The Firestorm 3rd Edition Third Party Supplier & Vendor Utilization Report assesses BCM service providers (alternate site, software, notification and mobile recovery) and critical/ third party suppliers.
The purpose of the 3rd Edition Third Party Supplier & Vendor Utilization Report was to assess what is being spent on BCM service providers and are they meeting your BCM program planning needs? Additionally, how has our BCM profession evolved in incorporating the business continuity/ resiliency programs of critical suppliers/third party providers into your own respective organization?
The findings from the Firestorm Analytical Solutions 3rd Edition Third Party Supplier & Vendor Utilization Report highlighted that incorporating critical suppliers/ third party providers deserves quite a bit more attention for the Business Continuity profession, as a whole.
- The data highlighted that more than half of the respondents were unaware if their critical providers have dedicated BCM/ Resiliency personnel, if their network and infrastructure devices were connected to an uninterruptible power supply and generators, if they have adequate backup power to supply power for 48+ hours, if they ensure backup of media restoration procedures at least annually, if they encrypt data, if they screen visitors and educate staff on personal preparedness readiness.
- Organizations were; however, more confident that their critical providers’ contracts required service level agreements and that their critical providers have alternate offices/ remote capability for their technical staff to support their needs.
- Two areas of weakness include critical providers never participating in exercises and never receiving a risk assessment report from critical providers.
- Those organizations considered critical industries as defined by HOMELAND SECURITY did exhibit more knowledge of their critical third parties’ resiliency planning initiatives than other non-critical industries.