Fundamentals of Business Continuity Planning within Vendor Management
Keep business continuity in the forefront of your mind.
Business continuity planning (BCP) is important to you and your vendors. Listen to this podcast as we talk about the fundamentals and guide you through creating or reviewing BCPs - the appropriate regulatory guidance to follow, what to plan for, what to restore first and how to recover.
Welcome to this week’s Third Party Thursday! My name is Lisa-Mae Hill and I’m an Information Security Specialist here at Venminder.
Today, we’re going to talk a little about the fundamentals of business continuity planning (BCP). It affects you when your institution has a business impacting event as well as when your vendors do.
Like many topics, business continuity planning is a vast subject and there’s a lot of useful information out there. The FFIEC’s IT Handbook on Business Continuity is a great resource to see what examiners are looking for. Let’s briefly talk about a few of the basic concepts of business continuity planning.
- Know what you’re planning for. You’ll never know the specifics, but you should understand the possibilities and probabilities of business impacting events for you and your vendors. The formal process for this is a Business Impact Analysis. It’s how you should start your business continuity planning practice once you have the buy-in you need.
- Know what you should restore first. You’ll need to fully understand the risks you face from many factors, including contractual obligations and the monetary penalties that accompany them.
Also, think about the loss of clients due to your services being unavailable. Even if you aren’t down long enough for clients to leave, what is your lost revenue from operational downtime? These numbers should also assist in your budget process for business continuity activities.
- Know how you’ll recover. There are many points here, such as:
- Where you’ll recover to?
- Who will manage the process?
- What critical staff is required, and are they going to be willing and able to work?
- What vendors will you need?
- Who do you need to notify? Clients? Examiners? Other branches?
Tune in to future podcasts to learn more about business continuity planning and third parties. Again, I’m Lisa and thanks for tuning in to this week’s third party Thursday; if you haven’t already done so, please subscribe to our series.
Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources and more to your inbox.