Vendor Management: Disaster Recovery

Updated May of 2019

There is never a shortage of reporting on the various disasters that happen in this country, however, there is rarely any focus on “recovery.” Most managers would define recovery as completely back to pre-disaster operations.

In reality, what we really want is a quick, adequate return to some level of service without any customer criticism. (As a quick definition: if you get complete recovery quickly, you did not have a disaster, just an interruption of service level.)

Know Your Disaster Recovery Plan

Most vendor managers when assessing a vendor’s readiness have disaster recovery upside down. Our first instinct is to ask our vendors if they have a plan; then we check the box. We might even go so far as to ask when it was last tested; check another box.

The question we fail to ask is,“if our high risk vendor does have a disaster what is OUR recovery plan?” It's appropriate to demand that our vendors share with us what they would do if an outage occurs. But, we are talking about a disaster, one that might involve substantial down time. It's a grand academic exercise to review all the steps our unfortunate provider intends to take to resume service, but since we're sharing in a disaster, the focus for each organization needs to be on what the organization can do to recover in the eyes of their customers.

Strengthening Your Plan  

Here is where you need to start: review the vendor’s disaster recovery TEST results.

• All plans look really good, but do they work?
• When was their last test? Was it a complete test or just a “table top” or mock exercise?
• What were the findings and items that need to be corrected?
• What are the specific steps and when do they intend to notify their customers (you) regarding the status of recovery?

You will never be able to manage your recovery without timely information from your vendor. Reread that last sentence again. In your customer’s eyes you're the focal point of information. Not just, “we're temporarily experiencing a disruption in service,” but “here's what's happening and when we expect the situation to be solved.”

Say you're a financial institution. A storm in the Northeast took out a data center for eight days that effected more than 100 institutions. Imagine facing customers who need cash but you have no clue of their account balance and are really not sure when the situation will be resolved. This is where your recovery plan is critical. What are you going to do as each hour of any disaster ticks by?

Vendor management is all about your management of processes that are within your control. You can’t be expected to fill sandbags, but you are expected to provide service to your customers. Hint: Keep your own updated customers list including contact information.

Preparing for Natural Disasters 

An interesting statistic is that for the period from 1980 to 2010, there were 640 recorded natural disasters in the U.S. Eighty-two percent (82%) were storm or flood related. The reason I point this out is that since these events are weather-related, most were predicted. I realize that some (especially tornadoes) occur without much warning; however, they are typically seasonally forecast.

Furthermore, they follow traditional geographical patterns. So as a vendor manager in a routinely adverse weather-related area, there's some regularity to your attentiveness to disaster preparedness and especially YOUR recovery process. The goal: be sure all the publicity is on the disaster and the recovery goes so smoothly that it never gets reported.