Highlights from this report include:
- 44% of the respondents have a mixed Third-Party Hot Site/ Alternate Site along with an internal recovery solution.
- 60% of the respondents utilize software planning tools for their BC/DR program and as a profession the biggest struggle with these tools is ease-of-use, training and administrative support.
- 73% of the respondents utilize notification tools and these professionals noted ease-of-use, multi-use capabilities, reporting and training as the biggest struggle with the present notification tools available.
- 15% of the respondents utilize mobile recovery services and it seems the biggest challenges with the current providers is in the administrative support, response time and testing capabilities.
As a profession we are making strides in the following:
- Including service level agreements within the contracts (40% for all suppliers, 39% for some suppliers)
- Defining recovery time objectives for critical suppliers (19% for all suppliers, 43% for some suppliers)
- Contracts requiring a document business continuity plan (29% for all suppliers, 34% for some suppliers)
There is room for improvement in the following areas with critical suppliers, though:
- Internal and/or external audit of critical suppliers' resiliency/ business continuity programs (55% are not sure or never conduct an internal audit for critical suppliers and 71% indicated the same for an external audit)
- Awareness of how often your critical suppliers conduct a BIA (64% indicated not sure or never) and/or risk assessment (59% indicated not sure or never) as well as how often documents are updated (60% indicated not sure or never)
- Awareness of where critical suppliers store backups (72% indicated not sure) and if primary and alternate sites are on separate utility grids or multiple distribution points (60% indicated not sure or no)
- Awareness of if critical suppliers follow a chain of custody controls to prevent loss of physical media while in transit to backup facility (78% indicated not sure or no) and do critical suppliers encrypt data prior to transmitting to backup facility (63% indicated not sure or no)
- Awareness of do critical suppliers inspect mail prior to delivery to primary facility (82% indicated not sure or no)
BC Management would like to thank everyone who participated in our 2nd Edition of the BCM Service Provider/ Third-Party Critical Supplier Assessment.