In a world where we rely so heavily on technology, we put a lot of trust in those who set up and protect our networks. For the small business, this often means there isn’t an IT manager and a third party is providing support. Whether you have one network supporting one location or many, you need a vendor that is both resilient and will protect your business continuity. This means the incorporation of out of band management and robust platforms.
The key question, of course, is how do you pick the performers out of the many?
A Continuity Central post recently offered five steps to assess vendor resiliency and protect business continuity. We’ll borrow from their list and see how you can incorporate this method in your own environment.
Evaluate Your Vendor Risk Landscape – Some will refer to this as mapping the landscape, but the point is you need a complete business impact analysis, an interruption risk assessment and a high-level vendor interruption risk assessment. This will help you understand how interruption events can impact your organization so you can then move to vendor resiliency stratification.
Classify Risks According to Impact – Not all vendors hold the same level of importance for an organization when it comes to operational resilience. There are nine critical risk variables you should take into account when assessing a third party, including revenue and inventory impact, cross-border issues and more. It will help you determine what variables need to be safeguarded, especially when out of band management is in use.
Details Matter – Vendor risk management has to be assessed through specific information, so the details do matter. You need to assess the quality of a vendor’s resilience and recovery capabilities. Look at a list of processes that consume the vendor’s outputs, a geographical depiction of the vendor’s activities and a description of the vendor’s role during an interruption.
Verify First, Trust Second – Verify a vendor’s resiliency once the vendor risk landscape has been determined. Consider enlisting the vendor as a resiliency partner, obtaining relevant portions of their analysis and ask for a framework for responding to crisis events. When these important elements are proven, it’s then OK to trust.
Understand Acceptable Risk Levels – It’s common for vendors to have minimal formal resiliency or business continuity management programs in place, as most of their attention is focused on IT disaster recovery and life safety. Determine how much vendor resiliency you are willing to accept. If a third party is critical this should never be negotiable, as replacing the vendor actually offers less cost and risk.
For companies like Opengear (News - Alert), out of band management is a value-add to ensure continuity and optimal performance. Resiliency and optimal performance are essential to ensuring a low level of risk and a high resilience to ensure companies like yours don’t ever have to negotiate for the support and protection you need.
Edited by Rory J. Thompson