how is your pandemic plan working with your vendors?
by Branan Cooper Until recently, a pandemic plan was still an obscure concept for most people, except perhaps an organization’s business continuity manager, information security staff, or the board who had to review it annually. That all changed earlier this year with the outbreak of the coronavirus. Suddenly, pandemic plans became a major concern, not as an obscure topic, but instead as an operational reality.
pandemic planning is (and always has been) a requirement Organizations may have been required to have formal pandemic plans for quite a while. The problem is, when is the last time an organization actually pulled it out, dusted it off and really thought about its implications? As part of their overall third-party risk management process, many organizations go through the required perfunctory exercise of reviewing and approving their plans and vendors’ plans each year. It is doubtful that most contemplated a working world in which nearly everyone would be working remotely. Coupled with that, of course, is the reality of having school-age children, spouses and others competing for time and attention and perhaps, in many cases, even internet bandwidth.
remote work is becoming the norm, bringing increased security risks There are many challenges and increased risk that come with remote working. With most of – maybe all – your organizations’ data flowing freely to remote locations, how certain can you be of the security implications? Not just the online security, but the physical security as well. Do the employees routinely shred the materials they are printing and reviewing, particularly if it contains non-public personal information such as customer data? Underlying all of this are the organization’s vendors. The old adage, “a chain is only as strong as its weakest link,” truly comes into play here. Even if your organization has a rock-solid approach to pandemic planning or has a great way of hardening its network, what about all the vendors? There could be hundreds, perhaps even thousands, of vendors involved, with many of their employees working remotely.
2 steps for vendor awareness during the pandemic There are two steps you should take to ensure proper vendor awareness during the pandemic: 1. Maintain an open line of communication and discuss expectations with vendors. It has never been more crucial than at this inflection point. Understanding their practices is vital, particularly to the extent that they are housing, distributing, transmitting, or discussing nonpublic information about your customers.
066
Intelligent Risk - July 2020