• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
CHOOSING A BUSINESS CONTINUITYPROVIDER – POINTS TO CONSIDER
Looking at using the services of a third party BC supplier? This twenty pointchecklist will help. The advice is offered bySurvive, the Business ContinuityGroup.
When seeking to contract services for business continuity/disaster recovery you shouldalways address the following issues:
1. Supplier dedication
- is the supplier dedicated to disaster recovery? At invocationtime you will wish your supplier to fully understand the extent to which your businesssurvival depends upon him. If the supplier is distracted by other business priorities, willyou still retain the level of dedicated support you require?
2. Quality
- is the supplier, and in particular its disaster recovery business, qualityregistered (eg IS09000)? Does the supplier take steps to keep abreast of developmentsin the industry? Does the supplier subscribe to the information security managementguidance detailed within ISO/IEC 17799?
3. Experience
- is the supplier experienced in disaster recovery? How many years havethey traded? How many recovery tests do they perform annually? How many disastershave they successfully managed? Can they provide satisfactory reference sites? Payspecial attention to salvage services providers - do they genuinely understand thetechnology involved ie maintaining and restoring vital documents and equipment? Manybusinesses have lost critical capacity and data through the naïve efforts of office-cleaning companies masquerading as salvage services!
4. Stability
- will the service provider be around when needed? Who owns the company – are they people you can trust and work with? If part of a group, is disaster recovery abusiness which appears relevant to their overall group objectives? Can you see recentaccounts? The simplest document that doesn't lie is a bank statement!
5. Growth
- can your supplier grow with you? Will they be able to support changingtechnologies alongside your own development? What is their record on investment in thetechnology (computers, communications office systems etc.) upon which you willdepend? What about their continuing ability to support older systems, software etc.which may be critical to your operations?
6. Breadth of service
- can your supplier meet the full range of your critical service egdifferent computer operating platforms, communications services etc.
7. Geographical coverage
- is the supplier's coverage adequate/appropriate to your needs?
8. Provision of testing
- an untested recovery plan is valueless! Will your supplier permit testing of their resources under conditions which meet your recovery planningrequirements.
 
9. Facilities/equipment
- is your standby equipment totally dedicated to disaster recovery? Shared service (ie DR and software support) cannot work. The statementoften used by a software supplier or by computer/office equipment maintenancecompanies that "we will find sufficient kit to help you in an emergency" is an emptypromise and cannot form the basis of a recovery plan for systems critical to the ongoingbusiness operation. Is there adequate provision of power and of all the peripheralservices required to keep you in business - eg catering, photocopying, toilets etc.
10. People
- does your supplier maintain a dedicated support team who understand their role in the recovery process? Do their skills profiles suit you? Have key staff beencertified by the Business Continuity Institute? Can you get quick and easy access todecision makers?
11. Premises
- are they suitable? Are they secure? Are they clean and accessible? Doyou have access to good catering, transport and car parking?
12. Contingency plan
- does the supplier have its own back up generators andcontingency plan? What arrangements will the supplier make for loss of their ownfacilities? Do they have reciprocal arrangements with other suppliers? Do they informother clients in the event that the facility is full?
13. Insurance
- does your supplier carry insurance? For example, a supplier may insureagainst the risk of over-invocation - whilst not offering a particular benefit to thepurchaser such a policy would often require external policy of ratios of service provision.
14. Ratios
- what is the level of subscribers for your chosen service? Is this ratioauditable - can the supplier provide data to validate this ratio? Are you comfortable withthis? Does the supplier support other companies in the same building or locally as you -are they equipped to support you all in the event of major disaster in the locality?
15. Priority
- what happens if the planned recovery facilities are occupied by another customer who invoked at an earlier time?
16. Exclusion zones
– ensure that the supplier isn't likely to be exposed to the samerisk as you. A supplier in the same building will be of little use if the premises aredestroyed by fire! Major incidents (ie gas leaks, terrorist incidents, chemical spills etc.)can often lead to exclusion zones of up to 400 yards (more in certain cases!) A supplier in a building adjacent to yours will, in such circumstances, be barred from access for thesame time as you, rendering their support worthless.
17. References
- a sensible but often altruistic test. A supplier will not give you badcustomer references! Therefore try to identify organisations with whom you have arelationship so that you can obtain an objective response. Does the supplier operate auser group? Can you attend a meeting prior to contract? Does the supplier issue anannual report to their subscribers?
18. The service
- test the services contracted as early as practical and to realisticobjectives. Few tests work exactly the way you had planned - this applies equally totests of your own internal resources and those of third party suppliers. How many testsare you permitted under your contract? What can you learn form the testing process to
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...