Deep roots: Mala Ramadorai (second from left) with other Maitree members at Banyan Park in Mumbai's Andheri suburb

II haven't seen your wife at maitree meetings for sometime now," calls out Mala Ramadorai to T. Rajagopal, Head of Health Sciences at the IT giant, Tata Consultancy Services (TCS). Dressed in an elegant purple cotton saree, with a big bright red bindi on her forehead, the tall and dusky wife of TCS' CEO S. Ramadorai, isn't complaining about any errant member of a kitty party. Far from it, the 51-year-old Ramadorai-she holds a Master's degree in Hindustani Classical Music and also a Bachelor's in education, and wouldn't be caught dead in a page-three do-is worrying over a missing member of a movement she conceived and launched at TCS a little over two years ago.

Called Maitree (Sanskrit for friend), the initiative started off as a group of employee wives getting together to know each other better, but has now turned into a full-blown employee self-help group involved in everything from counselling to relocation assistance to social work. Says Ramadorai, who thought of Maitree way back in 1997, but gave it a serious look only after she quit her job as Vice Principal of the Bombay International School: "My husband has been with TCS longer than he has been married to me, and sometimes I feel that TCS is his first wife. Instead of grudging him that, I decided to make the most of what being his wife offered me."

TCS seemed like a perfect candidate for an initiative such as Maitree because, Ramadorai says, it had grown tenfold in the last few years and had a workforce scattered all over the world. Maitree, then, as she saw it, would not just weave a far-flung workforce together, but bring their families closer. In another words, enlarge the TCS family. All the employees, their spouses and children anywhere in the world, can become members of Maitree.

One of the key roles that Maitree performs is of helping employees cope with relocation-a constant affair in the company. It does so by creating a network of employees who can tap each other for information on just about everything-where to buy Indian grocery in, say, Minneapolis, which school to send your children to, housing, even the cheapest salon! There's even an intranet where relevant information is loaded for employees and their families to access. Maitree itself has 10 centres in India and 23 centres abroad. Says Rajeswari Padmanabhan, wife of S. Padmanabhan, Vice President, hr and Operations: "When I moved from Chennai to Mumbai two years ago, Maitree helped me a great deal in getting admission for my 12-year-old daughter. Besides, members told me about shops in Bandra where I could find furnishings, vegetables, and even a good doctor."

More Than Just Work

The other important role that Maitree fulfils is of helping employees and their families pursue new hobbies, learn new skills, or simply have fun. Theatre classes, ballroom dancing, guitar and keyboard classes, yoga, chocolate-making, basket weaving, origami are some of the activities that it conducts. That apart, there are treks, cultural programmes, and picnics, which help TCSites bond. "With Maitree, there's always something to look forward to," says Priya Verghese, a management consultant at TCS for the last three years, and who moved to Mumbai from Ahmedabad only recently. Verghese has already signed up for theatre classes after office hours, and feels that her communication skills have "improved tremendously" since she moved to the Mumbai office. Others like Santosh Bhartkar feel that attending yoga classes have helped them improve their performance at work. "So many of us give up our hobbies after we take up work, but with Maitree it doesn't have to be so," says Shrikant Krishnamurthy, who works in the hr department and is learning the guitar and ballroom dancing.

Maitree also encourages employees to give back to the society. Kannan K., a project leader of six months at TCS, takes time off on Saturdays to teach English to underprivileged children at a school in Panvel, New Mumbai. He isn't the only one. Varsha Pednekar, wife of a TCS employee, not just helps out the Panvel school but also an orphanage in Andheri supported by Maitree. Similarly, Rama Mahalingam, wife of TCS CFO, S. Mahalingam, used to help run an adult literacy programme in Chennai, and now that she and her husband have moved to Mumbai, she wants to launch computer-based literacy classes for adults in the city. Says Mahalingam: "Maitree offers me an avenue to do my bit for the underprivileged."

You or any of your family members need counselling? Just ask Maitree. More than a-year-and-a-half ago, it started a counselling service, where it puts the needy TCSite in touch with professional counsellors. The problem could be anything. Too much pressure at work, relocation hassles, an adolescent child acting difficult...Says Hema Iyer, who has been in hr for the last 10 years: "Maitree brings a new dimension to hr. It makes 30,000 people feel like a family. And then everybody gets the feeling that they can make a difference to the society." Iyer herself teaches at a tribal school in Panvel.

What also draws TCSITEs to Maitree is its informal organisation. Here nobody is a boss and nobody a subordinate. "My boss could be learning the guitar from me, but when at Maitree, we are equal," says Rohit Verma, who is into his fourth year at TCS. "We detach ourselves completely from our personal and professional lives when at Maitree," he says. All of Maitree's activities are funded entirely by TCS. At the beginning of each financial year, a budget is presented as a subset of the hr department's. However, some activities are employee contribution-based. "We believe that when they pay for something, they get more serious," explains Ramadorai.

She is now trying to generate active participation of all centres and form core committees to look into that. Often, when members of Maitree get relocated, they go to the new centre and automatically try to start the activities they were a part of at the previous centre. Although Maitree has taken on a life of its own, Ramadorai is reluctant to extend it beyond TCS or go for an NGO status. "We plan to first consolidate before making Maitree into a movement and spreading it across other Tata group companies," says Ramadorai. But there's little doubt that she's onto something as big as what her other half has wrought at the it giant.

Protecting Customer Data BPOs turn to a new certification to reassure customers.

Security comes first: An EXL employee in Noida passes through a random check at the entrance It's half past one, and time for the first shift to log in at EXL Service in Noida, near Delhi. As the BPO's young workers start trooping in, a security guard greets them at the entrance. Following a quick frisking, each one of them is made to dip his or her hand into a wooden box, closed on all sides except for two circular openings, and pick one of the several coloured golf balls inside. Pick red and your bag is liable to be searched; pick white, you are spared the checking. It's simply EXL's way of randomising searches on employees reporting for work. But by turning it into a game of chance, the five-year-old outfit has made it less personal and embarrassing for its employees. Besides, even EXL's CEO, Vikram Talwar, must go through the routine. Not that it is necessary, but simply because it sends out the right message-that client data secruity is non-negotiable and everyone is responsible for keeping it that way. But EXL is hardly the only company to go out of its way to protect sensitive information that it handles on behalf of its customers. As data security becomes another bogey being raised to prevent offshoring of work to India (remember, CapitalOne pulled out of Spectramind recently for the same reason), the top BPOs in the country are paying more attention to systems and certifications designed to make data inviolable and, hence, increase customer comfort. In any case, both the US and Europe have laws that make data protection mandatory. THE 10 MANTRAS OF BS7799 » Define security policy so that all employees know of it » Organise resources and assets to manage information security » Classify data into different categories of sensitivity » Pay attention to physical and environmental security » Provide personnel security to reduce opportunities for theft » Communicate security policy across the organisation » Control access to sensitive zones to prevent leakage of data » Build security into the information systems » Plan disaster recovery for continuity of business activities » Comply with legal requirements to avoid breach of obligations It's All About Data Sanctity While frisking and random searches do help, they do not aid in creating a company-wide policy on data security or make it part of the organisational culture. For that, the more progressive BPOs are turning to a certification called BS7799, offered in India by bodies such as BVQI, DNV, and STQC. What is BS7799? Unlike the ISO series, this one is prescriptive in nature and defines what a BPO needs to do in order to establish, implement, and document an effective information security management system (isms) based on international best practices in the industry. The idea is to help a vendor identify, manage, and minimise the wide range of threats to which information is subjected, 24 hours a day. There are three primary components to BS7799: confidentiality, integrity, and availability of data (CIA). According to the certification, there are 10 guiding principles essential for an effectiveisms (See The 10 Mantras of BS7799). Says Narasimha Kini, Vice President (Internal Audit, Legal and Compliance), EXL: "This certificate is the only standard in the world that comprehensively defines the isms requirement and controls." Adds Raman Roy, Chairman and Managing Director, Wipro Spectramind: "For BPOs that are into financial services, the certification is a question of hygiene." Roy isn't exaggerating. Information assets of clients can include things like their customer lists, account and credit information, personal information, health records, project plans, and details on the most profitable customers-data that would be priceless in the hands of a rival, or simply an unscrupulous employee. Not surprisingly, then, almost all the top BPOs, including Spectramind, EXL, ICICI One Source, MsourcE (now merged with Mphasis), Progeon, have the BS7799 certification. Getting one isn't easy, though. It takes anywhere between nine and 12 months before a company can aspire to qualify for the certification, which is only valid for three years. There are at least three different kinds of audits that a vendor must go through: Internal, external (by the certifying agency), and customer-led. Says Akshaya Bhargava, CEO, Progeon, an Infosys arm: "Besides implying control, it creates discipline." The best way to prevent theft of critical data is to minimise opportunities for theft. Ergo, the BPOs have come with a wide variety of security checks. To start with, the work area is divided into different zones, and access is restricted to concerned personnel and senior executives. At most of these companies, desk drawers or cabinets are not provided to "agents" and those that do provide, like MsourcE, check them regularly. While most of the information relating to customer interaction is fed directly into the computer, writing sheets are provided, albeit in limited numbers. No piece of paper can be carried out of the office. Workstations are set up with even more care. Typically, disk drives are disabled, there is no internet access, the print command in the software is disabled, and, at ICICI One Source, the desktops are "hardened" to ensure that no unauthorised software can be loaded. At Progeon, one cannot even access the internal LAN from a customer terminal. Cell phones are banned on the "floor" of most BPOs. Eventually, though, what makes the system foolproof is employee education. To that end, BPOs such as EXL have set up a management information security forum. It not just guides all the internal audits and data security activities, but also identifies potential chinks in the security armour that need periodic checks. Says Sanjiv Dalal, CTO, ICICI One Source: "No policy is effective unless communicated to all across the organisation." For the BPO workers, the workplace may feel like a high-security penitentiary. But when it's sensitive customer data that you are dealing with, one can't be too cautious. -Supriya Shrinate