More than half of all organizations suffered a disruption of a business process due to an issue with one of their third-party suppliers and providers. Not all outages are IT nor is ransomware the only event that can disrupt your operations – according to 502 BC/DR leaders.
video transcript
Last week, we looked at the good side and talked about how service providers can help your organization improve their resilience capabilities with backup as-a-service (BaaS) being used in 68% of organizations.
This week let’s look at the risks … because 51% of organizations suffered a disruption to their business processes due to a resilience event in one of their third-party suppliers or providers. That could be supply chain … that could be public cloud outage where they couldn’t get to their SaaS application … or could be that your supplier/provider suffered a ransomware attack or a natural disaster. Not only did half of all organizations suffer a disruption but for 1 out of 6 organizations it was their most impactful crisis in the preceding 2 years.
Ten years ago, if you had an order processing or customer service function, that would include a team of people within one of your offices and some amount of IT infrastructure to support them. Can you imagine if that team and their tech person had said “Don’t worry, we’ll protect ourselves.”
Fast forward and you’ve outsourced that function – so, they aren’t your people anymore and it isn’t your IT, but:
- If THEY have an outage, then YOUR business process has been disrupted.
- But they aren’t your people, so you can’t train them to your standards
- It isn’t your IT tech, so you can’t protect it or fail it over when it goes down.
You’ve gained operational benefits … but you’ve also introduced risk that, as a BC/DR person, you can no longer govern … or can you?
DPM’s Organizational Resilience research revealed that many organizations require their key suppliers or providers to show that they do have some form of resilience readiness or ISO audits. That said, only one in five organizations regularly engage their strategic partners within their resilience planning or exercises and vice versa. Ask your IT folks, if your servers in Dallas were failed over to Denver, would the technologies from your third-party providers reconnect? If their servers failed over from New York to LA, would you be able to reconnect to them?
Bottom line: if your outsourcers, suppliers, or third parties are an extension of your business on the good days … how aligned are your teams on resilience for the bad days?
Leave your thoughts below
Jason Buffington .com 
Leave a comment