Customers of outsourcing providers in Ukraine must ensure they have plans in place to move work out of the country in the event of further disruption, an analyst has warned.
Following the Russian annexation of the Crimea and the possibility of armed conflict between Ukraine and Russia, customers have expressed concern at the threat to the country's IT industry.
According to Christine Ferrusi Ross, vice president and principal analyst for sourcing & vendor management at Forrester, customers with IT outsourced to the country should be prepared for any disruption to service delivery. This means speaking to existing suppliers about their ability to shift work outside of the region, or, if this is not possible, looking at alternative providers.
"They should have a risk plan in place as soon as possible. The actions that they could take include asking the provider to switch for them and move their work to another geography. That may or may not be possible depending on what kind of capacity the supplier has in their geographies, and how much work they have to shift for other clients in that other geography."
"If they don't have another supplier - and that is unlikely, as very few will only have a Ukrainian supplier - then they should kick off some kind of an RFI to see what other suppliers might be available to do the work.
Cross said that there are a number of potential risks should the situation escalate. This includes major disruption to a business' operations, and the prospect of data security threats - from both physical and cyber attacks.
"Right now most people are probably worried about the security risk and the delivery risk," she said.
"In this particular situation, service disruption is the most likely thing to be worried about. If things got really bad is it possible for the supplier to outright fail.
Cross continued: "If there were riots and the data centre got destroyed or the servers got stolen then you would have the security risks as well."
So far outsourcing companies operating in the region have claimed that there has been no disruption to service. One of the region's major suppliers, Russian outsourcer LuxSoft, which has a substantial Ukrainian operations, said in a statement that its business is operating as usual. Luxsoft provides services world -wide to large enterprise customers including Credit Suisse and Ford
"In light of the new developments and news headlines, we would like to confirm that Luxoft's business operations in Kiev, Odessa and Dnepropetrovsk are stable and no incidents have been reported in any of these cities. There are no disruptions in transportation, telecommunication or other infrastructure and logistics. We plan to operate on business as usual basis in all three of our delivery centers in Ukraine and will continue posting timely status updates."
Yesterday the CEO of Ciklum, a Danish IT outsourcer, which has thousands of employees in the Ukraine, said that media reports of disruption to business had been overplayed, but warned that customers were concerned with the ongoing situation.
According to Forrester's Cross, customers should revisit their contracts with suppliers and to be clear whether they contain exit clauses for 'cause' - which would need to stipulate specific events incurring, such as outbreak of war in a country - and 'convenience', which would allow them to exit a contract when they want, albeit by paying a fee.
They should also discuss with suppliers about arrangements they have in place around disaster recovery, for example, as well as ensuring that documentation is up to date should they wish to move work to another supplier.
"Generally speaking most companies will just wait it out. They just need to start now if they haven't put their treatment plans in place which say they are going to look for other suppliers, make sure that any work has the correct documentation so that I can take it back when and if they need to do that, and make sure they have tested their disaster recovery and taken extra steps to secure their physical facilities."
"If you didn't have the earlier risk management in place then that is all you can really do right now."