If you conduct a 360-degree evaluation of your organization, it's possible to find different points of vulnerability. Many of these points occur where your company uses computing systems and software applications to automate business processes. Within these systems, you may use various business applications licensed from third-party vendors. Each application may include your servers accessing their software through a virtual connection. History has taught us that each relationship with a vendor introduces a new set of risks to your business. If your objective is business continuity, or continuous operations, your company must assess the risks associated with each vendor relationship. You must also take preventive measures to keep those risks from disrupting core operations.

The Background

When you consider IT risks from a holistic perspective, it's easy to assume that your company is equal to the sum of its parts. Another viewpoint is pondering how those parts fit together. You want all relationships to stabilize in ways that minimize the points of vulnerability. For example, every software application that your company adds to an existing server network will be affected if it fails during a security breach. Or, servers could be corrupted by a virus or temporarily offline due to a power failure in the data center. While you can't prepare for every potential risk, you can consider the advantages of spreading out known risks. In one company, this could resemble locating backup servers in a separate location from its primary servers.

The Core Business Relationships

To manage your business well, we recommend that you also review how your people interface with the IT infrastructure. These interactions are affected, sometimes permanently damaged, when there's an adverse event of a grave nature. If you aren't prepared for different risks, then your company might begin to lose sales and not serve customers according to the business model. Let's take the example of the third-party vendor providing a web-based application for order management/order fulfillment. If their ordering system fails, then does your company have a secondary way to process orders? Do you have a backup system that keeps track of all inventory levels and stores each customer order? These are features to look for when choosing the software vendor for order management/order fulfillment. They are part of a comprehensive business continuity plan.

The Fear of Interruption

When an organization must temporarily shut down because of an adverse event affecting its IT network, there is the fear that the interruption will cost the business money. There is the reality that the event's related costs (whether expected or unexpected) might not fall under the limits of the organization's disaster insurance policy. On some level, you have the cost of IT personnel working to restore your data infrastructure, especially when they get pulled from other projects to mitigate the problem.

The Need for a Holistic Approach

A holistic approach to business continuity means that your business must address every point of vulnerability within your IT networks, especially through comprehensive vendor management. The goal is ensuring that all computing systems keep functioning after an event while minimizing effects on consumers. But, if your company has already taken a holistic approach to business continuity (i.e. having a backup system for every server), then you could be out of ideas. You might benefit from an outside expert who can objectively evaluate your current operations.

You cannot afford to leave your company exposed to known risks to business operations. Evaluate all vendor relationships and ensure that each of them doesn't introduce new risks into the infrastructure, especially those that didn't exist before. Switch to vendors that offer higher levels of security without escalating your costs to the point that their products are not affordable.