Third Party Thursday

SEPTEMBER 26, 2019

11 Items to Look for in Your Critical Vendor’s Business Continuity Plan

Podcast: Play in a new window | Download

There will be certain business events that occur with your vendor that can impact your organization. You can proactively prepare by evaluating your critical vendor’s business continuity plans. Listen to this week’s 90-second podcast to learn the 11 items you need to look for in business continuity plans.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg


Podcast Transcript

Hi – my name is John with Venminder.

In this 90-second podcast, you’re going to learn 11 items to look for in your critical vendor’s business John Daughertycontinuity plan (BCP).

We have a team of qualified information technology professionals, such as CISSPs, who analyze vendor business continuity plans for our clients daily.

Here are 11 items to look for:

  1. The business impact analysis. It’s used to determine the organization’s most critical resources and their recovery.

  2. The incident response plan. It’s used to determine if a cybersecurity event is an incident and how the vendor will handle it.

  3. Disaster recovery plan. You’ll want to know how your vendor plans to address disaster outcomes.

  4. Relocation plan. It’s what the vendor plans to do when they’re forced to move to a different facility.

  5. Pandemic plan. It should recognize the impact of 50% of your vendor’s workforce potentially being out sick, as it’ll affect operations.

  6. Plan testing. We prefer to see exercises performed quarterly and a full test annually.

  7. Year-over-year improvement. The results of testing a BCP should show an improvement year-over-year.

  8. Alternate vendors. The plan should include an alternate vendor for every critical and high-risk vendor.

  9. Failover and backup locations. Make sure they’re within a reasonable distance.

  10. Senior management and board involvement. The vendor’s board should have, at minimum, an annual report – preferably, a quarterly report.

  11. And finally, item 11, you have the reality check. Does the plan seem feasible? Is the plan something the subject matter experts inside your own organization believe has a chance of working?

    Thanks for tuning in; I’ll catch you next time!


Subscribe to our Third Party Thursday Newsletter


Join hundreds of clients and see how Venminder can help.