If your firm needs assistance in creating or testing your Business Continuity and Disaster Recovery plans, it won’t be alone in hiring a third party vendor. The SEC’s National Examination Program (NEP) deems it a “notable practice” to use a third party service provider to annually audit your business continuity plan and analyze the results for areas of improvement.
Here are a few Business Continuity vendor relationship considerations the NEP noted:
1. Evaluate the BCP of your service provider. This will help ensure that the service providers’ plans incorporate “key business continuity controls” which will help your firm execute your own BCP during an incident.
2. Keep an updated list of vendors and respective contacts. If the time comes to send an emergency message, or activate your business continuity plan, you’ll want to be sure your assigned client success team is there on standby.
3. For your technology, you should prepare and test as if you cannot rely on servers in your building, and consult with vendors on external servers in multiple geographic locations or in the cloud to ensure redundancy.
4. When it comes to your vendor’s technology, review the IT infrastructure of your service providers to ensure they store your documents in a cloud-based system with multiple backup servers.
5. As your vendor should have inherent knowledge of your company’s business requirements for continuity of operations, they should be prepared to make recommendations for alternate locations in the event you cannot access your building, whether it’s working from home, in another one of your firm’s offices (such as Boston or Washington D.C. like some advisers did during Sandy), or even reserve rooms in advance at a local hotel.
For more information about how to ensure your Business Continuity and Disaster Recovery Program is comprehensive for your organization, download our 7 steps to preparedness e-book or request a demo to see how Preparis can help your firm meet the recommendations of the SEC.