The $4.2M Mistake That Started This Guide
A $4.2M managed services deal looked solid on paper, experienced vendor, full team promised, fast execution. Within months, attrition hit, key architects disappeared, compliance gaps surfaced, and critical clauses were missing. No fraud, just a slow, expensive breakdown that delayed go-live and drained value.
This is exactly the risk enterprises face when hiring tech talent in India without deep vendor and talent validation. The market is large, but consistency and reliability vary widely.
The stakes are rising fast. According to Statista – IT Services Market India, India’s IT services market is projected to reach over $30 billion in 2026, driven by global enterprise demand for offshore tech talent making vendor selection and hiring quality more critical than ever.
The problem is not access to talent. It’s knowing how to evaluate it, structure engagements, and avoid costly execution gaps.
This guide is built to help enterprise buyers do exactly that before mistakes become multi-million dollar lessons.
TL;DR 8 Answers Before You Read Further
| Question | Answer |
| What does a Senior Salesforce CTA-track architect cost from India? | $75–115/hr fully loaded. Section 5 shows the full stack. |
| The fastest I can close 50 enterprise engineers? | 45–60 days with a pre-vetted bench. 90+ if starting cold. |
| Should I set up my own GCC or use a vendor? | Under 40 hires/year: vendor wins on TCO. Over 60 hires with a 5-year horizon: BOT or captive makes sense. |
| Which city has the deepest Salesforce / SAP / ServiceNow talent? | Bangalore (Salesforce, Cloud, GenAI), Pune (SAP, Guidewire), Hyderabad (ServiceNow, Microsoft), Gurgaon (BFSI/Capital Markets), Chennai (Oracle, BFSI). |
| What compliance certs should I require from my vendor? | ISO 27001:2022, DPDP Act §10 DPA addendum, GDPR Art. 28(3) if EU data touches India. Verify against the issuing body. Not PDFs the vendor sends you. |
| What's the most commonly missing contract clause? | The IP Assignment Deed per engineer, individually executed. Most MSAs skip it. Section 9 has the replacement language. |
| What's typical attrition for enterprise consultants in India? | 12–15% for SAP / Guidewire / Salesforce specialists. Industry-wide IT average is 22%. Per the Supersourcing GCC Benchmark 2026. |
| How do I know if a candidate actually has the experience claimed? | Section 8. Resume signals, LinkedIn cross-checks, certification registry verification, and the 5 questions that expose fake seniority on any enterprise stack. |
Are You Actually Ready for This?
Before you evaluate vendors, evaluate yourself. Most failed offshore engagements aren’t vendor failures. They’re buyer-readiness failures the vendor gladly signed around.
Score each: 0 (not in place), 2 (partially), 4 (done).
| # | Criterion | Score |
| 1 | Named India engagement owner. One person. Not a committee. | 0/2/4 |
| 2 | JD library defined for the roles you’re hiring | 0/2/4 |
| 3 | Technical interview panel available within 5 business days | 0/2/4 |
| 4 | Legal has an MSA review SLA under 15 business days | 0/2/4 |
| 5 | Data classification policy covering offshore handling | 0/2/4 |
| 6 | Approved vendor due-diligence checklist | 0/2/4 |
| 7 | CISO has signed off on the security baseline for offshore vendors | 0/2/4 |
| 8 | Remote onboarding process documented | 0/2/4 |
| 9 | Tooling approved — VPN, BYOD vs. managed device | 0/2/4 |
| 10 | Escalation path defined: vendor PM → your VP Eng → your CPO | 0/2/4 |
| 11 | Engagement model decided: augmentation, BOT, or EOR | 0/2/4 |
| 12 | Year 1 budget approved with ≥15% variance buffer | 0/2/4 |
| 13 | KPIs defined — velocity, defect rate, CSAT | 0/2/4 |
| 14 | IP ownership language already in your MSA template | 0/2/4 |
| 15 | Finance can process USD-denominated invoices within 30 days | 0/2/4 |
What your score means:
| Score | Tier | Reality check |
| 48–60 | Scaler | You’re ready. This guide is a checklist. |
| 34–46 | Builder | 3–4 gaps. They’ll cost you the first 60 days. Fix them before signing. |
| 20–32 | Explorer | Significant internal work needed. Don’t sign an MSA yet. |
| 0–18 | Pre-Stage | You’re 90 days away from a productive offshore engagement. Start internally. |
From the deal floor: A Fortune 500 retail bank’s CTO scored 22 on this. Then signed a $3.8M SAP S/4HANA augmentation contract anyway. The first 90 days were chaos with no vendor access policy, legal took 34 days per SOW amendment. The score predicted the outcome exactly.
The Market in 2026
India’s IT services market crossed $254B in FY2025, per NASSCOM. That number hides what matters for enterprise buyers: India is not a cost arbitrage play anymore. For high-margin stacks Salesforce, SAP, ServiceNow, Databricks, GenAI architecture India produces more certified talent per year than any other non-US geography.
India now hosts 1,780+ active Global Capability Centers, up from 1,430 in 2023, per Zinnov’s GCC State of the Market report. A third of Fortune 500 companies run core platform engineering from India. Your competitors already have 40-to-200-person India teams on the same stacks you’re trying to hire.
Where the talent actually lives:
| City | Dominant Stacks | Why |
| Bangalore | Salesforce, GenAI/LLM, Cloud (AWS/GCP), Databricks, Snowflake, Platform Engineering | Highest density of ISV-trained architects. Google, AWS, Salesforce all have major engineering hubs here. |
| Pune | SAP S/4HANA, Guidewire, Oracle EBS/Fusion, Pega | TCS/Infosys SAP CoEs dominant. Proximity to Mumbai BFSI client base. |
| Hyderabad | ServiceNow, Microsoft Dynamics 365, Workday, Power Platform | Microsoft India HQ effect. Large HRSD and ITSM consultant pool. |
| Gurgaon | Murex, Calypso, Temenos, FIS, capital markets platforms | BFSI GCCs concentrated here. Proximity to the Indian financial regulator ecosystem. |
| Chennai | Oracle Financials, BFSI core banking, mainframe modernization | Deep TCS/Cognizant legacy. Strong COBOL-to-Java modernization talent. |
Supersourcing Index: Across 1,200+ enterprise placements in Supersourcing’s 2025–26 pipeline, median time-to-fill for a Senior Databricks Lead Engineer in Bangalore was 17 calendar days. For a Murex Senior Consultant in Gurgaon shallower pool median was 34 days.
Salesforce has 196,000+ certified professionals in India. CTA-track architects, the ones enterprise programs actually need, number closer to 2,800 actively available. That gap is the difference between a vendor’s promise and your actual hiring timeline.
Red flag: Any vendor who says they can deliver a ServiceNow Certified Technical Architect in under 10 days is lying about certification status or about to poach from an active client. The ServiceNow CTA community in India is under 400 active practitioners. Supersourcing’s median availability: 22 days.
What You’re Really Paying
Most buyers see a rate card and think they understand the cost. They don’t. Four layers sit between an engineer’s CTC and your invoice.
Layer 1 Gross CTC
All USD conversions at ₹96.4/$1 current rate as of May 2026.
| Role | Gross CTC (₹ LPA) | USD Equivalent |
| Salesforce CTA-track Architect (8–12 yr) | ₹48–80L | $49,800–$83,000 |
| SAP S/4HANA FICO Lead (10+ yr) | ₹42–72L | $43,600–$74,700 |
| ServiceNow CTA (8–12 yr) | ₹52–88L | $53,900–$91,300 |
| Workday Integration Lead (7–10 yr) | ₹38–62L | $39,400–$64,300 |
| Databricks Lead Data Engineer (6–10 yr) | ₹40–68L | $41,500–$70,500 |
| GenAI / LLM Architect (5–8 yr) | ₹52–95L | $53,900–$98,500 |
| Cloud Solutions Architect AWS/Azure Pro (8+ yr) | ₹38–65L | $39,400–$67,400 |
| Kubernetes / Platform Engineer, Senior (6–9 yr) | ₹32–55L | $33,200–$57,000 |
| IAM Architect SailPoint/CyberArk (7–10 yr) | ₹42–72L | $43,600–$74,700 |
| Guidewire Lead Developer (6–10 yr) | ₹44–74L | $45,600–$76,700 |
| Murex / Calypso Senior Consultant (8–12 yr) | ₹55–95L | $57,000–$98,500 |
Layer 2 Statutory Employer Burden
Non-negotiable. Often invisible to buyers. The vendor pays this on top of CTC.
| Item | Rate | Law |
| Provident Fund (employer) | 12% of basic | Employees’ Provident Funds Act, 1952 |
| ESIC (employer) | 3.25% of gross wages | Employees’ State Insurance Act, 1948 |
| Gratuity provision | ~4.8% of basic (actuarial) | Payment of Gratuity Act, 1972 |
| Professional Tax | ₹200/month (state-dependent) | State legislation |
| Labour Welfare Fund | ₹6–36/year | State LWF Acts |
| Bonus Act provision | 8.33–20% of eligible salary | Payment of Bonus Act, 1965 |
Effective employer burden: 18–22% on top of CTC. Any vendor quoting “CTC + 15%” is undercounting their own cost base or passing the shortfall into attrition.
Layer 3 Vendor Operating Overhead
Bench cost, recruiter cost, account management, IT infrastructure, office lease, compliance. At a well-run enterprise staffing firm: 12–18% of delivered cost.
Layer 4 Vendor Margin
Enterprise augmentation margins at Supersourcing’s scale: 18–24%. Boutique vendors claim 12%, but bench and attrition replacement costs eat most of that. The net economics end up similar. What changes is whether the margin gets reinvested into talent quality or extracted.
The Fully-Loaded Rate (Supersourcing Index 2026)
| Role | India Rate | US Equivalent | Annual Saving Per FTE |
| Salesforce Tech Architect (CTA-track) | $75–115/hr | $175–250/hr | $187K–$280K |
| SAP S/4HANA FICO Lead | $70–105/hr | $160–230/hr | $182K–$260K |
| ServiceNow CTA | $80–120/hr | $180–260/hr | $187K–$291K |
| Workday Integration Lead | $65–95/hr | $150–210/hr | $176K–$239K |
| Databricks Lead Data Engineer | $58–88/hr | $145–200/hr | $181K–$234K |
| GenAI / LLM Architect | $85–135/hr | $200–300/hr | $239K–$343K |
| Cloud Solutions Architect (AWS/Azure Pro) | $65–95/hr | $150–210/hr | $176K–$239K |
| Kubernetes / Platform Engineer, Senior | $55–82/hr | $130–185/hr | $156K–$215K |
| IAM Architect (SailPoint/CyberArk) | $70–105/hr | $155–220/hr | $176K–$239K |
| Guidewire Lead Developer | $72–105/hr | $160–230/hr | $182K–$260K |
| Murex / Calypso Senior Consultant | $90–135/hr | $200–290/hr | $228K–$322K |
At a 20-engineer team on enterprise stacks, the blended annual saving versus equivalent US hiring runs $3.5M–$5.2M. That’s not a rounding error. That’s a product line.
From the deal floor: A UK-headquartered global bank was billing a Murex Senior Consultant at $88/hr. We independently verified the engineer’s CTC was ₹58L about $60,200 at current rates. After employer burden and margin, the real billing rate should have been around $102/hr. The vendor had been running a silent margin expansion for 18 months. An audit rights clause would have caught it. They didn’t have one.
Red flag: Any vendor quoting a GenAI Architect under $75/hr is misrepresenting seniority or paying below-market CTC. Below-market CTC means that engineer is being recruited by your competitors right now.
Three Models, One Decision
| Dimension | Staff Augmentation | BOT GCC | Direct EOR / Captive |
| Ideal headcount | 5–60 | 40–200 | 60+, 5-year horizon |
| Time to first hire | 15–45 days | 90–180 days | 120–240 days |
| Indian entity required? | No | No (vendor operates it) | Yes |
| Capital outlay, Year 1 | Low (pure opex) | Medium ($150K–$400K setup) | High ($500K–$2M setup) |
| IP posture | Via MSA/IP Deed | Contractually complex | Clean your entity, your code |
| Attrition exposure | On vendor | Shared | Fully on buyer |
| Compliance burden | On vendor | Shared | Fully on buyer |
| Exit flexibility | High 30–90 day notice | Low after transfer | Very low |
| Where Supersourcing wins | Our core product | We build and operate; you transfer at Year 3 | We advise; EOR like Deel/Rippling is better here |
For most enterprise buyers at 20–100 hires/year, the answer is staff augmentation with a vendor operating at GCC-grade governance dedicated pod, project-level onboarding, RAID log discipline, weekly governance. That delivers captive GCC economics without the 18-month setup cost and Indian entity overhead.
From the deal floor: A DAX-listed industrial manufacturer started as a pure staff-aug engagement in 2021 65 SAP S/4HANA consultants in Bangalore. By 2023 they had enough conviction to initiate a BOT. Transfer is planned for Q2 2026. They inherit a 71-person team, three years of institutional knowledge, and a Bangalore lease already negotiated. Total BOT setup fee: $280K. Doing it cold via EOR from day one would have cost $1.4M+ in entity setup, compliance infrastructure, and HR headcount.
How We Vet And How You Should Too
Most vendors run two steps: resume screen, one technical call. That’s how you get a Salesforce “Senior Developer” who’s never touched CPQ in production and a “Cloud Architect” whose AWS cert expired in 2022.
Here are all seven layers.
Layer 1 JD-Fit Scoring
Automated NLP scoring against the JD. Minimum threshold: 72% match on enterprise platform certifications, version-specific experience, and industry vertical. Below threshold doesn’t advance regardless of years on a CV.
Layer 2 Certification Verification
Every cert cross-checked against the issuing body’s public registry:
- Salesforce: trailhead.salesforce.com/credentials/verification
- ServiceNow: Now Learning transcript verification
- SAP: certifications.sap.com
- AWS/Azure/GCP: Credly + provider registry
- Databricks: Databricks Academy Credential Center
Red flag: Any vendor who can’t produce a direct registry link for a certification within 24 hours. “We’ll follow up” means it hasn’t been verified.
Layer 3 Async Technical Screen
90 minutes, proctored. Passing score: 75th percentile for the target enterprise stack. Clients get the full transcript on request. Not a summary of the actual results.
Layer 4 Live Architecture Review
60-minute panel. Client’s technical lead participates. For Salesforce CTA-track: a data model and org strategy challenge. For SAP S/4HANA: a FICO integration and custom enhancement scenario. For Databricks: a real-time ingestion and medallion architecture design. Rubric shared before the call not after.
Layer 5 Version-Specific Certification Check
Not just whether the cert exists, whether it’s current and matches the client’s production environment. A Workday HCM consultant certified on 2022R1 may have real gaps on 2025 updates. We document version-specific experience, not just the certification year.
Layer 6 Engagement Fit
30 minutes on four things: communication under pressure, stakeholder management experience, cross-timezone track record, and attrition risk indicators. Most vendors skip this. It’s where Supersourcing’s 11% attrition rate vs. the industry’s 19% is built. (Supersourcing GCC Benchmark 2026, n=340 engagements.)
Layer 7 Backchannel Reference
LinkedIn alumni cross-check on at least two former managers before any offer. Not “please send references” we find and contact former leads independently, with candidate consent. Results go in the candidate handover file.
From the deal floor: A NYSE-listed P&C insurer ran Layer 7 on a proposed Guidewire Lead Architect. The candidate had described a “project delivery” as “program leadership” , a distinction that mattered because the SOW required two full PolicyCenter go-lives in a lead capacity. He had one, as a supporting contributor. Caught before contract. Not after six months on-site.
How to Verify Experience Claims
This is the section most buyers skip. It’s also where the most money gets lost.
A CV that says “8 years Salesforce, 3 full implementations, CTA-track” is a starting point not a fact. Here is exactly how to verify what’s claimed, role by role.
The Universal Verification Framework
Run this on every candidate regardless of stack.
Step 1 The LinkedIn Timeline Check
Open the candidate’s LinkedIn profile. Map every role to a date range. Look for:
- Gaps over 3 months with no explanation
- Roles listed as “Senior” or “Lead” with tenures under 12 months you can’t lead a full implementation cycle in under a year on any enterprise platform
- Certifications listed with no date on LinkedIn, certs can be added without ever being earned
- Company names that don’t appear on Google, MCA filings, or LinkedIn company pages ghost employers are a real pattern in India IT resumes
Step 2 The Implementation Count Check
Ask the candidate directly: “Walk me through each full-cycle implementation you’ve led, client name or anonymized, platform version, team size, your specific role, and go-live date.”
Strong candidates answer this in detail within 60 seconds. Weak candidates immediately generalize “I’ve worked on multiple large projects across various clients.” That answer means they cannot name a single one.
Step 3 The Version Specificity Test
Every enterprise platform releases major updates 1–2 times per year. A genuine expert knows which version they’ve worked on and what changed between versions. Ask:
- SAP: “What’s the difference between how document splitting works in ECC 6.0 versus S/4HANA Universal Journal?” A real FICO lead answers without hesitation.
- Salesforce: “How does the Salesforce Data Cloud identity resolution model differ from the legacy Customer 360 approach?” A real architect knows exactly.
- ServiceNow: “What changed in the MID Server architecture between Tokyo and Utah?” A real ITSM architect can tell you.
If the candidate gives a vague answer or pivots to general concepts, they’ve worked on documentation not the platform.
Step 4 The Failure Question
Ask: “Tell me about an implementation that went wrong while you were on it and what your specific role was in recovering it.”
Candidates with real production experience have specific failure stories: they remember the client, the problem, the fix, the timeline. Candidates with CV-padded experience give theoretical answers about “managing stakeholder expectations” and “following best practices.”
Step 5 Certification Registry Verification
Don’t accept a certificate PDF. Verify directly:
| Platform | Registry URL | What to Check |
| Salesforce | trailhead.salesforce.com/credentials/verification | Name, certification title, status (Active/Expired) |
| SAP | certifications.sap.com | Certificate ID, specific module, expiry |
| ServiceNow | nowlearning.servicenow.com | Credential ID, version-specific cert |
| AWS | aws.amazon.com/verification | Validation number, expiry date |
| Azure | learn.microsoft.com/certifications | Transcript ID |
| GCP | cloud.google.com/certification/verify | Certificate ID |
| Databricks | credentials.databricks.com | Badge verification link |
| Workday | workday.com/en-us/partners/services-partners | Partner directory cross-check |
A cert that cannot be verified on the issuing body’s registry in under 5 minutes does not exist.
Role-Specific Experience Red Flags
Salesforce
| Claim | How to Verify | Red Flag |
| “CTA-track Architect” | Ask for their Trailhead profile URL and check their Superbadge and Architect credential stack | No System Architect or Application Architect cert on a claimed CTA-track = misrepresented seniority |
| “Led 3 full-cycle implementations” | Ask for go-live dates and client verticals they should remember both without prompting | Can’t name a single client vertical or go-live year = CV inflation |
| “Salesforce Data Cloud experience” | Ask: “Describe your approach to identity resolution and what happens when a known individual has conflicting email addresses across channels” | Vague answer = read the documentation, never implemented |
| “CPQ certified” | Check Trailhead registry for CPQ Specialist credential | CPQ Specialist cert is a separate credential from core Salesforce many “CPQ experienced” candidates don’t have it |
SAP S/4HANA
| Claim | How to Verify | Red Flag |
| “S/4HANA Lead” | Ask: “What’s your experience with SAP Readiness Check and the Simplification Item Catalog?” | Doesn’t know the Simplification Item Catalog = has never run a brownfield migration assessment |
| “FICO experience” | Ask: “Walk me through how document splitting is configured for profit center accounting in S/4HANA” | Gives an ECC 6.0 answer = has never worked in S/4HANA production |
| “ABAP OO certified” | Check certifications.sap.com for C_TAW12 or equivalent | No current cert + can’t explain polymorphism in ABAP context = junior presenting as senior |
| “Integration experience” | Ask: “How would you approach replacing an RFC-based integration with an API-first approach on BTP?” | Can’t describe BTP Integration Suite vs. PI/PO tradeoffs = ECC-era experience only |
ServiceNow
| Claim | How to Verify | Red Flag |
| “CTA” | Check nowlearning.servicenow.com for the CTA credential there are fewer than 400 in India | No verifiable CTA credential = not a CTA, regardless of what the CV says |
| “ITOM Visibility experience” | Ask: “Describe your MID Server topology design for a 30,000-device environment” | Can’t describe horizontal vs. vertical MID Server scaling = has read the docs, not implemented |
| “Flow Designer experience” | Ask: “When do you choose Flow Designer over Workflow Editor and what are the upgrade safety implications?” | Says “Flow Designer is newer so I prefer it” without mentioning upgrade safety = surface-level knowledge |
| “HRSD implementation” | Ask: “How do you handle the Now Platform’s lifecycle event framework for onboarding across multiple countries?” | Generic answer = demo environment experience, not production |
Databricks
| Claim | How to Verify | Red Flag |
| “Lead Data Engineer” | Ask: “Walk me through your medallion architecture design decisions for a streaming ingestion use case” | Can’t describe Bronze/Silver/Gold layer schema evolution = has used Databricks notebooks, not architected at scale |
| “Databricks certified” | Verify at credentials.databricks.com | Databricks Professional cert vs. Associate cert many “Databricks experts” only hold Associate |
| “MLflow experience” | Ask: “How do you manage model versioning and stage transitions in a production MLflow environment?” | Vague answer about “tracking experiments” = never pushed a model to production |
| “Unity Catalog experience” | Ask: “How does Unity Catalog’s metastore architecture change your approach to data governance vs. Hive metastore?” | Doesn’t know Unity Catalog = their Databricks experience predates 2022 |
GenAI / LLM
This is where CV inflation is most rampant right now. Everyone added “GenAI” to their resume in 2025–2026. Very few have production LLM deployments at enterprise scale.
| Claim | How to Verify | Red Flag |
| “LLM Architect” | Ask: “Describe your approach to RAG pipeline design chunking strategy, embedding model selection, vector store choice, and retrieval evaluation” | Can’t go beyond “I use LangChain” = has built demos, not production systems |
| “Agentic AI experience” | Ask: “How do you handle tool call failures and retry logic in a multi-agent orchestration framework?” | Hasn’t thought about failure handling = tutorial experience only |
| “Fine-tuning experience” | Ask: “What’s your approach to evaluating when fine-tuning is the right choice vs. prompt engineering vs. RAG?” | Says “fine-tuning always gives better results” = doesn’t understand the cost/quality tradeoff |
| “Production LLM deployment” | Ask: “What latency and cost optimization techniques have you used to serve LLM responses in a user-facing product at scale?” | Can’t discuss quantization, caching, or batching = never deployed to production |
IAM
| Claim | How to Verify | Red Flag |
| “SailPoint Architect” | Ask: “How do you design a joiner-mover-leaver lifecycle across a hybrid AD/cloud environment in SailPoint IdentityNow?” | Generic IAM answer not specific to SailPoint = has used the product, not architected it |
| “Okta certified” | Check Okta’s certification verification at okta.com/learning | Okta Certified Professional vs. Certified Consultant vs. Certified Architect levels matter |
| “Zero Trust architect” | Ask: “How do you design a Zero Trust network access policy for a workforce that uses both managed and BYOD devices?” | Says “Zero Trust means verify everyone” without describing policy engine design = buzzword knowledge |
| “CyberArk experience” | Ask: “Walk me through your approach to onboarding privileged accounts for a cloud-native environment in CyberArk PAM” | Can’t describe the difference between CyberArk’s safe model and modern secrets management = vault admin experience, not architect |
The Reference Check That Actually Works
Most reference checks are useless because buyers ask the wrong people the wrong questions. Here’s what works:
Who to ask: Former direct managers or tech leads not HR, not the candidate’s colleagues. Find them on LinkedIn independently. Don’t use the list the candidate provides.
What to ask:
- “In what specific situations did this person demonstrate they could operate independently on [platform] without senior oversight?”
- “Can you give me an example of a technical decision they made that you disagreed with at the time?”
- “Would you hire them again for a senior individual contributor role, and why or why not?”
Question 2 is the most revealing. Former managers of strong engineers can always answer it because strong engineers make real decisions, some of which their managers questioned. If the answer is “no, I agreed with everything they did,” either the engineer had no real ownership or the reference is being managed.
From the deal floor: A US-based healthcare SaaS company ran an independent reference check on a proposed Salesforce Health Cloud architect. The vendor’s provided references gave glowing feedback. The independently found reference to a former tech lead at the candidate’s previous employer said: “She’s a strong developer but I wouldn’t call her an architect. She’s never owned an org design decision from start to finish.” The client adjusted the SOW to a Senior Developer role and saved $18/hr for 18 months. That’s $67K.
The Contract Stack
The average enterprise engagement has six documents: MSA, SOW, NDA, DPA, IP Assignment Deed, Non-Solicitation Agreement. Most buyers negotiate the MSA and SOW. The three they skip are where the risk lives.
The IP Assignment Deed Most Commonly Missing
What most MSAs say:
“All work products created under this Agreement shall be the property of the Client.”
Why that’s not enough: Under Indian law (Copyright Act, 1957, §17), if the engineer is employed by the vendor, not you, the default IP owner is the vendor’s employer. A generic MSA clause gives you a contractual right, not a statutory IP transfer. Without a deed signed by the actual creating engineer, you have a claim, not ownership.
Supersourcing-recommended language (IP Assignment Deed, Clause 3.1):
“The Vendor shall ensure that each Assigned Personnel executes an individual Deed of Assignment in the form set out in Schedule A, assigning all right, title, and interest in any work product, invention, or development created in connection with Services under this Agreement to the Client, effective as of the date of creation. Such assignment shall be irrevocable and worldwide in scope. The Vendor shall deliver executed Deeds within 5 business days of each Assigned Personnel’s commencement date.”
The Non-Solicitation Clause Bidirectional or Useless
What most MSAs say:
“Neither party shall solicit the other party’s employees during the term of this Agreement.”
What it should say:
“Neither party shall, directly or indirectly, solicit, recruit, or hire any employee or contractor of the other party who has been involved in the performance of IT Services under this Agreement during the Term and for 24 months following termination, without prior written consent. In the event of breach, the breaching party shall pay a fee equal to 20% of such individual’s annualized compensation as liquidated damages.”
The DPA Non-Negotiable for EU or US Healthcare Data
Required clauses with statutory citations:
- GDPR: Art. 28(3) processor obligations, Art. 32 technical security measures, Art. 33 72-hour breach notification to Client
- DPDP Act 2023 (India): §10 obligations for Data Processors handling Indian personal data; §9 consent management
- HIPAA (if US healthcare): §164.314(a) Business Associate Agreement; §164.308(b) subcontractor chain requirements
- CERT-In 6-hour rule: India’s CERT-In Directions (April 2022) require vendors to report incidents to CERT-In within 6 hours. Your DPA must require simultaneous client notification.
The SOW Where Deliverables Get Defined
Remove this:
“Vendor shall provide resources meeting the qualifications described in Exhibit A.”
Replace with:
“Vendor shall provide resources who have (i) individually passed the Supersourcing 7-Layer Vetting assessment documented in Exhibit B, (ii) hold current certifications as listed in Exhibit C, verified against the issuing body’s public registry, and (iii) been approved in writing by Client’s Technical Lead before commencement. Any substitution requires 14 days’ written notice and Client approval. Unauthorized substitution is a material breach.”
From the deal floor: A US healthcare SaaS company discovered in month three that their vendor had swapped two approved Salesforce Health Cloud developers with uncertified developers from another project. The SOW said “qualified resources.” Not “individually approved resources.” No contractual basis to reject the swap. Eighteen months of feature velocity gone while the replacements ramped.
Compliance: Verify, Don’t Trust
The 20-Minute Verification Protocol
Run this before signing anything.
Step 1 MCA filing check (5 min)
Company Search. Verify: status is “Active,” paid-up capital consistent with claimed scale, last annual return filed within 12 months. A vendor claiming 500 employees with ₹1L paid-up capital is a red flag.
Step 2 GST status (2 min)
Search Taxpayer. Verify: registration is “Active,” GSTIN matches entities on contract, no pending returns for more than two consecutive quarters.
Step 3 ISO 27001:2022 verification (5 min)
Check the UKAS or IAF-accredited body’s public register, not the PDF the vendor emails you. Verify the scope covers your engagement and the certificate isn’t expired or suspended.
Step 4 LinkedIn tenure check (3 min)
Check the five engineers the vendor put forward. Average tenure at a vendor should be over 18 months. Three of five joined in the last six months means the “experienced team” is mostly new hires.
Step 5 Alumni backchannel (5 min)
Find 2–3 former employees on LinkedIn who spent 2+ years at the vendor and are now elsewhere. One InMail asked “would you recommend them for an enterprise Salesforce engagement?” produces a real signal within 48 hours.
Compliance Certification Matrix
| Certification | When Required | How to Verify | Watch |
| ISO 27001:2022 | All enterprise engagements | UKAS/IAF accredited body register | 3-year cert, annual surveillance check status not just issue date |
| ISO 27701 | GDPR-adjacent engagements | Same body as 27001 | Co-terminus with 27001 |
| HIPAA BAA | US healthcare data | Contractual verify via legal counsel | Ongoing |
| PCI-DSS Level 1 | Cardholder data environments | Mastercard/Visa approved QSA registry | Annual ROC |
| HITRUST CSF | US health systems | HITRUST MyCSF portal | 2-year cycle |
| DPDP Act §10 DPA | India-origin personal data | Contractual addendum | Ongoing |
Red flag: ISO 27001 certificate with an issue date over 3 years ago and no evidence of annual surveillance audits. Certification lapses quietly. Check the registry, not the PDF.
Interview Loops That Actually Work
Salesforce CTA-Track Architect (90 min)
- Round 1 Architecture Scenario (40 min) Multi-cloud org scenario: a global retailer with Sales Cloud in three regions, Marketing Cloud account engagement, and a Heroku-based custom app syncing customer data in near-real-time. Ask them to design the data architecture, describe their governor limit strategy, and walk through cross-cloud identity. Strong candidates immediately flag the 50K SOQL row limit, Customer 360 Data Model implications, and whether MuleSoft or direct Apex sync makes sense at that volume.
- Round 2 War Story (20 min) “Tell me about a Salesforce implementation that went wrong after go-live and what you did.” Any CTA-track architect who’s never rescued a failing org or blames the failure entirely on the client is a red flag. Enterprise architects own outcomes.
- Round 3 Stakeholder Management (30 min) “Your executive sponsor wants go-live in 6 weeks. Your technical lead says 10 weeks minimum. Walk me through that conversation.” This is a CPO-facing hire. They need to de-escalate, negotiate scope, and document risk, not just pick a number.
SAP S/4HANA Lead FICO Track (90 min)
The scenario: Brownfield S/4HANA migration from ECC 6.0. 3,400 custom ABAP programs. Live Kyriba integration via RFC. Go-live in 14 months.
Ask: Custom code remediation approach for S/4HANA compatibility? RFC vs. API-first for Kyriba? How do they sequence parallel accounting migration document splitting, profit center accounting? Strong candidates cite SAP’s Readiness Check, the Simplification Item Catalog, and the specific impact of the Universal Journal (ACDOCA) on FI reconciliation. Anyone who doesn’t know ACDOCA at the lead level is not a lead.
ServiceNow CTA (90 min)
The scenario: ITSM implementation for a 35,000-employee financial services firm in Tokyo. They want ITSM Visibility and Health alongside ITSM. Legacy BMC Remedy feeding four downstream apps via direct DB calls.
Ask: Remedy migration parallel run or cutover? MID Server topology for ITOM Visibility at scale? Flow Designer vs. Workflow Editor for automation? The CTA-track answer explicitly references ServiceNow’s “upgrade safe” principles and scoped application implications on future upgrade paths. Can’t answer the MID Server topology question: never scaled ITOM in a real enterprise.
Running 20–100 Engineers Without It Falling Apart
Pod Structure
A flat “all reports to one PM” model collapses around month four at this scale.
| Team Size | Structure |
| 20–35 | 1 Delivery Lead + 3–4 Tech Leads (8–10 per pod) + 1 QA Lead + 1 Scrum Master |
| 35–60 | 2 Delivery Leads + 5–6 Tech Leads + 2 QA Leads + 2 Scrum Masters + 1 Solutions Architect |
| 60–100 | Program Director + 3–4 Delivery Leads + 8–10 Tech Leads + 3 QA Leads + dedicated DevOps pod + 1–2 SA |
Onshore-offshore ratio: 1 onshore architect or PM for every 8–12 offshore developers. Below that, context transfer breaks. Above it, you’re paying for redundancy.
Weekly Cadence
| Meeting | Who | Duration | Frequency |
| Sprint Stand-up | Full team | 15 min | Daily |
| Tech Lead Sync | Tech Leads + Client Architect | 45 min | 2x/week |
| Delivery Review | Delivery Lead + Client PM | 60 min | Weekly |
| Escalation & Risk | Program Director + VP Eng (Client) | 30 min | Weekly |
| Executive Governance | Account Lead + CTO/CPO (Client) | 60 min | Monthly |
Attrition Early-Warning Indicators
Per Supersourcing’s GCC Benchmark 2026, these signals precede voluntary departure by 60–90 days in 73% of cases:
- Declining commit frequency visible in Git analytics
- LinkedIn activity spike new skills added, connections from competing companies
- Reduced participation in team Slack/Teams channels
- Missed 1:1s without prior notice
- Compensation conversation without an anniversary or promotion trigger
In 38% of Supersourcing’s retention cases, the trigger was scope the engineer felt underutilized. A two-week stretch assignment to a more complex workstream fixed it without a rate increase.
Supersourcing Index: Engagements with a dedicated Delivery Lead not a PM split across accounts had 34% lower involuntary attrition in months 7–18. Across 340 enterprise engagements in the Supersourcing GCC Benchmark 2026.
When It Goes Wrong
The Fire Playbook
Step 1 Document before you act.
Pull all RAID logs, sprint retrospectives, SLA breach records, and written escalations from the past 90 days. Without these, termination for cause becomes termination for convenience 90-day notice and full payment through the period.
Step 2: Trigger the cure period correctly.
Most MSAs give vendors 30 days to cure material breach. Send written notice via the MSA’s designated method registered post plus email. Be specific: exact SOW deliverables missed, exact SLA thresholds breached, exact clause being invoked. Vague “performance concerns” letters reset the clock and give the vendor legal cover.
Step 3 Run parallel replacement before you terminate.
Identify your replacement vendor and begin sourcing 30 days before the cure notice goes out. Most enterprise MSAs allow parallel vendors unless there’s an exclusivity clause. Check yours.
Step 4 Code and IP escrow before the last day.
All repositories mirrored to client-controlled infrastructure. All documentation exported. All credentials rotated. Doesn’t happen in 40% of terminations Supersourcing has been called in to rescue.
The Vendor Consolidation Playbook
Buyers running 4+ Indian vendors almost always spend 20–30% more than equivalent single-vendor delivery. Each vendor carries its own overhead, bench cost, and incentive to grow headcount rather than drive efficiency.
The playbook: freeze new SOWs with non-preferred vendors, run a 90-day parallel performance evaluation using the scorecard in Section 15, select 1–2 preferred vendors, negotiate a Master Vendor Agreement with right of first refusal on new requirements in exchange for volume pricing.
From the deal floor: A US-based healthcare IT staffing company running six Indian vendors across 94 engineers consolidated to two over eight months. Year-1 savings: $1.1M. Attrition in the 12 months post-consolidation: 9%, versus the pre-consolidation average of 21%.
When India Is the Wrong Call
We run our business on India delivery. That’s exactly why we’ll tell you when it’s wrong.
Don’t hire in India if:
Sub-5ms latency is a hard requirement. The 5.5-hour time zone gap creates unavoidable response latency for real-time production support.
Your regulatory posture requires US federal security clearance. India-based engineers cannot hold DoD clearances. FedRAMP High, ITAR, and classified workloads are off the table.
Your product decisions require daily in-person co-creation. Early-stage teams iterating in the same room every day lose something real when they offshore that core loop. Execution tracks work offshore. Product discovery doesn’t.
Your enterprise platform runs on a version India hasn’t absorbed yet. Salesforce Agentforce launched in 2024. Certified Agentforce architects in India number in the hundreds. If your timeline requires 10 Agentforce architects in 30 days, no geography can deliver that. Know the talent curve before you set the timeline.
The Supersourcing Vendor Scorecard
| # | Criterion | Weight | Score (1–5) | Weighted |
| TALENT QUALITY | ||||
| 1 | Certification verification registry-level, not self-reported | 5% | – | – |
| 2 | Average seniority of bench on your target stack | 4% | – | – |
| 3 | 7-layer vetting can they share the rubric? | 5% | — | – |
| 4 | Time-to-fill commitment for target roles | 3% | – | – |
| 5 | Attrition rate on enterprise engagements data, not claims | 5% | – | – |
| 6 | Replacement SLA if a resource rolls off | 4% | – | – |
| 7 | Reference clients in your vertical who will take a call | 4% | – | – |
| EXPERIENCE VERIFICATION | ||||
| 8 | Candidate LinkedIn timeline independently verified | 4% | – | – |
| 9 | Implementation count validated via direct questioning | 4% | – | – |
| 10 | Version-specific platform experience documented | 4% | — | – |
| 11 | Independent backchannel references not vendor-provided | 4% | – | – |
| COMMERCIAL | ||||
| 12 | Rate transparency CTC + burden + margin stack visible | 4% | – | – |
| 13 | Pricing model flexibility | 2% | – | – |
| 14 | Annual rate escalation clause capped? | 3% | – | – |
| 15 | Volume discount structure for 50+ headcount | 2% | – | — |
| COMPLIANCE & SECURITY | ||||
| 16 | ISO 27001:2022 current, verified via accredited body | 5% | – | – |
| 17 | DPDP Act §10 DPA available immediately | 4% | ||
| 18 | GDPR Art. 28(3) DPA available immediately | 3% | – | – |
| 19 | HIPAA BAA capability (if applicable) | 2% | – | – |
| 20 | MCA filing Active, recent annual return | 2% | – | – |
| 21 | GST Active, no pending returns | 2% | – | – |
| 22 | CERT-In 6-hour notification in DPA | 2% | – | – |
| CONTRACT | ||||
| 23 | IP Assignment Deed per engineer, executed at start | 5% | – | – |
| 24 | Non-solicitation bidirectional with liquidated damages | 3% | – | – |
| 25 | Termination for cause cure period, evidence standard | 2% | – | – |
| 26 | Bench replacement SLA in SOW | 2% | – | — |
| 27 | Audit rights clause | 2% | – | — |
| DELIVERY GOVERNANCE | ||||
| 28 | Dedicated Delivery Lead not shared PM | 4% | – | – |
| 29 | RAID log discipline sample available | 2% | – | – |
| 30 | Escalation matrix documented | 2% | – | – |
| 31 | Attrition early-warning system | 2% | – | – |
| RELATIONSHIP | – | – | ||
| 32 | Senior leadership accessibility | 2% | – | – |
| 33 | References checked independently | 2% | – | – |
| 34 | Do they tell you what you don’t want to hear? | 1% | – | – |
| TOTAL | 100% |
Above 4.0: preferred vendor. 3.0–3.9: conditional with documented exceptions. Below 3.0: don’t engage.
Questions Buyers Actually Ask
How do I know if a candidate’s SAP experience is real and not exaggerated?
Ask them to walk you through every full-cycle implementation client vertical, platform version, their specific role, go-live date. Real S/4HANA leads the answer in under 60 seconds with specific details. Then ask one version-specific technical question from Section 8. If they can’t answer it, they haven’t worked on that version in production.
How long does it realistically take to hire a Salesforce CTA-track architect in Bangalore?
17–28 calendar days with a pre-qualified bench. 35–55 sourcing fresh. The bottleneck is almost always client-side interview scheduling, not vendor sourcing.
Can I negotiate a fixed rate for a 3-year engagement?
Yes, with a cap on annual CTC escalation typically 8–12% in India. Without an escalation cap, fixed billing rates compress vendor margins over time, creating pressure to quietly downgrade resource quality.
What happens to my IP if the vendor goes bankrupt?
If you have a properly executed IP Assignment Deed per engineer (Section 9), the IP transferred at creation. It’s yours regardless of the vendor’s financial situation. Without it, you’re an unsecured creditor in an Indian insolvency proceeding.
What’s the difference between a dedicated team and staff augmentation?
Dedicated team: a fixed pod assigned exclusively to your account with a tech lead accountable to your deliverables. Staff aug: individuals who can be reallocated if another client has a priority need. For enterprise platform implementations, always negotiate dedicated team language in the SOW.
Is attrition actually higher in India than other geographies?
For commodity skills, yes, the IT-industry average is 22%. For enterprise platform specialists (SAP, Salesforce, ServiceNow), it runs 12–15% per the Supersourcing GCC Benchmark 2026. The gap between commodity and enterprise attrition is larger in India than anywhere else. Stack selection at the vendor level is unusually consequential.
How do I verify a candidate’s AWS certification is current?
Go to aws.amazon.com/verification and enter the validation number from the candidate’s certificate. You’ll see the exact certification title, level, and expiry date. Takes 90 seconds. Do it yourself, don’t ask the vendor to confirm.
What’s the India transfer pricing implication if I’m setting up a GCC?
India’s Income Tax Act §92 requires intercompany pricing to reflect an arm’s length rate. Safe harbor for software development services: 17–21% markup on cost (OECD transactional net margin method). Get a Big 4 transfer pricing opinion before setting intercompany rates.
What is the CERT-In 6-hour rule?
India’s CERT-In Directions (April 2022) require Indian IT service providers to report cybersecurity incidents to CERT-In within 6 hours of detection. Your DPA should require simultaneous notification to you that the CERT-In filing doesn’t automatically notify the client.
How do I benchmark my current vendor’s rates?
Request the Supersourcing Index 2026 Enterprise Rate Card stack-by-stack, seniority-by-seniority, across 1,200+ active placements. If you’re paying more than 15% above benchmark for the same role and city, that’s a conversation worth having.
Is Supersourcing right for a 5-engineer engagement?
Probably not. Our model is optimized for 20+ engineers with enterprise governance requirements. For 3–5 engineers, an EOR like Deel or Multiplier is simpler, faster, and cheaper. We’d rather say that upfront than win a deal we’re not right for.
Conclusion
We built Supersourcing because we kept watching enterprise buyers sign $3–15M contracts with Indian vendors that couldn’t pass a 20-minute verification. Not because the buyers were unsophisticated. Because nobody was willing to say: here are the clauses you’re missing, here’s how to verify the experience being claimed, here’s what the rate card should actually look like, and here’s when you should not hire in India.
That’s this guide.
If it’s useful, the next step is a 30-minute discovery call. Not a pitch. We’ll run the readiness assessment from Section 3 with you, tell you where your internal operating model has gaps, and be direct about whether Supersourcing is the right partner.
If we’re not, we’ll tell you who is.
Book a 30-minute Enterprise Discovery Call →https://supersourcing.com/contact-us/
No deck. No demo. Just the conversation a CPO actually needs before signing.
