Relevant Contents
Need Tailored Business Continuity Insights?
Contact Us Now for Personalized Guidance!
If an organization loses access to a mission-critical product or service normally provided by a third-party vendor, its operations can grind to a halt. Fortunately, there are steps companies can take to keep them from being impacted by a disruption at a critical supplier.
Related: Trust, But Verify: 7 Best Practices for Managing Vendor Risk
Why Today’s Supply Chains Are More Vulnerable Than Ever
Contemporary trends toward outsourcing non-core activities and obtaining products and services from abroad have had a decisive impact on the supply networks of today’s organizations. They have led to the supply networks at most organizations becoming more complex and extensive than ever before.
These changes have been driven by a clear-eyed understanding of their benefits. Unfortunately, their potential costs have often not been seen as clearly.
Increasingly, today’s organizations rely on third-party vendors to provide a wide array of goods and services that are critical to the carrying out of their core operations. But an out-of-sight, out-of-mind mentality often prevails with regard to the risks at those vendors.
Meanwhile, today’s uniquely challenging environment is increasing risks for organizations across the board, including at your suppliers (and their suppliers).
Only as Strong as Its Weakest Link
A chain is only as strong as its weakest link. If your organization relies on unprepared third-party vendors for critical materials and services, and one of those suppliers experiences an outage, your organization might also be disrupted.
Disruptions can happen anywhere along your supply chain. A natural disaster, cyberattack, or operational failure at a critical supplier can ripple through your organization, halting production, delaying services, or impacting your customers. War and political conflicts can also threaten supply networks.
In today’s landscape, it’s imperative that companies identify vendor-related vulnerabilities and partner with suppliers who take continuity seriously.
6 Tips for Vetting Third-Party Vendors Through a Business Continuity Lens
Here are six practical steps to help evaluate your critical vendors from a business continuity perspective:
1. Establish a governance process
Organizations should evaluate suppliers from a business continuity perspective. Everything starts with senior management. If there’s not an oversight group responsible for vetting the supply chain, it will be hard to get your procurement people to go to the vendors and say you have to evaluate them on a business continuity basis.
2. Identify your critical vendors
You might have hundreds of vendors, many more than you can afford to vet in a timely manner. To make the most of limited resources, rank your vendors by importance. Identify the five or six that are most vital to your enterprise. Determine how important the vendor’s product or service is to your most critical operations. Find out whether the vendor supplies a commodity that you can easily find elsewhere or a specialized product with few or no other potential suppliers.
3. Assess the threats and risks facing the vendor
Consider each supplier’s geographic, operational, and cybersecurity vulnerabilities. Is their facility exposed to natural hazards? Do they maintain strong physical and IT security? Are they financially stable and operationally reliable? If you rely on a vendor for critical products or services, their risks are your risks.
4. Conduct on-site visits to see for yourself
There’s no substitute for firsthand observation. Visiting critical vendors can reveal risks that documents or phone calls cannot, such as the state of their facilities and how seriously they treat continuity planning. Is that backup generator they told you about really capable of supporting their whole operation? A site visit can tell you. You can also tell a lot just by how happy they are to see you. If they are welcoming, prepared, and open, then great. Those are reasons for confidence. If they seem nervous about your being there, maybe you should be nervous about depending on them for a key part of your business.
5. Put continuity requirements in writing
Ideally, the vendor will agree to your business continuity requirements and the terms will be included in your supply agreement with the vendor. A good agreement will say that the vendor must have a plan, that you have a right to inspect the plan, and that you have a right to on-site visits. The agreement should also set forth the consequences to the vendor for any disruption of theirs that impacts you. If the vendor is reluctant to make such an agreement, you could point out that having a strong business continuity program doesn’t just protect your company, it also strengthens theirs.
6. Stay ahead of issues with a proactive approach
There are two ways to be proactive about vendors. First, keep in touch with them when they are dealing with problems such as storms or fires. If you see on the news that a storm is headed their way, reach out to them and see if they foresee any impacts. Remind them (diplomatically) that you are depending on them. Ask what they are going to do to prevent or fix the disruption. The second kind of proactivity is more strategic. It involves finding alternate suppliers you can turn to if your original supplier falters. It also includes finding vendors who take business continuity as seriously as you do and are willing to enter into agreements with you to ensure that everyone’s needs are protected.
Taken together, these steps provide a practical framework for identifying weak links in your supply chain before they become points of failure.
Strengthen Supply Chain Resilience with the Right Partners
The persistent vulnerability of the global supply chain underscores the need for rigorous vetting of third-party vendors. By establishing a governance process, identifying critical vendors, assessing risks, conducting site visits, formalizing agreements, and being proactive, companies can bolster their supply chain resilience.
Your company’s fortunes depend on its ability to obtain needed goods and services in a timely manner. By following the tips above, you can improve the chances your company will have the supplies it needs to continue its operations, regardless of the disruptions that might occur down the street or around the world.
You don’t have to go it alone. MHA Consulting has been a trusted expert in business continuity for more than 25 years, helping organizations build and mature their resilience programs. Its software platform, BCMMetrics, was developed to support and streamline that work, helping companies assess, measure, and strengthen their continuity capabilities.
When your vendors are prepared, your business is protected. Take action today before the next disruption tests your supply chain.
Further Reading
-
Trust, But Verify: 7 Best Practices for Managing Vendor Risk
-
How to Stop Third-Party Vendors from Becoming Your Achilles' Heel
-
Vulnerable Vendors: Supplier Weaknesses Put Your Organization at Risk
-
Operational Resilience vs Business Continuity: Why You Need Both
- Dancing in the Dark: The Hidden Costs of Shadow IT
Michael Herrera
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.
