(270) 506-5140 CONTACT US
Business Continuity / Disaster Recovery

How to Ensure Vendors Can Return to Normal After the Pandemic

Jun 9, 2020 by Gordon Rudd, CISSP

As Helmuth von Moltke once said, “No plan survives first contact with the enemy.”  We have planned for a pandemic for decades. We have updated our plans and we’ve sat through lessons learned from countless tabletop exercises, all so we could figure out what to do when we had a real pandemic. We became extremely good at initiating the first defensive response, but how much time did we spend planning our return to normal? How much time did your vendors spend on their plan to return to normal?

The variable many of us overlooked seems to be the “new normal.” Our timeline for being in our altered state of operations became extended by governmental decree. Working from home even got its own acronym: “WFH.” 

As of this writing, the economy and the world has changed, but the real question is, how are your vendors going to recover?

How to Prepare for the New “Normal” After a Pandemic

What specific areas should organizations be paying attention to?

Our economy has changed. Frugality will be the first rule for the next several budget cycles.  Everything organizations do moving forward will be with an eye on the income statement.  Cashflow will become the very first thing taken into consideration. We can all help our organizations by being more economical than we’ve ever been before. 

These are the main areas every organization and your vendors must scrutinize moving forward:

  1. Vendor changes. Your vendors will change. And, your vendors’ vendors may change. Some of the vendors you’re currently using won’t be part of your vendor management portfolio going forward. Some will fail outright, some will merge with other organizations, some will change their product or service offerings. Whatever the reason, your vendor portfolio will change in the near future.

  2. Reducing costs. Vendors exist for a reason. Usually, they can do the job we’ve hired them to do in a more cost-effective manner than we can, or they have a skillset that we don’t have. Look for ways to reduce your organization’s spend by leveraging your vendors to maximize your efficiency, effectiveness and productivity.

  3. Workforce. The global workforce has changed. Though we will not realize the extent of the change for several years, it’s safe to say the way people work and the places they work from have changed. Look for systems and platforms for your employees that make every employee part of a workflow process that optimizes productivity.

  4. Vendor development. This is a chance for all of us to re-evaluate every vendor we’re currently utilizing. We need to scrutinize every vendor and ensure they’re still a fit for our organization’s “new normal.” If a vendor has been problematic and uncooperative in the past, and you’ve tolerated that behavior for whatever reason, this is the time to correct that behavior or move on to a new vendor. Take this opportunity to work with your vendors (especially the critical and high-risk vendors) to improve their performance.

What could easily be missed or simply overlooked?

A WFH workforce has its challenges and cybersecurity is chief among them. As we recover from COVID-19, we need to keep a close eye on our information security. Ensure your vendors are doing the same as it’s critical to their return to normal.

Cyber-hygiene has never been more important. Scammers come out during every crisis and the bad actors of the cyber world are no exception, so it’s important to pay careful attention to your organization’s cybersecurity posture and to pay even closer attention to your vendors’ cybersecurity measures.

What specific things are considered a priority?

When we’re creating business continuity management plans, we always focus on recovering people, facilities and systems, in that order. When we’re returning from something as widespread and chaotic as COVID-19 has been, and will be for some time to come, it’s extremely important that we focus on the people, facilities and systems.

What’s going to happen when we press the reset button, and everyone begins to return to the office?

These are questions you will be answering for yourself and you should be asking your vendors. This will be very telling if they’ll be able to return to normal after the pandemic.

Here are three considerations:

  1. People – All of us will need to be reoriented to work. Some were lucky to be able to work from home. How will these people be reintegrated into the corporate workforce? Or will they? Will their new normal be to work from home? Does the vendor due diligence need to be reviewed more frequently since your vendor’s employees may well all be working from home going forward?

  2. Facilities – What modifications are we going to have to make for people to return to an office? Will your vendors be returning to an office or will they be working from home permanently? What will the operational effect of your vendor’s facility changes be to your organization? Will any changes your vendors make effect operations?

  3. Systems – What changes have been made to your systems to accommodate COVID-19? What changes have your vendors made to their systems for the same reason? Working from home can stress systems in ways we won’t know the extent of for several more months. Now would be an excellent time to have these conversations with your lines of business and with your critical and high-risk vendors.

Moving forward, you’ll have to ask each of your critical and high-risk vendors these questions to understand if they can return to normal. Then you’ll decide how you wish to proceed with each vendor. Perhaps you may wish to make a change in the vendor that’s providing the product or service.

Though we plan for a pandemic, a global event like COVID-19 changes all the assumptions and some of the rules of the road you have established for your vendors. Your lines of business will need to help you define what your organization requires from their vendors as you morph into your new operating reality. Change can be good if you take the pandemic as an opportunity to improve.

Do you know how to prepare for the aftermath of the pandemic? Download this infographic.

New call-to-action

Gordon Rudd, CISSP

Written by Gordon Rudd, CISSP

Gordon Rudd is a Third Party Risk Officer at Venminder. Gordon has more than 30 years of experience in the financial services industry in the areas of third party risk management, technology, information security, enterprise risk management and GRC (Governance, Risk Management and Compliance) program development. Gordon works with the Venminder delivery team as a third party risk management and cybersecurity subject matter expert in residence.

Follow Gordon Rudd, CISSP

Subscribe to the Venminder Blog