No vendor is indispensable. However, ability to critical vendors can be time consuming and expensive. Suggest you assiduously manage contract expiration dates and include compliance standards along with SLAs in all renewals and, of course, on new vendors. In addition, suggest consider the following:
- Reach out to other users
- Use social media like LinkedIn to raise concerns
- For requirements such as BCP/DR financials, consider filing formal complaints and notice of contract default if provisions can support that action.
- Consider vendor may react differently to notice from CRO or legal counsel.
------------------------------
Tony Schweiger
------------------------------
Original Message:
Sent: 05-02-2024 04:07 PM
From: Alana Domill-Maltese
Subject: Business Continuity and Disaster Recovery Testing Results
It is becoming more difficult for the bank to get due diligence documents from our Critical and Moderate rated vendors specifically the BCP/DR reports. I currently have three vendors that will not send any reports covering BCP/DR and some of my other vendors do not share enough details, so we receive a poor rating from Venminder's BCP review which causes me to have to file a Risk Acceptance form (RAF) on an annual basis as per the bank's regulators. Last year we filed 14 RAFs due to poor BCP ratings and the bank's board has asked me to investigate alternatives. Please advise if anyone is experiencing the same issue and if yes what is your company doing as an alternative.