Forum

BIA Repository: Ven...
 
Notifications
Clear all

BIA Repository: Vendor Dependencies Assessment Questions

2 Posts
2 Users
0 Reactions
125 Views
Shane Mathew
Posts: 14
Topic starter
(@shanemstoneriskconsulting-com)
Eminent Member
Joined: 1 year ago

Overview: Understanding vendor dependencies is a crucial part of the Business Impact Analysis (BIA). This section focuses on identifying external vendors and suppliers that support critical business functions. Assessing these dependencies ensures that contingency plans are in place to maintain operations in case of vendor disruptions.


Contributions:

Please share your methodology or sample questions you use when assessing vendor dependencies for critical functions. You can include text and/or attach relevant screenshots for clarity.

Key Areas to Address:

  • Methodology: Describe your approach to identifying and documenting vendor dependencies.
  • Sample Questions: Share examples of the questions you ask to gather necessary information.
  • Best Practices: Highlight any tips or best practices that have worked well for you.

Example Contribution:

Methodology: We conduct a thorough review of all critical functions to identify key vendors and suppliers, followed by an assessment of their roles and the contingency plans in place.
Sample Questions:

- List the vendors that support the function.

- Describe the services or products provided by each vendor.

- What is the impact on operations if the vendor fails to deliver as expected?

- Are there alternative vendors available? If so, what are their details?

- What contingency plans are in place to address vendor disruptions?

Best Practices:

- Maintain an up-to-date list of all critical vendors and their contact information.

- Regularly review and update contracts and service level agreements (SLAs) with vendors.

- Develop and test contingency plans for vendor disruptions.

- Establish relationships with alternative vendors to ensure continuity.


Reminder:

  • Confidentiality: Do not include any confidential or sensitive information from your organization.
  • Tags: Tag your response appropriately so others can easily search and find your contribution.

Your contributions will help in building a comprehensive understanding of vendor dependencies, which is essential for developing an effective Business Continuity Strategy.

1 Reply
Posts: 3
(@renukadarbha)
New Member
Joined: 6 years ago

We conduct resiliency reviews of our third party vendors/suppliers.  Some questions we ask are:

  • Sample Questions:
    • Do you have a formal Business Continuity Plan and/or Disaster Recovery Plan?
    • Do you test your BCP and DR at least annually? When was the last test completed?
    • Has an independent third party reviewed your BC or DR program within the last 12 months?
    • What is the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for the services provided?
    • Do you currently have a process in place to backup critical systems and data on periodic basis? If so, how often are the backups taken?
    • How often do you test your backup recovery?
Reply
Share: