Policy, Program and Procedures

 View Only
  • 1.  Contingency/Exit Plans

    This message was posted by a user wishing to remain anonymous
    Posted 02-21-2024 10:58 AM
    This message was posted by a user wishing to remain anonymous

    Hello! As part of our TPRM policy we specify that our most critical (tier 1) vendors should have a contingency plan documented in the event we can no longer utilize that vendor. My question is, how have others done this? Do you do this at the vendor level or at the product/service level for what they are providing? Thinking of Microsoft for example, we use them for multiple tools/services. Do you do one overall contingency plan for Microsoft or break it down with mulitple plans based on each tool they are providing? If you don't break it down, how do you make sure the contingency plan documentation is not just a check the box exercise and actually serves as a value add to your program and the relationship owners? 

  • 2.  RE: Contingency/Exit Plans

    Posted 02-26-2024 02:35 PM

    When it comes to contingency planning, it's important to create separate plans for each product or service you offer. This is because the risks associated with each product or service may differ. To create effective contingencies, you need to address the specific risks associated with each product or service, rather than focusing on the vendor as a whole.

    For instance, Microsoft offers hundreds of products and services. While it might be easy to replace Microsoft Office with Google Workspace, switching from Microsoft Azure for cloud services requires more detailed contingency planning. 

    Although it's true that vendors can suddenly go out of business or become less desirable due to increased risk or poor performance, it's more likely that a vendor will discontinue a specific product or service instead of shutting down altogether. By planning for contingencies at the product or service level, you can ensure that you have a detailed plan and the confidence to move forward with contingencies, regardless of the vendor's overall situation.

    I hope this information is helpful, but I would love to also hear from other members.