Hi,
That's tough if you already have the requirement in your contract, but they just dont comply. Do you know why they do not test their DR plans?
One measure you could look to add to the contract, is the requirement to allow your firm to participate in an annual DR test, that way you have a little more visibility into what is going on over there, and can have some input into the time table. You may also look to compel them to engage a third party auditor to review their controls if they do not test within the agreed timeframe (at their cost).
But ultimately if you already have the requirement established and they are not acting in good faith or treating you as a valued customer, you would have to ask yourself as firm, where you would sit on their priority list in the event of a real incident ?
Original Message:
Sent: 03-07-2023 03:19 PM
From: Anonymous Member
Subject: BC/DR Contractual Remedies
This message was posted by a user wishing to remain anonymous
Hi everyone!
I was just wondering what you all were doing as far as contractual remedies when a third-party doesn't meet the BC/DR standards that were agreed to?
For example, they don't provide you the DR plan annually or fail to test their DR plan every X amount of years?
This would really just be necessary when it comes to business critical vendors.
Besides having the right to terminate the agreement, I would like to hear what others are doing to hold vendors accountable.
Thank you!