(270) 506-5140 CONTACT US
Login
Business Continuity / Disaster Recovery

COVID-19 Brings 3 Vendor Management Changes to Know

Mar 25, 2020 by Gordon Rudd, CISSP

Our world has forever changed. The many reasons for this change we watch every day on the news. Every evening on the nightly news we watch people from around the world struggle with the coronavirus (COVID-19). Our schools, malls, restaurants, bars, gyms have all closed. Even St. Patrick’s Day was cancelled. Talk about “the luck of the Irish”.

Even for those of us who did our due diligence, as we should have, and developed and implemented a pandemic plan, we hoped this day would never come. We hoped that everything we planned for would just slide on by and we could rock on… business as usual. However, unfortunately, as you read this, everything we’ve worried over and our worst-case scenarios for a pandemic are playing out.

We woke up one morning to the news that the flu outbreak in the remote village of Wuhan, Hubei, China had been recognized as a pandemic by the World Health Organization (WHO). Our nightmare became reality.  

Pandemic Planning Before COVID-19

Pandemic planning is a regulatory requirement for most organizations and before COVID-19 it was a “check-box-Charlie” drill. Regulators asked for pandemic plans as part of the business continuity and disaster recovery planning and we dutifully developed them. Our testing consisted of table-top exercises. Frankly, very little real testing was ever performed, and the examiners found it still sufficed.

Were we doing more harm than good? Not really. We were doing everything our organizations allowed us to do at the time. It’s all we knew.

COVID-19 Creates Changes to Pandemic Planning and Vendor Management

I think most of us realize that our employers will be doing pandemic planning differently going forward. In particular, we will be required to exercise our pandemic plans in real life at least once every year. No exceptions.

And, vendor management is about to become a whole lot more interesting. The current ways we all operate are going to change and the reality of a new way of working sets in. Vendor management will mature as a discipline at a phenomenal rate due to all the changes that are coming.

How we operate from day-to-day will forever be changed after the COVID-19 pandemic of 2020 as major obstacles always create change. For example, cloud computing got a massive push to maturity during the last economic recession as it was more cost-effective than self-hosting. Change, though inevitable, sometimes moves at a snail’s pace until something radical forces the pace of change to accelerate.

3 Vendor Management Changes Due to COVID-19

  1. Working from home is going to become a norm as organizations see the very real cost savings in owning or leasing less commercial real estate; therefore, we’re going to see a very dramatic increase in automation. More artificial intelligence (AI) solutions will combine with machine learning (ML) which will create levels of automation we wouldn’t normally see for a decade or two. Therefore, all of the remote work will mean that verifying your vendor’s cybersecurity plans are adequate will become more important than ever to protect your organization and customers.

  2. IT teams will implement new processes as due to these changes they’ll begin rethinking how they do everything. Remote access using VPNs will increase as the strain we’re seeing on our infrastructures today is eased by increasing bandwidth and improving communications technology using AI and ML to facilitate more of our workforce working from home. Changing operations to fully take advantage of remote access has caused the processes and procedures we use to change and some of these changes will stick. These areas will need to be considered and thought about more as you do  due diligence on your vendors.

  3. Conferences will change in the vendor management world. Right now, we attend industry conferences regularly to stay informed and continue earning our required credits each year. Management has been asking why we attend conferences for decades. Now, management will have an opportunity to see the effect of no one attending a conference. The number of webinars will skyrocket, and you’ll see a shift to more online learning.

What It Means in Vendor Risk Management  

These alterations to processes will make vendor risk management more important than ever before. Essentially, these changes will lead to more information being handled by more vendors.

That is, more vendor selection, risk assessments, mountains of due diligence, contracts to review and a whole lot more ongoing monitoring. Think about all the fourth and fifth parties that’ll be utilized to make all these changes happen. Just like the pace of change that occurred when the last recession hit, this will happen at a rapid rate. Keep in mind, as mentioned above, that most of this will likely be done by personnel working from home, too.

And, if you’re curious, in supply chain management the supply chains will become more diverse as manufacturers seek to stabilize the raw materials that they need for everything from microchips to bullets. Diversifying supply chains is easier with the cloud and AI.

Organizations will analyze the impact of the COVID-19 pandemic and the future of work will start accelerating. They’ll keep the solutions that are working and make whatever changes they deem necessary to enable our future of work. Oh, and by the way, if you’re using spreadsheets and SharePoint to manage vendors, you’ll need to start looking for a vendor management platform in the very near future or it’ll prove challenging to keep up with the pace of these quick changes in vendor risk management. 

Pandemic planning needs to be included in your vendor's business continuity plan. Learn what else you need to know. Download the infographic.

Vendor Business Continuity for Third Parties

Gordon Rudd, CISSP

Written by Gordon Rudd, CISSP

Gordon Rudd is a Third Party Risk Officer at Venminder. Gordon has more than 30 years of experience in the financial services industry in the areas of third party risk management, technology, information security, enterprise risk management and GRC (Governance, Risk Management and Compliance) program development. Gordon works with the Venminder delivery team as a third party risk management and cybersecurity subject matter expert in residence.

Follow Gordon Rudd, CISSP
Subscribe--Bg.jpg

Subscribe to the Venminder Blog