In this increasingly more regulated world, many companies are being required to establish and test quite stringent procedures for security and business continuity. Federal, state and other municipal governing authorities as well as industry groups can all weigh in on these requirements and it is hard to object. Sure, they are time-consuming and expensive, but it is hard to deny they’re necessary.
The various natural and man-made disasters of just the past decade have demonstrated how vulnerable our infrastructure can be. Between hurricanes, floods and terrorism, entire cities and even states have been so severely damaged that almost no business could get done. And though not all business is critical in the face of disaster, banks need to give people access to their funds, insurance companies need to pay policyholder claims, and financial institutions need to keep operating to protect their customers. And of course, governments, on all levels, must be able to operate in order to direct relief efforts, provide aid where needed, protect their assets, and to pay their employees In the past, it may not have been possible to recover. Earthquakes, fires and floods could destroy or bury paper documents quite thoroughly. And no one, except through luck, was immune. But today, we have the means and the obligation to recover more quickly or survival itself is questionable. It is said that only 50% of the businesses that were shut down for more than 48 hours after 9/11 survived beyond that year.
New regulations require banking and other institutions to establish, document and test their disaster recovery methods, business continuity plans, information security procedures, employee reliability and more. And not only do those institutions need to conform to those standards if they want to continue to do business, their vendors need to do the same. If a mission critical process depends upon an external vendor, then it is reasonable for that vendor to be able to conform as well.
Conforming to these requirements for a smaller company (like many software vendors selling to the corporate giants) is daunting. And in certain situations, it may not truly be necessary. After all, software doesn’t break and it doesn’t wear out. But as we know, there are plenty of notable failures with regards to system and software rollouts where even thorough testing didn’t reveal some critical issues. So everyone has to be on board for security to be achieved. So when choosing your vendors, you now need to know that they satisfy your regulatory procedure needs. You need to be certain they will treat their responsibility to you as seriously as you need. You need to know they can respond to you when mission-critical operations are endangered. Now, more than ever, you need vendors you can trust. After all, your business, and maybe your job, depends on it.