Due Diligence and Ongoing Monitoring

 View Only
  • 1.  BC Plan

    This message was posted by a user wishing to remain anonymous
    Posted 09-04-2024 02:56 PM
    This message was posted by a user wishing to remain anonymous

    During the due diligence, what is documented from the business resiliency results, how do you measure against your own organizations plan? Also if it appears to be risky, how do you mitigate?



  • 2.  RE: BC Plan

    Posted 26 days ago

    When I look at DR/BCP plans I look to see if the plan is well documented, regularly updated and tested, has a BIA that includes RPO/RTO. I also like to see there back up locations for their data, and other important information will also be there that's more specific to their industry/service. When measuring it against our institution BCP I make sure the RPO/RTO are in line with our needs. 




  • 3.  RE: BC Plan

    Posted 26 days ago

    I am responsible for not only seeing if our key suppliers have BCPs but assess them. I check for a BC policy (for leadership support) and BCP components (Risk Assessment, BIA, Crisis Management (Incident Response & DRP), Training & Exercise, Plan Maintenance) and annual updates. The assessment levels are Informal, Emerging, Developing, Mature, Integrate. If the BCP is less than Mature, I ask them to sign a Supplier Resilience Agreement. This is a non-legal commitment on their part that they will improve their resiliency over the next 3 years. I monitor them bi-annually to check on their progress and see if they have any questions. The level of cooperation also varies. Many are cooperative but there are a handful that will go with the proprietary response. I assure them I'm not looking for PII nor proprietary information, just BC content. Show me a template, redacted document, can we view it online, if it's their site is the Americas, can I pay them a visit, etc. I also escalate to our Buyers, PMs, etc. for support.  

    If all that fails, they are marked as uncooperative, which contributes to our supplier risk scoring.



    ------------------------------
    Peggy Welch
    ------------------------------



  • 4.  RE: BC Plan

    Posted 25 days ago

    I have been asked to write a BCP for a warehouse and distribution food company. Can anyone share an example that they may have, (all company names, detailed information redacted of course) I am in IT and have written DR plans but not a BCP.

    I have followed the steps of a workshop with BU owners to identify the critical business processes, then a BIA on each process and then detailed steps for recovery in each BU. The document is quite lengthy, and I am not sure that this what it should look like. Can someone assist please.

     

    Barbara Gaujenieks