11 Items to Look for in Your Critical Vendor’s Business Continuity Plan

Podcast Transcript

Hi – my name is John with Venminder.

In this 90-second podcast, you’re going to learn 11 items to look for in your critical vendor’s business continuity plan (BCP).

We have a team of qualified information technology professionals, such as CISSPs, who analyze vendor business continuity plans for our clients daily.

Here are 11 items to look for:

1. The business impact analysis. It’s used to determine the organization’s most critical resources and their recovery.
   
   
2. The incident response plan. It’s used to determine if a cybersecurity event is an incident and how the vendor will handle it.
   
   
3. Disaster recovery plan. You’ll want to know how your vendor plans to address disaster outcomes.
   
   
4. Relocation plan. It’s what the vendor plans to do when they’re forced to move to a different facility.
   
   
5. Pandemic plan. It should recognize the impact of 50% of your vendor’s workforce potentially being out sick, as it’ll affect operations.
   
   
6. Plan testing. We prefer to see exercises performed quarterly and a full test annually.
   
   
7. Year-over-year improvement. The results of testing a BCP should show an improvement year-over-year.
   
   
8. Alternate vendors. The plan should include an alternate vendor for every critical and high-risk vendor.
   
   
9. Failover and backup locations. Make sure they’re within a reasonable distance.
   
   
10. Senior management and board involvement. The vendor’s board should have, at minimum, an annual report – preferably, a quarterly report.
    
    
11. And finally, item 11, you have the reality check. Does the plan seem feasible? Is the plan something the subject matter experts inside your own organization believe has a chance of working?
    
    Thanks for tuning in; I’ll catch you next time!