Global Delivery Model - Infosys Processes Infosys relies on processes to consistently deliver high quality solutions while executing

engagements from multiple locations. Our values, vision and policies form the first level of our three-tiered process architecture. They are implemented through process execution at the next level. These processes are defined by clear ownership using the Entry, Task, Verification, Exit (ETVX) paradigm along with clearly defined roles and responsibilities.

Quality System Documentation (QSD) Quality System Documentation (QSD) lists Infosys best practices in the form of processes. The QSD provides a vast repository of detailed procedures, templates, standards, guidelines and checklists. The QSD is updated every four months. Body of Knowledge (BOK) The Infosys Body of Knowledge (BOK) is a forum to share knowledge gained from experience. It is a central repository of experiential knowledge that can be tapped by peers at Infosys. Process Assets The repository of process assets facilitates the dissemination of "engagement learning" across Infosys. A process asset is information gleaned from an engagement that can be reused during the future engagements.

Process Database The Process Database is a software engineering database to study the processes at Infosys with respect to productivity and quality. Process Capability Baseline (PCB) Process Capability Baseline (PCB) maps out the performance of the process, i.e., what level of productivity and quality can be expected when following the process. Tools Repository The Tools Repository is a centralized repository containing a list of tools that have been evaluated. Quality Quality is ensured across all our processes, interfaces and outputs in management, core and support processes. It helps us deliver long-term excellence, and ultimately, predictability of returns, through the Global Delivery Model (GDM), to all stakeholders. We improve "Execution Excellence" through continuous productivity improvement. We have continuously benchmarked our processes against worldclass standards and models such as ISO 9001-TickIT, SEI-CMM / CMMI, ISO 20000, ISO 27000, AS 9100, TL 9000 and ISO 14001. Regular and rigorous assessments are conducted by reputed external assessors. Our process performance has emerged as better than that of our peers. Infosys has embarked on several strategic improvement initiatives:

Baldrige-based assessment of units for business excellence Organization-wide reuse and tools initiatives for productivity improvement Patent application filed for PROSO, our project scheduling model Program management framework to enable execution of large deals Proactive risk assessment model and approach to mitigate execution risks eSCM Level 4 certification of Infosys BPO by the IT Services Qualification Center (ITSqc) at Carnegie Mellon University Internal quality certification to equip our team members with required skill sets quickly

Tools The practice project management philosophy of Infosys is bolstered by the use of robust tools. We keep the largest and most complex projects on track with the following tools: Integrated Project Management

Integrated Project Management (IPM) is Infosys web-based tool for engagement management. It facilitates efficient and effective project management and addresses the functionality of a typical professional services automation framework. IPM supports the Infosys Global Delivery Model and SEI CMM Level 5 processes. Process Database The process database captures all project performance related metrics at Infosys. This data is used as a framework to construct the organization's process-capability baseline, which is used by project leaders to estimate effort, schedule tasks and predict defect levels during the engagement-planning phase. InFlux InFlux is the Infosys methodology used to define effective IT solutions for enterprise initiatives. It maps the business-process view for all IT initiatives, making it possible to understand the impact of IT on specific processes. Its framework is based on the digital concept of an extended organization that includes suppliers, customers and partners. InFlux allows you to study the roles of different systems and entities and how they function. PRISM Project Reviews by Infosys Senior Management (PRISM) is a web-based Intranet tool to automate the workflow for reviews, in line with engagement schedules and plans. The PRISM tool is a review mechanism that offers a clear picture of the engagement risks involved for a client as well as Infosys. It also drives process improvement and sharing of best practices. Knowledge Management Infosys provides end-to-end workforce collaboration and knowledge management services including Knowledge Management Process Consulting, Collaboration and Knowledge Management Applications, Portals, Content Management, Document Management, Enterprise Application Integration, Security and Workflow. Our Knowledge Management Services help you assess your needs, evaluate technologies and recommend solutions in the context of your business problems. We are at the forefront of introducing new methodologies and practices of knowledge-sharing and adoption. We have launched blogs and customized Wiki solutions to enable communities to collaborate across geographical, time and project boundaries.

Our central knowledge repository hosts over 75,000 knowledge assets, most of which are experiential documents derived from different facets of our business, formal customer deliverables and process-mandated artifacts. Experts from Infosys Knowledge Management group have authored the book Ten Steps to Maturity in Knowledge Management: Lessons in Economy. It focuses on Knowledge Management from a practitioners viewpoint and covers all aspects of planning, design, implementation and assessment of knowledge management. Program Management The project management processes followed by Infosys are in line with the SEI CMM Level 5 requirements. These processes address key aspects of a project across the project life cycle, including: Project planning Project monitoring, reporting procedure and review mechanisms Project risk management Configuration management Change management Issue escalation and resolution Intra-engagement communication with client managers At the outset of every engagement, our robust planning and estimation processes delineate all aspects of the project, including:

Project profile Project processes related to life-cycle, change management, requirements traceability, process tailoring, etc. Deliverables and effort estimates Goals and milestones Project tracking: Tasks, issues, quality, client feedback, reviews, reporting, escalation Defect estimates and defect prevention Project team roles, skills, key personnel, training Risks and mitigation plan Our project management and project quality processes are strengthened by the use of a variety of custom-built as well as third party tools, which help us manage the complexities of the Global Delivery Model (GDM).

Risk Mitigation At Infosys, a detailed plan for risk identification, monitoring and mitigation is a part of project planning. It covers risk identification, prioritization and mitigation options. Our business continuity plans are focused on:

Infrastructure Well-defined business continuity and disaster recovery plans at the organization and client level De-risked global development centers State-of-the-art, fail-safe network connectivity with multiple fall-back options Interoperability to ensure seamless relocation Locations set away from potentially conflict-ridden zones Fully-equipped Offsite Disaster Recovery Facility in Mauritius Security

Stringent physical security and network security Secure human resources practices Regular external audits to ensure compliance and cover blind spots Confidentiality and Privacy

Access restrictions and controls for all information assets Context-dependent security measures including physical isolation of projects, if needed Legal agreements with employees to ensure compliance Agreements under relevant jurisdiction for the client People

Built-in redundancies for key personnel Back-up of project artifacts and experiential repositories Infosys undertook an organization-wide Risk Self-Identification (RSI) exercise. It covered all business units, verticals, service offerings, support groups and subsidiaries. The results offered a deeper, more diverse and quantified feedback on risks. The results of the RSI were collated and categorized and the probability and impact-magnitude assessment was completed. Using the Basic Risk Inventory, we have identified primary risk categories that form the Infosys enterprise-wide Risk Management (IRM) framework. This enables us address actual and potential risk events in a systematic manner.