Organizations do not work in isolation; they require suppliers, vendors, partners and clients/customers. Without any of these and organization cannot – and does not – operate. Even an organization that might be the only provider of a service or product still needs someone to provide it raw materials before it can sell them to vendors and clients. Thus, if any supplier or vendor – either upstream or downstream – experiences an outage, the organization will begin to suffer as well. For example, when Toyota experienced a disaster due to the Japanese Earthquake and resulting tsunami, many manufacturing plants around the globe later experienced issues. They had to cut back shifts or in some business instances, the business had to close for a short time until supplies from Japan could be received once more.
The disaster may have been present in one part of the world but its impact was felt around the globe. As a result, it’s important for all organizations to understand what to do when one – or more – of their partners experience a disaster. It’s not an organizations responsibility to tell another what to do during a disaster (meaning, documenting a plan for them) but it is every organizations responsibility to understand the basics of what they need to do when a partner is operating in disaster mode?
Do you continue to operate? Do you temporarily stop making a product? Do you ship your product to a temporary location or stop shipping altogether? Do you want your vendors and partners to do – or not do – something specific when you have a disaster? Expectations must be understood by all parties involved when it comes to disasters. In fact, sometimes having a well documented and validated BCM / DR program can make all the difference to whether an organization chooses a specific vendor over another. Here are some basic questions you can ask a potential vendor or supplier.
1. Do you have a Business Continuity / Disaster Plan (or program) in place?
2. Have you ever experienced a major business disruption and how did you handle it?
3. What where the long term impacts to your organization?
4. Do you validate your BCP / DR plans on a regular basis?
5. Do you have dedicated resources (with assigned roles & responsibilities) to address disruptions (incidents, crises, disasters) when they occur?
6. Do you provide financial support to your BCM / DR program?
7. Do you have Senior Management / Executive support and sponsorship for you BCM / DR program?
8. What is your basic response, restoration and recovery strategy? (Note: They may be reluctant to provide details, which one would expect, though they should be able to provide a high-level overview of what steps they would execute if a disaster occurs.)
9. Do you review (validate) your BCM / DR requirements on a regular basis?
10. What makes your program better than your competitors?
11. Bonus Question: How do you manage change in your organization and does BCM / DR reflect those changes?
Depending on the nature of your operation and the responses to the questions above, you will probably have follow up questions that need asking. Be very weary of anyone who tends to downplay the importance of BCM / DR and corporate resiliency because if they aren’t providing you information that makes you comfortable just think what it’ll be like when a disaster occurs. Remember, they may be the one’s experiencing a disaster but it’s still could have a significant impact upon you.
© StoneRoad (Stone Road Inc) 2013
“Heads in the Sand: What Stops Corporations From Seeing Business Continuity as a Social Responsibility” and “Made Again Volume 1 – Practical Advice for Business Continuity Programs”
by StoneRoad founder, A.Alex Fullick, MBCI, CBCP, CBRA, ITILv3
Available at http://www.stone-road.com, http://www.amazon.com & http://www.volumesdirect.com