2020 introduced many unforeseen circumstances across the world with very few companies prepared to tackle the challenges that a global pandemic such as COVID-19 brought to light.
当疫情爆发时, most organizations had in正式的 ideas that were loosely discussed on how to tackles the challenges of working remote, 员工的交错调度, 甚至是暂时关闭, 然而, 正式的 业务连续性计划 没有发生.
Even organizations that did have thoroughly documented business continuity and resiliency plans struggled with the transition due to circumstances that were not initially considered or never fully testing these plans. 拥有完善的业务连续性和弹性计划非常重要, it is equally important to include any your vendors to the organization as part of the planning process. Organizations across all industries are utilizing vendors to perform or assist with performing critical tasks that are part of their core business processes. Which is why it is pertinent to understand and ensure that all your vendors have developed and maintain their own set of business continuity and resiliency plans that outline how the vendor will continue to perform the services they provide.
然而组织不能考虑到所有潜在的情况, 通过开发, documenting and performing 第三方风险管理 controls and procedures can make a greater impact on the overall quality of your planning efforts for your organization. 更好地为你的组织做准备, we have provided several important business continuity and resiliency best practices for 第三方风险管理, 特别是在COVID-19期间.
业务连续性计划(BCP确定对你的组织至关重要的供应商是第一步. These would be any vendors that you rely on to make your final product or provide a service.
- 作为对您的供应商进行尽职调查的一部分, 确保你们的审查包括检查供应商的BCP.
- Ensure that the Recovery Time Objectives (RTO) and Recovery Point Objective (RPO) listed in the BCP meets or exceeds your expectations so that the disruption to your clients and customers will be minimal.
- 另外, take note of any additional parties involved in the products or services being provided by your vendors, 因为这可能会导致不可预见的问题.
- 如果您的计划中未包括大流行计划, 以及关键供应商的计划, 确保这些计划是定义和需要的.
关键供应商风险评估 -供应商是否根据规定的期限进行评估, 确保计划的评审没有被遗漏或忽略. 对所有供应商进行适当的尽职调查, 即使过程必须被修改, such performing the assessment virtually as opposed to being onsite or identifying key risk areas and modifying assessment to the key business risks.
问题的升级/通知 – Ensure that all vendors have defined escalation/notification procedures along with an agreed upon timing to communicate potential issues or changes.
查看联系方式 – 确保所有供应商的联系信息准确且经常更新. 此外,确保您的供应商有您组织的正确联系信息.
性能评估(监控SLA、KPI或度量标准) – Ensure that your vendors are still meeting or holding to the defined Service Level Agreement’s (SLA’s), 关键绩效指标(KPI), 或者关键定义的内部指标.
Utilize these metrics to schedule frequent meetings with critical vendors to stay in contact and to allow for constant open or direct communications to address potential issues. 这有助于减少与关键供应商之间潜在的不稳定风险.
监控和警报 – Monitoring the status or progress of any previously noted findings for all vendors including:
- 监控各种威胁源,以通知潜在的安全漏洞(US-CERT), FS-ISAC, 等.).
- 另外, setting up news notifications, or “key word” alerts for all critical vendors.
- 取决于您的业务需求, a paid third-party risk management solution could be utilize to provie active alerts on the status and integrity of your critical vendors.
评估关键供应商的潜在锁定或依赖风险 – 在审查关键供应商时, assess if your final product/service of your business is solely dependent on any of the products or services that are provided by any vendors.
- 地址,如果有其他选择,是可用的.
- 如果没有其他选择, 确保沟通频繁, 并对前面提到的进行相应调整.
在这些不确定的时期, 所有公司都在努力确保他们能提供优质的bet9平台游戏, 同时充分利用他们的资源和供应商. 因此,维护责任 第三方风险管理 实践和程序现在比以往任何时候都更重要. 通过对你的供应商进行适当的尽职调查, 它使您能够了解适当的控件, especially as it relates to the business continuity and resiliency considerations as well as the potential long-term impacts that can potentially be realized because of COVID-19.
虽然上面列出的考虑因素和建议并不全面, 这些最佳实践能够被实现, 即使在当前的大流行期间. If you feel that your organization is in need of assistance to review the processes or procedures that are currently in place or assistance with implementing these best practices, 施耐德·唐斯在这里提供帮助!
相关文章
This article is part of a series exploring the importance of third-party risk management programs, 您可以在下面查看其他文章.
- 2020年的第三方风险管理:我们所看到的
- 合规性和第三方风险管理:持续成功的功能
- 第三方风险管理的5w和H
- 第三方风险管理如何迎合您的组织
- 你的网络计划的强度取决于你最薄弱的环节——包括你的供应商
- 揭秘:你的第三方审计人员不想让你知道的事情
- 大流行迫使第三方风险管理虚拟评估
- 注意你的T和C
查看我们的整个第三方风险管理文章库 在这里.
关于施耐德唐斯第三方风险管理
施耐德唐斯是共享评估集团的注册评估公司, 明确领导者对第三方风险管理的指导. 我们的员工在供应商风险管理的各个方面都经验丰富, 并拥有必要的证书(CTPRP), 中钢协, CISSP, 等.) to achieve meaningful results to help your organization effectively achieve new vendor risk management heights.
欲知详情,请浏览 k7dz.hkquanwu.com/tprm or bet9平台游戏 了解更多信息.