni for product development work, replicates all its project data at its offices in Boulder, Colo. Still, Bill Chambers, chairman and CEO of LeftHand, was on the phone to Patni in Mumbai to make sure the 50 Patni employees working on his project were safe.
"Its a terrible and a tragic event. The first thing I did was to call and make sure our team and their families were safe. And everyone was safe," said Chambers.
For their parts, Chambers, Nelson and Rosenthal agreed that the attacks dont affect their move to expand global operations. "Pulling back doesnt make sense," said Chambers.
Rosenthal said ABN AMRO has prepared for numerous unpredictable events since the attacks on the World Trade Center on Sept. 11, 2001. "We didnt stop doing business in New York City or London after similar incidents, and well continue with our technology program in India," he said in an e-mail interview, adding that ABN AMRO also has significant operations in Florida, which has been roiled during hurricane season.
Be prepared
Reliance on offshore outsourcers means U.S. companies must review their partners business continuity plans. Heres a checklist:
Know where your data is: Critical data must be mirrored in at least two cities. It may pay to keep all data in the United States.
Be able to locate team members: Make sure employees working on your project can be reached in an emergency—text messaging may still work when cell phone lines are jammed.
Make sure that workers can connect remotely: Dial-up connections may be the only ones available in many areas.
Verify that your providers business continuity plans are up-to-date: Fast-growing outsourcers work forces and office spaces are constantly changing.
Source: eWEEK reporting
IT Management 
