Business continuity management has been a major focus of every company during the COVID-19 pandemic. Having fast access to the right data has been critical to making informed, timely decisions.
Unfortunately, many companies are getting a reality check as they find it difficult to locate and report on important information about their critical vendors; that is, those who support key areas of operations, technology and infrastructure. They are finding it time-consuming and sometimes challenging to answer questions like:
- Who are our critical vendors and which areas of our operations do they support?
- Where are our contracts with those vendors and what exposure do we have?
- Does the vendor have sensitive data we need to worry about?
- Do these vendors have business continuity plans? When was the last time we evaluated them?
- Do we have contingency plans of our own? What is our fallback if the vendor can’t perform?
Centralizing key data on your vendors and contracts is no longer a nice-to-have. It’s a must. Now is the perfect time to organize and review vendor data to ensure it’s both accurate and complete. If you don’t have time for a full data scrub, here are seven categories of information about your vendors that I recommend you focus.
- Vendor Profiles. Review and update the inventory of your active vendors, and ensure you have at least basic profiles for all key vendors. This includes name, addresses, website, EIN, parent company (if applicable) and primary locations servicing your company. Knowing where your vendors operate has never been more important for business continuity planning than during this pandemic.
- Key Contacts. While this seems basic, many companies are having big problems with finding the right contacts at their vendors. The biggest problems have been with old information (i.e. the contact person has changed), or limited information (i.e. they only have the salesperson when they need someone from IT or operations.) Make sure you have current information for all of your key contacts.
- Service Categories and Descriptions. Many vendors provide multiple services through multiple contracts. Make sure your vendor database identifies all of the services provided by each vendor, preferably tagged by common ‘IT’, ‘Telecommunications’, ‘Call Center’. This will make it easy for you to quickly find vendors, run reports and manage risks and operational issues on a category-by-category basis.
- Contractual Documents and Profiles. If you still have vendor contracts scattered across different databases, folders and file cabinets, now is the time to clean them up. Your contractual documents need to be in one, central system so they can be accessed quickly from anywhere. Further, you need to maintain profiles for each of your contracts so you can quickly run reports on data such as termination provisions, breach notifications and service level agreements.
- Critical Vendors. The pandemic has highlighted the importance of being able to quickly identify and perform outreach to your most critical vendors. These vendors should be tagged in your vendor management system so you can quickly identify them to evaluate operational risks and business continuity. These are also the vendors you should be monitoring continuously.
- Contingency Plans. Knowing who your critical vendors are is important, but having contingency plans in place for each of them is what you really need when things go south. Ensure each of your critical vendors has a contingency plan, and that those plans are reviewed at least annually and stored in the system with the vendor’s record.
- Vendors with Access to Nonpublic Information. Crises bring out the worst in people, and this pandemic is no different. With millions of employees now working remotely, hackers are taking advantage of the situation. Data security doesn’t take a break during a pandemic. Make sure you know which vendors have access to your data so you can provide the appropriate due diligence and oversight to ensure it stays protected.
This pandemic has, among many things, highlighted the need for effective business continuity management. And your critical vendors are fundamental to that function. Now is the perfect time to ensure review and update your vendor and contract management system to ensure you have complete and accurate information at your fingertips when you need it. If your board, internal audit department or regulators haven’t already asked you for data like this – they soon will.