The Covid 19 Pandemic has dealt a severe blow to employment and the economy. Companies across various industries are discovering that their 3rd party vendors who have direct impacts on their supply chain and/or have contact with protected private information (PPI) are facing staff resource and financial challenges that can dramatically contribute to the risk of supply chain delays or suspension in addition to PPI breaches. The vendor management teams at these various enterprises are now scrambling to verify that their vendor’s Business Continuity Plans cover a pandemic response and if their operations can remain effective while employees work from home.
Vendor Management groups should be reaching out to all of their tier-one vendors and ask some key questions such as has the vendor conducted a Business Impact Analysis (BIA) to determine what additional contingency plans may be necessary to fully perform in this pandemic environment? Also, is there any network, operations platform, or service delivery degradation while the vast majority of employees are working remotely.
Knowing that many industries are required by law to frequently assess and monitor vendors that touch Protected Private Information (PPI), now is the time for organizations to devise and implement an immediate and ongoing vendor risk management strategy and constant daily cybersecurity monitoring strategy that analyzes all vendor business contingency plans and Information Security policies, along with SOC 1 and SOC 2 reports. The benefits of such a risk management strategy include compliance with vendor-related regulations, increased vendor management capacity at a lower cost, easier audit preparation, and a reassurance that their service delivery is exposed to its lowest manageable risk levels. A vendor who is not prepared or not secure can adversely impact the supply chain or put PPI at risk.