Hi – my name is John with Venminder.
In this 90-second podcast, you’re going to learn 11 items to look for in your critical vendor’s business continuity plan (BCP).
We have a team of qualified information technology professionals, such as CISSPs, who analyze vendor business continuity plans for our clients daily.
Here are 11 items to look for:
- The business impact analysis. It’s used to determine the organization’s most critical resources and their recovery.
- The incident response plan. It’s used to determine if a cybersecurity event is an incident and how the vendor will handle it.
- Disaster recovery plan. You’ll want to know how your vendor plans to address disaster outcomes.
- Relocation plan. It’s what the vendor plans to do when they’re forced to move to a different facility.
- Pandemic plan. It should recognize the impact of 50% of your vendor’s workforce potentially being out sick, as it’ll affect operations.
- Plan testing. We prefer to see exercises performed quarterly and a full test annually.
- Year-over-year improvement. The results of testing a BCP should show an improvement year-over-year.
- Alternate vendors. The plan should include an alternate vendor for every critical and high-risk vendor.
- Failover and backup locations. Make sure they’re within a reasonable distance.
- Senior management and board involvement. The vendor’s board should have, at minimum, an annual report – preferably, a quarterly report.
- And finally, item 11, you have the reality check. Does the plan seem feasible? Is the plan something the subject matter experts inside your own organization believe has a chance of working?
Thanks for tuning in; I’ll catch you next time!