What goes on inside your enterprise is of prime importance for your business continuity management. However, so are the actions and attitudes of vendors on which you rely to run your business. In the same way that you regularly check on BC processes and awareness inside, you should also conduct periodic investigations of key business partners. The first thing to know which vendors should be on the critical list. Essentially, a critical vendor is one on which you are heavily dependent and which cannot easily be replaced in-house or by another vendor. Such a vendor may also have access to confidential information in order to make the relationship work. Let’s suppose you’ve identified such partners. What are your next steps?
The first one is to recognize that the same types of concerns that may affect your organisation (financial, operational, legal, reputational and so on) can also apply to your suppliers – either now or in the future. To find out more, gather information. Financial information is often the first to be obtained. It’s generally the shortest route to understanding the stability and resilience of a vendor; and it’s often available from publicly filed information or the web. That doesn’t mean that other indicators should be ignored however. Adverse publicity about a vendor’s health and safety record for example could indirectly mean a risk for your own company.
To evaluate critical vendor performance, assemble a team of knowledgeable people in your firm. These people must also be able to spend the necessary time to review the information with you (a few hours perhaps) and to interview the vendor. Information to be ascertained include the quality of working relationships, vendor performance compared to contractual promises, vendor insurance coverage, opportunities for vendors to improve, how the vendor respects data confidentiality and its own business continuity management. When a review has been completed, decide whether your company can continue to rely on that vendor, or whether you need to find another solution. Remember – it’s your own business continuity that’s at stake too.