Vendor Continuity Evaluation

What is Vendor Business Continuity Evaluation?

Business continuity is what an organization does to ensure that key operations, products and services continue to be delivered in full or at a predetermined and accepted level of availability. Today, most organizations describe it as part of a service level agreement (or SLA).

The business continuity of an organization's supplier covers things like what they would do in the event of a natural disaster, pandemics like COVID19 (the one we are facing right now) if their facilities or services were down; what your planning looks like with public entities, such as emergency services and communications with your own identified key suppliers, customers like you, your employees and the media.

Things to look in Vendor’s BCP

It is important that organizations are aware of this link with four or more suppliers, that they prepare their own respect or that they have the organizational plan. To understand the critical supplier PCO, organizations need to know what to look for and what points should always be included. This information helps to ensure that the organization is ready for a breakdown. The following points should be taken into account.

  1. Personnel loss and planning
  2. Pandemic contingencies
  3. Relocation strategy
  4. Remote access availability
  5. Facility loss contingencies
  6. Crisis communication strategy
  7. Testing procedures that include:
    • Annual testing
    • Addressing testing results demonstrating room for improvement

Business continuity plans should include information on your vendors Business Impact Analysis (BIA).

  1. Is a BIA performed?
  2. How often is it reviewed and updated


Three things BIA must include:

  1. Recovery Time Objectives (RTO) – This is the specific period of time during which a business process must be restored after an interruption to avoid unacceptable consequences associated with an interruption in business continuity.
  2. Recovery Point Objectives (RPO) – This is the age of the files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down after a failure. Or how much data do you expect to lose in the worst case?
  3. Maximum Tolerable Downtime (MTD) – Specifies the maximum period of time that a given business process can be inoperative before the survival of the organization is threatened.


Advantages of Vendor Continuity Assessment

In today's environment, most institutions rely on external service providers (or vendors) to carry out their daily activities. In fact, without the help of external service providers, the ability of an organization to provide products and services to customers would be seriously compromised. When organizations choose to outsource key business functions to a service provider, this creates dependence on that third party and exposes the institution to the risk of not being able to resume operations within the desired timeframe if breakdown. This is why assessing the continuity of suppliers' activities is so necessary. In addition, it saves organizations from major financial losses and allows them to function smoothly in an emergency. Understanding the disaster recovery and recovery capabilities of your organization's critical suppliers will help you feel more secure when doing business with them.

Our organization can help you go beyond basic vendor risk management and assist you in getting your business back up and running after an interruption.  Contact CyberSRC today for help in facilitating the conversation or planning documents.