business continuity · pdf filesince 2001 bc management, inc. has been gathering data on...

2017

Prepared by BC Management, Inc.

Business Continuity Management Service Provider/ Critical Supplier/

Supply Chain Management Assessment

Benchmarking. Plan Ahead. Be Ahead.

Copyright ©2017 BC Management, Inc. All rights reserved. CONFIDENTIAL REPORT – Critical Supplier

Table of Contents Reporting History 4 Study Methodology 4 Assessment of Data & Reporting 4 Participant Data & Respondent Characteristics ~ An overview of respondent characteristics. 4-10 Business Continuity Critical Supplier Awareness Study Topics 11-44

Third Party Hot Site Provider Assessment

• Utilization of third-party hot site/ alternate site technology critical supplier. 11 • Budget amount for third-party hot site/ alternate site technology critical suppliers – US Dollars. 11 • Initial cost of third-party hot site/ alternate site technology critical suppliers – US Dollars. 12 • Recurring or annual cost of third-party hot site/ alternate site technology critical suppliers – US

Dollars. 12

• Satisfaction ratings for third-party hot site/ alternate site technology critical suppliers. 13 • Listing of third-party hot site/ alternate site technology critical suppliers. 13

Software Planning Tool Assessment

• Utilization of software planning tools. 14 • Budget amount for software planning tools – US Dollars. 14 • Satisfaction ratings for software planning tools. 15 • Listing of software planning tool providers. 16

Automated Notification Tools Assessment

• Utilization of automated notification tools. 17 • Budget amount for automated notification tools – US Dollars. 17 • Satisfaction ratings for automated notification tools. 18 • Listing of automated notification tool providers. 19

Mobile Recovery Service Providers Assessment

• Utilization of mobile recovery services. 20 • Budget amount for mobile recovery services – US Dollars. 20 • Satisfaction ratings for mobile recovery services. 21

• Listing of mobile recovery service providers. 22

Critical Supplier Assessment Overview

• How well do organizations interface with critical suppliers? – Overview **A more in-depth assessment of these categories is highlighted on pages 25 – 44** 23-24

• Number of suppliers deems critical during an event? 24 • Contracts include service level agreements? 25 • Critical suppliers with recovery time objectives? 25 • Frequency of meetings with critical supplier management? 26 • Contracts require a documented business continuity plan? 26 • Contracts require a documented IT disaster recovery plan? 27 • Frequency of critical suppliers exercising their business continuity/ disaster recovery plans? 27 • Critical suppliers participate in your plan exercises? 28 • External audit of critical suppliers’ plan exercises? 28 • Frequency of auditing critical suppliers’ business continuity program (internal and external)? 29 • Frequency of critical suppliers conducting a risk assessment. If yes, receive a copy of the

assessment? 29-30

• Procedure for contacting and communicating with critical suppliers’ personnel during off hours? 30 • Procedure for critical suppliers in contacting and communicating with their customers during off

hours? 31

• Backup plan for critical suppliers, if they are unable to provide goods/services? 31


Table of Contents Continued

Critical Supplier Assessment – Business Continuity

• What software do your critical suppliers write their plans in? 32 • If aware of critical suppliers’ plan documentation, how often are plans updated? 32 • Do critical suppliers allow viewing a copy of their program? 33 • Do you ask if your critical suppliers have a business continuity oversight committee? 33 • Do critical suppliers have dedicated business continuity professionals? 34 • How often do critical suppliers perform a business impact analysis? 34

Critical Supplier Assessment – Recovery

• Are the critical suppliers’ network and system infrastructure devices connected to an uninterruptable power supply and generators? 35

• Do critical suppliers have alternate offices or remote capability for technical staff to continue operations and support clients? 35

• Are critical suppliers’ primary and alternate sites on separate utility grids or multiple distribution points? 36

• Are critical suppliers’ primary and secondary facilities equipped with environmental monitoring & suppression controls? 36

• Do critical suppliers have backup power source to provide adequate capacity to supply power for at least 48 hours? 37

• Do critical suppliers have a backup & recovery policy, standards and procedures in place for systems applications and data backups? 37

• Do critical suppliers ensure backup media restoration procedures are performed at least annually? 38

• If deficiencies were discovered in the last exercise, is there an action plan to resolve/ mitigate the risk? 38

• Where do critical suppliers store backups? 39 • Do critical suppliers follow a chain of custody controls to prevent loss of physical media in transit

to backup facility? 39

• Do critical suppliers encrypt data prior to transmission to backup facility? 40 Critical Supplier Assessment - Facilities

• Do critical suppliers have an identifying logo/sign for shelter in place locations? 40 • Do critical suppliers have a firm-wide work from home day? 41 • Do critical suppliers’ recovery sites support all areas of the firm or essential areas only? 41 • Do critical suppliers inspect mail before brining into primary facility? 42 • Do critical suppliers screen visitors before entering primary facility? 42 • Are visitor’s bags scanned/ X-rayed before entering a critical suppliers’ primary facility? 43

Critical Supplier Assessment – Personal Readiness

• Do critical suppliers encourage/ support personal preparedness/ readiness for their staff? 43

• Do critical suppliers educate staff on personal preparedness/ readiness? 44

Thank you to BC Management’s International Benchmarking Advisory Board 44-47 Thank you to our Sponsors and those Organizations that Distributed the Study and/or Report 47-49 About BC Management, Inc. 49

Please enjoy this Business Continuity Program Management Benchmarking report, compliments of BC Management, Inc. for completing our 2nd Edition – BCM Service provider/ Critical Supplier/ Supply Chain Management Assessment.

This is a complimentary report that is exclusive only to those professionals who contributed to BC Management’s 2nd Edition – BCM Service provider/ Critical Supplier/ Supply Chain Management Assessment. This report is not meant for general distribution. Any distribution of this report or reference to any information enclosed within this report is prohibited unless approved by BC Management, Inc.


Since 2001 BC Management, Inc. has been gathering data on business continuity management programs and compensations to provide professionals with the information they need to elevate their programs. Each year our organization strives to improve upon the study questions, distribution of the study and the reporting of the data collected.

The on-line study was developed by the BC Management team in conjunction with the BC Management International Benchmarking Advisory Board. WorldAPP Key Survey, an independent company from BC Management, maintains the study and assesses the data collected. Participants were notified of the study primarily through e-newsletters and notifications from BC Management and from many other industry organizations. Respondents receive a unique path of branching questions, which is dependent upon their experience and current business continuity management initiatives. The advanced study is coded with extensive JAVA script to ensure a correct question branching path and to eliminate unintelligible data. All participants are given the option of keeping their identity confidential.

BC Management is continuously reviewing and verifying the data points received in the study. Data points in question are confirmed by contacting the respondent who completed that study. If the respondent did not include their contact information, then their response to the study may be removed. With our fifteen years of expertise in collecting and assessing such data points, BC Management has an exceptional understanding of what is considered questionable or unintelligible data. WorldAPP Key Survey built a customized reporting tool for BC Management, which enables us to prepare customized benchmarking reports based on a client’s request. The result is a report that provides a unique understanding on how your program compares to competitors or other similar organizations. Before creating the customized report, we verify the filters selected by the client and confirm the number of respondents that will be included in their customized report. Study respondent contact information remains confidential and is never revealed. The charts and graphs will reflect what respondents answered in the study. If a selection within a question is not selected it will NOT be included in the results.

171 study professionals from 19 countries participated in the study assessment between July 8, 2017 – September 22, 2017. Incomplete/ partial study responses were included as appropriate within the report. 16 responses were removed from the data assessment as these responses either contained unverifiable data or the responses were received from consultants who are not managing or working within a corporate program. Complete responses were received from the following countries: Australia, Bermuda, Canada, China, Egypt, Germany, India, Ireland, Italy, Japan, Kuwait, Malaysia, Netherlands, Pakistan, Qatar, Singapore, Sweden, United Kingdom and United States of America.

THE CRITICAL INDUSTRIES SUB CATEGORY WITHIN THIS REPORT INCLUDES THE CRITICAL INFRASTRUCTURE SECTORS AS DEFINED BY HOMELAND SECURITY

Reporting History

Study Methodology

Assessment of Data & Reporting

Participant Data & Respondent Characteristics

https://www.dhs.gov/critical-infrastructure-sectors


0%

2%

4%

6%

8%

10%

12%

14%

16%

11.6%

0.6%1.3%

1.9%

6.5%

4.5%

6.5%

3.2%

9.0%

14.2%12.9%

10.3%

7.1%

10.3%

Company Gross Revenue (Before Expenses) in USD

0%2%4%6%8%

10%12%14%16%18%20%

20.0%

11.6%

3.9%

11.6%13.5%

11.6% 11.0%

2.6%

6.5%

3.2%1.3%

3.2%

Number of Company Locations - Corporate/ Operational Functions (Operational, Financial, Manufacturing, Distribution, etc)

Participant Data & Respondent Characteristics Continued


0%

5%

10%

15%

20%

25%

30%

35%34.2%

5.2%2.6%

7.7% 6.5% 7.7% 7.1%4.5%

8.4%12.3%

2.6% 1.3%

Number of Company Locations - Retail/ Customer Interfacing(Outlets, Call Centers, Stores, etc)

0%5%

10%15%20%25%30%35%40%45%

Citywide Statewide/Province

Regional(within one

country)

National (onecountry)

Regional(multi

country)

Global

5.2% 6.5%11.0%

20.6%

14.8%

41.9%

Distribution of Company Locations



0%2%4%6%8%

10%12%14%16%18%20%

1.9%3.9%

5.8%

9.7%

18.1%

11.0% 11.0%

6.5%

1.9% 1.9%3.2% 2.6%

1.3%2.6%

3.9% 4.5% 5.2%

1.9% 1.3% 1.9%0.0%

Number of Company Employees

0%

5%

10%

15%

20%

25%

Aero

spac

e/ D

efen

se

Agrib

usin

ess

Biot

echn

olog

y

Chem

ical

Com

mun

icatio

ns/M

edia

Cons

truc

tion

Cons

ultin

g Se

rvic

es

Cons

umer

Pro

duct

s

Educ

atio

n - K

to 1

2

Educ

atio

n - H

ighe

r Edu

catio

n

Ente

rtai

nmen

t

Fina

ncia

l - B

anki

ng

Fina

ncia

l - B

roke

rage

Fina

ncia

l - C

redi

t Car

d

Fina

ncia

l - C

redi

t Uni

on

Fina

ncia

l - In

vest

men

t

Fina

ncia

l - M

ortg

age

Fina

ncia

l - O

ther

Food

Ser

vice

s - M

anuf

actu

ring

& D

istr

ibut

ion

Food

Ser

vice

s - R

etai

l

Gov

ernm

ent -

City

Gov

ernm

ent -

Cou

nty

Gov

ernm

ent -

Sta

te/ P

rovi

denc

e

Gov

ernm

ent -

Nat

iona

l

Heal

thca

re/M

edic

al -

Serv

ice

Prov

ider

Heal

thca

re/M

edic

al -

Hosp

ital

Hosp

italit

y

Insu

ranc

e - C

omm

erci

al L

ines

Insu

ranc

e - H

ealth

care

Insu

ranc

e - P

erso

nal L

ines

Inte

rnat

iona

l Non

-Gov

ernm

ent O

rgan

izat

ion

Inte

rnet

/E-B

usin

ess

Lega

l

Logi

stic

s

Man

ufac

turin

g - C

onsu

mer

Pro

duct

s

Man

ufac

turin

g - I

ndus

tria

l

Man

ufac

turin

g - O

ther

Mar

ine

Non

-pro

fit

Nuc

lear

/Pow

er P

lant

Oil

& G

as

Phar

mac

eutic

al

Real

Est

ate

Reta

il/W

hole

sale

Tech

nolo

gy -

Clou

d Se

rvic

es

Tech

nolo

gy -

Har

dwar

e

Tech

nolo

gy -

Serv

ices

Tech

nolo

gy -

Soft

war

e

Tele

com

mun

icat

ions

Tran

spor

tatio

n - A

viat

ion

Tran

spor

tatio

n - S

hipp

ing

Tran

spor

tatio

n - T

ruck

ing

Util

ities

- En

ergy

Util

ities

- W

ater

Oth

er -

Plea

se in

dica

te o

ther

indu

stry

1.3%0.6%2.6%1.9%1.9%1.3%

3.2%2.6%1.3%0.6%0.6%

21.9%

14.8%

11.0%

3.2%

20.0%

12.9%12.3%

1.3%1.3%2.6%1.9%2.6%3.2%

4.5%3.9%

1.3%

9.7%

5.8%

12.3%

1.3%0.6%0.6%

3.2%

7.1%

1.9%

4.5%

1.3%1.3%0.6%0.0%

5.8%3.9%

8.4%

5.2%4.5%

10.3%8.4%7.7%

0.6%0.6%1.9%

3.2%

0.0%1.3%

Percent of Respondents by IndustrySum Exceeds 100% due to Multiple Selections

Other Industries Noted Include: Human Welfare and Professional Services.



0%

5%

10%

15%

20%

25%

30%

0.0%

8.5%

2.0%

13.7%

28.8%

13.7%

5.2%

24.8%

1.3%0.0%

2.0%0.0% 0.0%

Current Level of Job Responsibility

0%

5%

10%

15%

20%

25%

30%

35%

0 1 2 3 4 5 6 7+

9.0%

31.6% 31.6%

16.1%

9.7%

1.9%0.0% 0.0%

Level of Separation from Executive Management



0%

5%

10%

15%

20%

25%

30%

35%

40%

Completely BCMbusiness focused

Completely IT/Resiliencyfocused

More focused onBCM business

initiatives

More focused onIT/ Resiliency

Equally focusedon BCM businessinitiatives and IT/

Resiliency

14.6%

3.3%

29.8%

14.6%

37.7%

Definition of Program Managed or Work Within

0%

5%

10%

15%

20%

25%

2.6%0.7% 0.0%

5.3%

13.9%

21.9%

13.2%

21.9%

9.9% 10.6%

Program's Existence (With or Without Your Involvement)


The balance between business focused vs an IT focus will always be a challenge. The more successful BCM programs must have a balance between the two areas with the business side driving the IT requirements.

- Greig Fennell, FBCI


0%2%4%6%8%

10%12%14%16%18%20%

6.0%

14.6% 14.6%17.2%

19.2%

15.9%

7.9%

2.0% 2.6%

Last Time Program was Thoroughly UpdatedComplete Refresh of Methodology or an Overhaul of Program Tools

0%

5%

10%

15%

20%

25%

30%

35%

Very Immature/Initial Program

Planning

Documentationto Attempt aRepeatable

Process

StandardProgram

Planning inPlace

ManagedProgram withQuantitative

Metrics

Very MatureProgram

striving forOptimization/Improvement

Self Rating 8.6% 17.2% 29.1% 33.1% 11.9%Index Score Based on Response 29.1% 28.2% 16.2% 17.9% 8.5%

Program Maturity - Self Rating & Index Score


Programs must be reviewed annually at a minimum due to the constant changes within organizations. - Greig Fennell, FBCI


0%5%

10%15%20%25%30%35%40%45%

Does not applyto the program

I manage.

No technologyrecovery

solutions inplace.

No technologyrecovery

solutions inplace.

Currentlyconsidering atechnology

recoverysolution.

No, internalsolutions are in

place at aprimary site.

No, internalsolutions are in

place at analternate site.

Yes, exclusivelyat the critical

supplier'slocation.

Yes, mixedsolutionbetweencritical

supplier(s) andinternalrecoverysolution.

Yes, mixedsolutionbetween

multiple criticalsupplier.

8.6%

2.0% 1.3%4.6%

23.2%

6.6%

43.7%

9.9%

Utilization of Third-Party/ Alternate Site Technology Critical Supplier for Primary and/or Backup Recovery

0%

2%

4%

6%

8%

10%

12%

14%

16%

Less than$10,000 USD

$10,000 -$20,000 USD

$20,000 -$50,000 USD

$50,000 -$100,000

USD

$100,000 -$200,000

USD

$200,000 -$500,000

USD

$500,000 -$750,000

USD

$750,000 -$1,000,000

USD

$1,000,000 -$1,500,000

USD

$1,500,000 -$2,000,000

USD

$2,000,000 -$4,000,000

USD

$4,000,000 -$6,000,000

USD

$6,000,000 -$8,000,000

USD

$8,000,000 -$10,000,000

USD

$10,000,000 -$12,000,000

USD

$12,000,000 -$15,000,000

USD

More than$15,000,000

USD

12.1%

3.0%

7.6%

15.2%

6.1%

13.6%

3.0% 3.0%

12.1%

4.5% 4.5%

1.5%

3.0%

1.5%

3.0%

6.1%

7.6% 7.6%

6.1% 6.1%

15.2%

9.1% 9.1%

7.6%

10.6%

3.0%

10.6%

1.5%

6.1%

Budget Amount for Third Party Hot-Site/Alternate Site Technology Critical Suppliers - US Dollars

Initial Cost (Up front/ initial cost) Recurring or Annual Cost (Annual maintenance, annual license and/or annual support)

Third-Party Hot Site Provider Assessment Does your organization contract with a third-party hot site/ alternate site technology provider?

To the best of your ability, please indicate the budget amount spent on third party hot-site/ alternate site technology provider in US Dollars.


0%

5%

10%

15%

20%

25%

30%

35%

40%

25.0%

12.5%

12.5%

25.0%

12.5% 12.5%12.0%

6.0%

12.0%8.0%

18.0%

2.0%

14.0%

6.0% 6.0%2.0%

4.0% 4.0%6.0%

25.0%

12.5%

37.5%

12.5% 12.5%

Initial Cost by Utilization of Third-Party Hot Site/ Alternate Site Technology Critical Supplier

Yes, exclusively at the critical supplier's location. Yes, mixed solution between critical supplier(s) and internal recovery solution. Yes, mixed solution between multiple critical supplier.

0%

5%

10%

15%

20%

25%

30%

Less than$10,000 USD

$10,000 -$20,000 USD

$20,000 -$50,000 USD

$50,000 -$100,000

USD

$100,000 -$200,000

USD

$200,000 -$500,000

USD

$500,000 -$750,000

USD

$750,000 -$1,000,000

USD

$1,000,000 -$1,500,000

USD

$1,500,000 -$2,000,000

USD

$2,000,000 -$4,000,000

USD

$4,000,000 -$6,000,000

USD

$6,000,000 -$8,000,000

USD

$8,000,000 -$10,000,000

USD

$10,000,000-

$12,000,000USD

$12,000,000-

$15,000,000USD

More than$15,000,000

USD

28.6%

14.3% 14.3% 14.3% 14.3% 14.3%

6.0%4.0%

6.0%4.0%

16.0%

8.0%10.0% 10.0%

10.0%

4.0%

14.0%

8.0%

22.2%

11.1% 11.1% 11.1%

22.2%

11.1% 11.1%

Recurring or Annual Cost by Utilization of Third-Party Hot Site/ Alternate Site Technology Critical Supplier

Yes, exclusively at the critical supplier's location. Yes, mixed solution between critical supplier(s) and internal recovery solution. Yes, mixed solution between multiple critical supplier.


0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Other criteria

Testing support

Telco connectivity (bandwidth available to multiple telcos)

Technical support

Service level agreements

Security controls

Return on investment

Overall management

Number of exercises permitted per year without additional cost

Maximum duration of activation

Frequency of refreshing installed systems

Cost

Business support

Availability/ Ease of access

Administrative support

69%

8%

5%

3%

3%

3%

6%

3%

8%

9%

20%

3%

14%

3%

12%

2%

2%

2%

2%

5%

8%

5%

5%

2%13%

5%

9%

2%3%

12%

5%

3%

9%

26%

20%

24%

23%

17%

34%

31%

25%

27%

35%

45%

25%

17%

25%

20%

54%

54%

55%

57%

60%

41%

60%

54%

58%

40%

35%

49%

65%

54%

8%

14%

14%

11%

18%

6%

2%

3%

5%

2%

3%

8%

15%

6%

Satisfaction Ratings for Third Party Hot-Site/ Alternate Site Recovery Critical Suppliers

Not applicable 1 - Extremely Dissatisfied Unsatisfied Neutral Satisfied 5 - Extremely Satisfied

0%

5%

10%

15%

20%

25%

30%

35%

1.4%

11.1%11.1%8.3%

2.8% 2.8% 1.4% 2.8% 1.4% 2.8% 2.8%6.9%

1.4% 1.4%

13.9%

25.0%

4.2%

12.5%

2.8%5.6%

2.8%

33.3%

5.6%1.4% 1.4%

4.2%

25.0%

Third Party Hot-Site/ Alternate Site Technology Recovery Critical SuppliersExceeds 100% due to Multiple Selections

Other Third Party Hot-Site/ Alternate Site Technology Recovery Providers Noted Include:

Branch of Defense Information Systems Agency, Co-location, Daisy, Do not know, Expedient, Hypertec, Local concern, Multiple vendors, On cloud, Other INGO, OVH, Quo Vadis, REGUS, SaskTEL, Sentinel, SIS, Telx, Verizon, Switch 8 and Viawest

When utilizing third party hot-site/ alternate site technology provider, how would you rate your satisfaction level with the following from extremely dissatisfied to extremely satisfied?

Who is your third party hot-site/ alternate site technology provider(s)? (Check all that apply.)


60.1%

39.9%

Utilize Software Planning Tools

Yes

No

0%

2%

4%

6%

8%

10%

12%

14%

16%

18%

20%

Less than$5,000

USD

$5,000 -$10,000

USD

$10,000 -$15,000

USD

$15,000 -$25,000

USD

$25,000 -$40,000

USD

$40,000 -$60,000

USD

$60,000 -$80,000

USD

$80,000 -$100,000

USD

$100,000 -$125,000

USD

$125,000 -$150,000

USD

$150,000 -$175,000

USD

$175,000 -$200,000

USD

More than$200,000

USD

6%

16%

6%

9%

13%

9%

6%

13%

1%3%

4%3%

13%11%

10%

7%

11%

19%

9% 9%10%

3%1%

3%

7%

Budget Amount for Software Planning Tools - US Dollars


Does your organization utilize software planning tools to assist with your Business Continuity Management program initiatives?

To the best of your ability, please indicate the budget amount spent on software tools in US Dollars.

Software Planning Tools Assessment


0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Other criteria

Training

Technical support


Security controls/ Security through role based access


Reporting

Overall management

Multiple language capabilities

Installation

Hosting Capabilities

Functionality

Ease-of-use

Data Management

Cost

Contract administration

Availability


Ability to customize

81%

4%

5%

7%

3%

8%

4%

3%

32%

17%

13%

1%

1%

3%

6%

14%

4%

4%

1%

5%

4%

3%

1%

3%

5%

3%

1%

4%

5%

4%

1%

5%

3%

2%

18%

12%

7%

1%

8%

12%

7%

8%

8%

14%

20%

10%

8%

7%

3%

14%

15%

12%

28%

21%

22%

22%

32%

22%

30%

27%

14%

14%

22%

16%

22%

26%

15%

16%

20%

19%

5%

34%

40%

51%

58%

38%

42%

41%

22%

47%

50%

42%

39%

49%

47%

50%

42%

41%

46%

11%

18%

11%

16%

12%

18%

14%

8%

13%

24%

18%

18%

12%

11%

14%

35%

16%

16%

Satisfaction Ratings for Software Planning Tools


Other Criteria Noted Include: The service is new and we have not started using in the DR environment. Is used for BC, Our company is in the initial phases of implementing the software product.

When utilizing software tools, how would you rate your satisfaction level with the following from extremely dissatisfied to extremely satisfied?

Software tools have come a long way over the years and the investment is well worth it. The one area that needs to be strongly considered when purchasing a tool is how easy is it for the end user to access and update their plans. Remember the end users are most likely only going into their plan once or twice per year. The chart is reflective with ease of use only being 39%, training at 34%, and ROI at 38%.



0%

5%

10%

15%

20%

25%

21.1%

3.9%2.6%

1.3% 1.3% 1.3% 1.3% 1.3% 1.3% 1.3%

14.5%

1.3% 1.3% 1.3%

5.3%

1.3%

6.6%

10.5%

2.6% 2.6%

6.6%

3.9%

7.9%9.2%

5.3%

Software Planning Tool ProvidersExceeds 100% due to Multiple Selections

Other Software Planning Tool Providers Noted Include: CoBRA, Service Now, Vendor Insight and ReadiNow.

Which software tools does your organization utilize? (Check all that apply.)


73.3%

26.7%

Utilize Automated Notification Tools

Yes

No

0%

2%

4%

6%

8%

10%

12%

14%

16%

18%

20%

Less than$5,000 USD

$5,000 -$10,000

USD

$10,000 -$15,000

USD

$15,000 -$20,000

USD

$20,000 -$30,000

USD

$30,000 -$40,000

USD

$40,000 -$50,000

USD

$50,000 -$75,000

USD

$75,000 -$100,000

USD

$100,000 -$125,000

USD

$125,000 -$150,000

USD

$150,000 -$200,000

USD

More than$200,000

USD

20%

13%

9% 9% 9%

12%

7%5%

7%

1% 1%

5%

17%18%

9%8%

13%

5%6%

5%6%

5%

1%

5%

Budget Amount for Automated Notification Tools - US Dollars


Does your organization utilize an automated notification tool?

To the best of your ability, please indicate the budget amount spent on automated notification tools in US Dollars.

Automated Notification Tools Assessment


0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Other criteria

Variety/ Choice of notification channels

Training

Technical support

Security controls

Role base security


Reporting

Overall capabilities

Notification modalities (end points)

Multi-use capabilities

Local support internationally

Language capabilities

International reach (and cost)

Initial cost

Global capabilities

End customer (person receiving notification) experience

Ease-of-use

Data Management

Cost-per-message or cost-per-call

Availability


68%

2%

7%

4%

6%

9%

4%

1%

1%

2%

6%

41%

30%

29%

4%

20%

0%

1%

2%

14%

1%

7%

4%

2%

5%

4%

2%

1%

4%

2%

2%1%

2%

2%

2%

1%

2%

2%

2%

2%

1%

4%2%

6%

4%

6%

5%

4%

4%

2%

12%

5%

1%10%

2%

5%

4%

7%

7%

4%

10%

6%

3%

1%6%

12%

18%

21%

23%

20%

21%

31%

20%

23%

20%

25%

21%

23%

19%

28%

14%

27%

23%

24%

22%

12%

16%

8%

55%

42%

45%

52%

54%

49%

57%

54%

58%

46%

28%

30%

39%

53%

47%

54%

48%

51%

49%

51%

49%

2%

18%

19%

20%

16%

11%

11%

10%

15%

16%

12%

5%

10%

7%

7%

10%

13%

17%

14%

10%

32%

20%

Satisfaction Ratings for Automated Notification Tools


Other Criteria Noted Include: Our emergency notification solution is homegrown - having limited capabilities, and little flexibility, We are fairly new to the tool (about 1 year) and still exploring its use. Adoption by the end user has been a challenge. Only a few people are trained to use the tool for broadcasts which is a function of our process not the tool. We have just purchased 3N. It is implemented on the BC side, but not in DR yet. It is our plan to implement early 2018. We own some telecommunications and our emergency system is part of that. Very basic. Internal/home grown system; no longer supported. Like the SWN mobile app and their willingness to help us brand it for my company. Contact details upload options in relation to dynamic groups.

When utilizing automated notification tools, how would you rate your satisfaction level with the following from extremely dissatisfied to extremely satisfied?


0%

5%

10%

15%

20%

25%

1.1% 1.1% 1.1%2.2% 2.2%

1.1% 1.1%

3.2%

1.1%

21.5%

5.4%

1.1% 1.1% 1.1% 1.1%

10.8%

1.1% 1.1% 1.1% 1.1%

17.2%

5.4%

1.1%

6.5%

3.2%

1.1% 1.1% 1.1%

5.4%

1.1%

7.5%8.6%

Automated Notification Tool ProvidersExceeds 100% due to Multiple Selections

OnSolve = 33.5%Sungard = 9.7%

Whispir = 2.2%

(x) matters = 6.5%

Other Automated Notification Tool Providers Noted Include: Alert Sense, Confidential, contracted from separate Defense Agency, Developed by other company, N/A, part of telecommunications and SECOM system

Which automated notification tools does your organization utilize? (Check all that apply.)

Mass notification systems need to be easy to use and operate. Looks for systems that provide geo-fencing capabilities to communicate with people in a specific area or to alert individuals if they are approaching an area that may be dangerous or unsafe.



15.2%

84.8%

Utilize Mobile Recovery Services

Yes

No

0%

5%

10%

15%

20%

25%

30%

35%

Less than$5,000

USD

$5,000 -$10,000

USD

$10,000 -$15,000

USD

$15,000 -$25,000

USD

$25,000 -$40,000

USD

$40,000 -$60,000

USD

$60,000 -$80,000

USD

$80,000 -$100,000

USD

$100,000 -$125,000

USD

$125,000 -$150,000

USD

$150,000 -$175,000

USD

$175,000 -$200,000

USD

More than$200,000

USD

33%

8%

25%

8% 8% 8% 8%8%

33%

17%

8% 8% 8% 8% 8%

Budget Amount for Mobile Recovery Services - US Dollars


To the best of your ability, please indicate the budget amount spent on mobile recovery services in US Dollars.

Mobile Recovery Service Providers Assessment

Does your organization utilize mobile recovery services to assist with your Business Continuity Management program initiatives?


0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Other criteria

Testing capabilities

Technical support

Technical/ Facility "set up" - IT/ Physical set up to enable functionality


Security controls


Response time

Number of units available for dispatch

Geographic location of unit dispatch

Ease-of-use

Distance from primary location

Data Management

Crisis management

Contract administrative


17%

7%

14%

14%

14%

13%

17%

21%

15%

7%

7%

20%

14%

7%

7%

7%

13%

20%

21%

20%

31%

27%

29%

33%

7%

36%

40%

14%

21%

27%

13%

20%

50%

50%

60%

46%

47%

43%

53%

67%

64%

50%

40%

43%

57%

33%

60%

47%

17%

7%

13%

8%

20%

14%

7%

13%

14%

14%

13%

21%

7%

20%

13%

13%

Satisfaction Ratings for Mobile Recovery Services


When utilizing mobile recovery services, how would you rate your satisfaction level with the following from extremely dissatisfied to extremely satisfied?


0%

5%

10%

15%

20%

25%

30%

35%

40%

Agility Rentsys Sungard AvailabilityServices

Other

37.5%

25.0%

31.3%

6.3%

Mobile Recovery Service ProvidersExceeds 100% due to Multiple Selections

Other Mobile Recovery Service Providers Noted Include: SECOM

Which mobile recovery services does your organization utilize? (Check all that apply.)


0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Do Critical Suppliers Educate Staff on Personal Preparedness/ Readiness

Do Critical Suppliers Encourage/ Support Personal Preparedness/ Readiness

Do Critical Suppliers Scan/X-ray Visitor's Bag Prior to Entering Primaru Facility

Do Critical Suppliers Screen Visitors Prior to Entering Primary Facility

Do Critical Suppliers Inspect Mail Prior to Delivery to Primary Facility

Do Critical Suppliers have a Firm-Wide Work from Home Day

Do Critical Suppliers Identify Shelter in Place with Logo/ Sign

Do Critical Suppliers Encrypt Data Prior to Transmission to Backup Facility

Do Critical Suppliers Follow a Chain of Custody Controls to Prevent Loss of Physical Media inTransit to Backup Facility

If Deficiencies were Discovered in last Experice, is there an Action Plan to Resolve/ Mitigate Risk

Do Critical Suppliers Ensure Backup of Media Restoration Procedures at Least Annually

Do Critical Suppliers have a Backup & Recovery Policy, Standards & Procedures in place for Backingup Systems, Applications & Data

Do Critical Suppliers have Adequate Backup Power to Supply Power for 48+ Hours

Are Critical Suppliers Primary & Secondary Facilities Equipped with Environmental Monitoring &Suppression Controls

Are Critical Suppliers Primary & Alternate Sites on Separate Utility Grids or Multiple DistributionPoints

Do Critical Suppliers have Alternate Offices/ Remote Capability for their Technical Staff to SupportClients

Are Critical Suppliers Network & Infrastructure Devices Connected to Uninterruptable PowerSupply & Generators

Do Critical Suppliers have Dedicated Program Personnel

Do Critical Suppliers have a Business Continuity Oversight Committee

Allowed to View Copy of Critical Supplier's Programs

For Critical Suppliers Conducting a Risk Assessment, Do You Receive a Report

Your External Auditor Review Critical Suppliers Plan Exercises

Critical Suppliers Participate in Your Plan Exercises

Do Contracts Require a Documented IT Disaster Recovery Plan

Do Contracts Require a Documented Business Continuity Plan

Critical Suppliers have Recovery Time Objectives

Contracts Include Service Level Agreements

10.7%

2.5%

2.5%

70.2%

64.6%

76.1%

58.0%

80.5%

80.5%

84.1%

61.6%

75.7%

50.9%

65.8%

52.2%

56.5%

54.8%

57.9%

51.7%

51.3%

50.8%

20.5%

33.1%

22.1%

20.5%

13.4%

23.3%

17.2%

28.9%

19.0%

8.8%

15.0%

5.3%

24.1%

3.5%

0.9%

3.5%17.0%

8.1%

26.3%

10.8%

19.1%

19.1%

24.3%

18.4%

17.2%

25.3%

13.6%

24.8%

9.3%

16.9%

13.1%

6.7%

31.7%

28.7%

19.0%

39.7%

11.4%

12.4%

5.3%

13.4%

5.3%

9.7%

6.2%

13.4%

9.0%

14.0%

16.2%

18.3%

14.8%

16.5%

15.8%

23.3%

16.5%

17.8%

8.5%

22.0%

11.7%

6.6%

11.8%

12.5%

17.2%

26.4%

25.6%

7.0%

6.2%

4.4%

3.6%

8.8%

7.1%

2.7%6.3%

5.4%

6.1%

4.5%

9.6%

7.8%

3.5%

6.1%

6.9%

6.1%

15.3%

7.7%

23.7%

15.6%

8.2%

34.5%

15.0%

16.4%

16.5%

13.2%

2.6%

1.8%

8.8%

0.9%

1.8%

1.8%

3.5%

1.8%

1.8%

2.6%

2.7%

0.9%

1.7%

0.9%

1.8%

0.9%

0.9%

2.5%

38.5%

11.9%

33.8%

41.0%

36.1%

15.0%

18.0%

9.1%

2.5%

How Well Do Organizations Interface with Critical SuppliersMay Exceed 100% if Multiple Selections were an option for Multiple Suppliers

Not Applicable Not sure Yes - All do Over half do Under half do No

Critical Supplier Assessment - Overview


0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Aware How Critical Supplier Documents Program and How Often Documents are Updated

Do Critical Suppliers Conduct a Risk Assessment

Do Critical Suppliers Conduct a Business Impact Assessment

Your External Auditor Review Critical Suppliers Program

Your Internal Auditor Review Critical Suppliers Program

Frequency of Critical Suppliers Exercising Plan

Meetings with Critical Supplier Management

58.2%

50.4%

60.2%

37.8%

26.7%

32.0%

29.5%

1.8%

8.3%

3.4%

29.9%

24.4%

20.5%

7.4%

1.8%

0.8%

0.8%

1.6%

9.0%

1.8%

2.5%

1.6%

3.1%

3.3%

16.4%

4.5%

4.1%

5.1%

2.4%

3.1%

6.6%

12.3%

37.3%

29.8%

31.4%

17.3%

27.5%

37.7%

32.8%

2.7%

6.6%

11.0%

3.9%

6.1%

7.4%

6.6%

4.5%

9.9%

8.5%

7.1%

8.4%

9.8%

9.0%

How Well Do Organizations Interface with Critical SuppliersMay Exceed 100% if Multiple Selections were an option for Multiple Suppliers

Not sure Never Monthly Quarterly Semi-annual Annually Every two years Less often than every two years

0%

5%

10%

15%

20%

25%

30%

35%

40%

Not sure 10 or less 50 or less 100 or less 200 or less Greater than 200,please specify

10.3%

17.9%

34.6%

19.2%16.7%

1.3%

7.1%

33.3%

35.7%

9.5% 9.5%

4.8%

9.2%

23.3%

35.0%

15.8%14.2%

2.5%

Number of Suppliers Deemed Critical During an Event

Critical Industries Less Critical Industries All Respondents

Indicate the number of suppliers your organization deems critical in the event of a disaster.


0%

10%

20%

30%

40%

50%

Not sure Yes - All do Over half do Under half do No

18.2%

45.5%

22.1%

13.0%

1.3%

20.5%

29.5% 31.8%

13.6%

4.5%

19.0%

39.7%

25.6%

13.2%

2.5%

Service Level Agreements in Critical Supplier Contracts


0%

5%

10%

15%

20%

25%

30%

35%


26.0%23.4%

28.6%

15.6%

6.5%

34.1%

11.4%

22.7%

18.2%

13.6%

28.9%

19.0%

26.4%

16.5%

9.1%

Recovery Time Objectives in Critical Supplier Contracts


Do your critical supplier contracts include Service Level Agreements (SLA)?

Do the most critical supplier contracts have Recovery Time Objectives?


0%

5%

10%

15%

20%

25%

30%

35%

40%

Not sure Never Monthly Quarterly Semi-annual Annually Every twoyears

Less oftenthan everytwo years

28.6%

6.5%

13.0%

18.2%14.3%

37.7%

6.5%10.4%

31.8%

9.1%

2.3%

13.6%

9.1%

25.0%

6.8%6.8%

29.5%

7.4% 9.0%

16.4%12.3%

32.8%

6.6%9.0%

Frequency of Meetings with Critical Supplier ManagementExceeds 100% due to Multiple Critical Suppliers


0%

5%

10%

15%

20%

25%

30%

35%

Not applicable Not sure Yes - All do Over half do Under half do No

3.8%

16.7%

34.6%

17.9%

11.5%

15.4%18.2% 18.2%

15.9%

25.0%22.7%

2.5%

17.2%

28.7%

17.2% 16.4%18.0%

Contracts Require a Documented Business Continuity Plan


What is the frequency of meetings with the critical supplier management? (Check all that apply for multiple critical suppliers.)

Do the contracts require a documented plan for Business Continuity?


0%

5%

10%

15%

20%

25%

30%

35%

40%


3.9%

23.7%

36.8%

10.5% 10.5%

14.5%

22.7%22.7%

15.9%

22.7%

15.9%

2.5%

23.3%

31.7%

12.5%15.0% 15.0%

Contracts Require a Documented IT Disaster Recovery Plan


0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

Not sure Never Monthly Quarterly Semi-annually Annually Every twoyears

Less often thanevery two

years

32.1%

15.4%

1.3% 2.6%6.4%

42.3%

7.7% 9.0%

31.8%

29.5%

2.3% 4.5%

6.8%

29.5%

6.8%11.4%

32.0%

20.5%

1.6%3.3%

6.6%

37.7%

7.4%9.8%

Frequency of Which Critical Suppliers Exercise Business Continuity/ Disaster Recovery Plans to Ensure Currency & Effectiveness

Exceeds 100% due to Multiple Critical Suppliers


How frequently are the critical suppliers’ Business Continuity Plans/Disaster Recovery plans exercised to ensure currency and effectiveness? (Check all that apply for multiple critical suppliers.)

Do the contracts require a documented plan for IT Disaster Recovery?


0%5%

10%15%20%25%30%35%40%45%50%


17.1%

3.9%

14.5%

38.2%

30.3%

7.0%11.6%

7.0%

27.9%

46.5%

13.4%

6.7%11.8%

34.5% 36.1%

Do Critical Suppliers Participate in Your Business Continuity/ Disaster Recovery Exercises



0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%


10.3%

23.1%

14.1%

5.1%

10.3%

37.2%

11.4%

15.9%

11.4%

9.1%4.5%

47.7%

10.7%

20.5%

13.1%

6.6% 8.2%

41.0%

Does External Audit Review the Critical Suppliers' Business Continuity/ Disaster Recovery Plan Exercises?


Do your critical suppliers participate in your Business Continuity/ Disaster Recovery exercises? (Check all that apply for multiple critical suppliers.)

Does your external auditor review your critical suppliers’ Business Continuity Plans/Disaster Recovery exercises?


0%5%

10%15%20%25%30%35%40%45%

Not

aud

ited

Not

sur

e

Mon

thly

Qua

rter

ly

Sem

i-ann

ually

Annu

ally

Ever

y tw

o ye

ars

Less

oft

en th

an e

very

two

year

s Not

aud

ited

Not

sur

e

Mon

thly

Qua

rter

ly

Sem

i-ann

ually

Annu

ally

Ever

y tw

o ye

ars

Less

oft

en th

an e

very

two

year

s

Frequency of Internal Audit Frequency of External Audit

25.6%

33.3%

1.3%3.8% 2.6%

30.8%

3.8% 6.4%

32.1%

42.3%

1.3% 2.6%

20.5%

3.8% 3.8%

27.3%20.5%

2.3% 4.5%

27.3%

11.4% 13.6%

29.5%

34.1%

2.3% 2.3%

13.6%

4.5%13.6%

26.4% 28.9%

0.8%3.3% 3.3%

29.8%

6.6% 9.1%

31.4%

39.7%

1.7% 2.5%

18.2%

4.1%7.4%

Frequency that Critical Suppliers Conduct Program AuditsExceeds 100% due to Multiple Critical Suppliers


0%

10%

20%

30%

40%

50%

60%

Not sure Never Monthly Quarterly Semi-annually Annually Every twoyears


47.4%

9.0%

1.3% 2.6%5.1%

33.3%

6.4%9.0%

55.8%

7.0%

2.3% 2.3%

23.3%

7.0%11.6%

50.4%

8.3%

0.8% 2.5% 4.1%

29.8%

6.6%9.9%

How Often do Critical Suppliers Conduct a Risk AssessmentExceeds 100% due to Multiple Critical Suppliers


How often are the critical suppliers’ Business Continuity programs being audited (internally and externally)? (Check all that apply for multiple critical suppliers.)

How often is a Risk Assessment conducted by the critical suppliers? (Check all that apply for multiple critical suppliers.)


0%

5%

10%

15%

20%

25%

30%

35%

40%


19.2%15.4% 15.4% 17.3%

32.7%28.0%

20.0% 4.0%12.0%

36.0%

22.1%

16.9%

11.7%15.6%

33.8%

Do Your Critical Suppliers Share a Copy of their Risk Assessment with Your Organization


0%

10%

20%

30%

40%

50%

60%

70%

80%

Not sure No proceduresin place

Direct manualphone call

Automatedmessaging

system

Email SMS/ Texting Social media Other

12.8% 10.3%

71.8%

26.9%

59.0%

30.8%

1.3%5.1%

14.0%11.6%

69.8%

25.6%

60.5%

27.9%

7.0%4.7%12.4% 9.9%

70.2%

25.6%

58.7%

28.9%

2.5% 4.1%

Your Organization's Procedure in Contacting & Communicating with Critical Suppliers' Personnel Off Hours



Other Procedures Noted Include: Differs by vendor, Each Vendor Relationship Manager determines, part of bcp for those that have them as a critical vendor and Supplier Service Desk.

If you answered yes to the previous question, do you receive a copy?

What is the procedure for your company contacting and communicating with critical supplier personnel off-hours? (Check all that apply for multiple critical suppliers.)


0%

10%

20%

30%

40%

50%

60%

70%

Not sure No proceduresin place

Direct manualphone call

Automatedmessaging

system

Email SMS/ Texting Social media Other

28.2%

10.3%

60.3%

23.1%

47.4%

24.4%

1.3% 1.3%

34.9%

11.6%

48.8%

9.3%

58.1%

27.9%

7.0% 4.7%

29.8%

9.9%

55.4%

17.4%

50.4%

24.8%

2.5% 1.7%

Critical Suppliers' Internal Procedure for Contacting and Communicating with their Clients & Preferred Customers During Off-Hours



Other Procedures Noted Include: Differs by vendor

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

Not sure None Default oncontract

Anotherlocation owned

by vendor

Mutual aidagreements

Third-party Reciprocalagreement

Other

35.1%

13.0%

19.5%

36.4%

20.8%

28.6%

15.6%

5.2%

44.2%

4.7%

32.6%

27.9%

4.7%

20.9%

4.7%

11.6%

38.0%

9.9%

24.0%

33.1%

14.9%

25.6%

11.6%7.4%

Backup Plan for Critical Suppliers if Unable to Provide Goods/ServicesExceeds 100% due to Multiple Critical Suppliers


Other Backup Plans Noted Include: Differs by vendor, Varies - depends on nature of supplier, Varies from vendor to vendor, Varies but many have not articulated in the contract in the past, Not sure of all, Other contractors, Depends on supplier, Other vendors and Another vendor.

What is the internal procedure for a critical supplier in contacting and communicating with external /their clients, and preferred customers off-hours? (Check all that apply for multiple critical suppliers.)

What is your critical suppliers’ backup plan if they cannot provide goods/services to your clients? (Check all that apply for multiple critical suppliers.)


0%10%20%30%40%50%60%70%

Not sure Word Third partysoftware tool

Excel More thanone product

Other

53.2%

37.7%

11.7% 10.4%18.2%

64.3%

31.0%

7.1% 11.9% 7.1%

57.1%

35.3%

10.1% 10.9% 14.3%

What Software Do Your Critical Suppliers UseExceeds 100% due to Multiple Critical Suppliers


0%

10%

20%

30%

40%

50%

60%

70%

Not sure Never Monthly Quarterly Semi-annual Annually Every twoyears


56.8%

1.4% 2.7% 2.7% 5.4%

37.8%

2.7% 4.1%

61.1%

2.8% 2.8%

36.1%

2.8% 5.6%

58.2%

1.8% 1.8% 1.8% 4.5%

37.3%

2.7% 4.5%

Frequency of Plans Updates, If Critical Suppliers Document Continuity/ Resiliency Plans



If you are aware how your critical suppliers document their plans, how often are they updated? (Check all that apply for multiple critical suppliers.)

What software are your critical suppliers’ plans written in? (Check all that apply for multiple critical suppliers.)

Critical Supplier Assessment – Business Continuity

Based on what this section is telling us there is a lot of work that needs to be done to assess and better understand what our critical vendors have in place.



0%

5%

10%

15%

20%

25%

30%

35%

40%


30.3%

10.5%

27.6%

19.7%

11.8%

38.1%

7.1%

11.9% 31.0%

11.9%

33.1%

9.3%

22.0% 23.7%

11.9%

Do Critical Suppliers Allow Viewing a Copy of their Continuity/ Resiliency Plan


0%

10%

20%

30%

40%

50%

60%

Not sure Yes - all criticalsuppliers

Over half Under half No

26.3%30.3%

7.9% 6.6%

28.9%9.8%

14.6%

9.8% 9.8%

56.1%

20.5%24.8%

8.5% 7.7%

38.5%

Does Your Organization Ask Critical Suppliers if They Have a Business Continuity Oversight Committee


Do your critical suppliers provide or allow a viewing of a copy of the Business Continuity and Disaster Recovery (BC/DR) Plan?

Do you ask critical suppliers if they have a Business Continuity oversight committee?


0%

10%

20%

30%

40%

50%

60%


48.7%

21.1%15.8%

11.8%

2.6%

54.8%

21.4% 21.4%

2.4%

50.8%

13.6%17.8% 15.3%

2.5%

Do Your Critical Suppliers have Dedicated Continuity/ Resiliency Personnel


0%

10%

20%

30%

40%

50%

60%

70%

Not sure Never Semi-annual Annually Every twoyears

Less often thanevery two

years

56.6%

2.6%7.9%

34.2%

13.2%7.9%

66.7%

4.8%

26.2%

7.1%9.5%

60.2%

3.4% 5.1%

31.4%

11.0% 8.5%

Frequency that Your Critical Providers Perform a BIAExceeds 100% due to Multiple Critical Suppliers


Do the critical suppliers have a dedicated team of professionals focused on Business Continuity?

How often do the critical suppliers perform a Business Impact Analysis (BIA) to identify critical business processes and technologies that should be recovered first in the event of a disaster? (Check all that apply for multiple critical suppliers.)


0%

10%

20%

30%

40%

50%

60%

Not sure Yes, required bycontract

Yes - All do Over half do Under half do No

52.7%

10.8%13.5% 14.9%

6.8%1.4%

48.8%

7.3%19.5% 19.5%

4.9%

51.3%

9.6%15.7% 16.5%

6.1%0.9%

Critical Suppliers' Network & System Infrastructure Devices Connected to Uninterruptable Power Supply and Generators


0%

10%

20%

30%

40%

50%

60%

70%


44.0%

21.3% 24.0%

9.3%

1.3%

65.9%

9.8%22.0%

2.4%

51.7%

17.2%23.3%

6.9%0.9%

Do Critical Suppliers have an Alternate Office(s) or remote Capability for Technical Staff to Continue Operations and Support Clients


Are the critical suppliers’ network and system infrastructure devices connected to an uninterruptable power supply (UPS) and generators?

Do your critical suppliers have an Alternate Office(s) or other remote capability from which technical staff/personnel continue business operations and support clients?

Critical Supplier Assessment – Recovery

Based on what this section is telling us there is a lot of work that needs to be done to assess and better understand what our critical vendors have in place.



0%

10%

20%

30%

40%

50%

60%


56.9%

22.2%

13.9%

6.9%

59.5%

11.9%

19.0%

4.8%

4.8%

57.9%

18.4%15.8%

6.1%1.8%

Are Critical Suppliers' Primary & Alternate Sites on Separate Utility Grids or Multiple Distribution Points


0%

10%

20%

30%

40%

50%

60%

Not sure Yes, required bycontract

Yes - All do Over half do Under half do No

54.8%

9.6%15.1% 16.4%

2.7% 1.4%

54.8%

14.3%9.5% 16.7%

4.8%

54.8%

11.3% 13.0%16.5%

3.5% 0.9%

Are the Critical Suppliers' Primary & Secondary Facilities Equipped with Environmental Monitoring & Suppression Controls


If applicable, are the critical suppliers’ primary and alternate sites on separate utility grids or multiple distribution points (power, telecommunications, etc.)?

Are the critical suppliers’ primary and secondary facilities equipped with environmental monitoring and suppression controls (fire alarm, fire suppression system, fluid or water sensors, HVAC, etc.)?


0%

10%

20%

30%

40%

50%

60%


56.2%

19.2%15.1%

8.2%

1.4%

57.1%

19.0%14.3%

7.1%

2.4%

56.5%

19.1%14.8%

7.8%1.7%

Do Critical Suppliers have a Backup Power Source to Provide Adequate Capacity to Supply Power for at Least 48 Hours


0%

10%

20%

30%

40%

50%

60%

70%


46.7%

24.0% 21.3%

6.7%1.3%

62.5%

10.0% 12.5%

15.0%

52.2%

19.1% 18.3%

9.6%

0.9%

Do Critical Suppliers have a Backup & Recovery Policy, Standards and Procedures in Place for how Systems, Applications and Data Backups are Performed


Do the critical suppliers have a backup power source that can provide adequate capacity to supply power for at least 48 hours?

Do the critical suppliers have a Backup and Recovery policy, standards and procedures in place for how systems, applications and data backups are performed which include retention, maintenance, scheduling, exercises and recovery?


0%

10%

20%

30%

40%

50%

60%

70%

80%


60.3%

16.4% 16.4%

2.7% 4.1%

76.3%

15.8%

7.9%

65.8%

10.8%16.2%

4.5% 2.7%

Do Critical Suppliers Ensure Backup Media Restoration Procedures are Performed at Least Annually


0%

10%

20%

30%

40%

50%

60%

70%


45.3%

33.3%

14.7%

5.3%1.3%

61.5%

12.8%

12.8%

7.7% 5.1%

50.9%

26.3%

14.0%

6.1%2.6%

If Deficiencies were Discovered in the Last Exercise, do Critical Suppliers have Action Plans to Resolve/ Mitigate the Risk


Do the critical suppliers ensure backup media restoration procedures are performed at least annually?

If any deficiencies were discovered during the last BC/DR exercise, do the critical suppliers have action plans to resolve or mitigate the risk?


0%

10%

20%

30%

40%

50%

60%

70%

80%

11.4%

71.9%

10.5%3.5%

7.0%2.6% 0.9% 0.9% 0.9% 2.6% 1.8% 0.9% 1.8% 0.9% 0.9% 0.9% 1.8% 4.4% 2.6% 0.9%

9.6%

0.9% 1.8% 1.8% 2.6% 1.8% 0.9% 1.8%6.1%

0.9% 0.9% 1.8% 0.9% 0.9% 1.8% 0.9% 1.8%

Where do Critical Suppliers Store BackupsExceeds 100% due to Multiple Critical Suppliers

Other Third Party Hot-Site/ Alternate Site Technology Recovery Providers Noted Include: N/A and SIS

0%

10%

20%

30%

40%

50%

60%

70%

80%


74.0%

8.2% 9.6%5.5% 2.7%

78.9%

7.9% 7.9% 5.3%

75.7%

8.1% 9.0% 5.4% 1.8%

Do Critical Suppliers Follow a Chain of Custody Controls to Prevent Loss of Physical Media in Transit to Backup Facility


Where are the critical suppliers’ backups stored? (Check all that apply for multiple critical suppliers.)

Do the critical suppliers follow a chain of custody controls in place to prevent loss of physical media in transit to the backup facility?


0%

10%

20%

30%

40%

50%

60%

70%

80%


54.7%

22.7%16.0%

5.3%1.3%

75.7%

5.4%8.1%

8.1% 2.7%

61.6%

17.0% 13.4%6.3%

1.8%

Do Critical Suppliers Encrypt Data Prior to Transmission to the Backup Facility


0%10%20%30%40%50%60%70%80%90%


86.5%

1.4%6.8%

1.4% 4.1%

79.5%

7.7%5.1%

5.1%2.6%

84.1%

3.5% 6.2% 2.7% 3.5%

Do Critical Suppliers have an Identifying Logo/ Sign for Shelter in Place Locations


Do the critical suppliers have an identifying logo (sign) for Shelter in Place locations?

Do the critical suppliers encrypt data prior to transmission to the backup facility?

Critical Supplier Assessment – Facilities


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%


81.1%

1.4%

12.2%4.1% 1.4%

79.5%

5.1%12.8%

2.6%

80.5%

0.9%9.7% 7.1%

1.8%

Do Critical Suppliers have a Firm-Wide Work from Home Day


0%10%20%30%40%50%60%70%80%

Not sure Yes, all criticalsuppliers - all

areas

Yes, all criticalsuppliers -

essential areasonly

Over half do -all areas

Over half do -essential areas

only

Under half do -all areas

Under half do -essential areas

only

No

65.3%

4.2% 8.3%1.4%

15.3%2.8% 1.4% 1.4%

71.8%

10.3%5.1%

2.6%5.1% 2.6% 2.6%

67.6%

2.7%9.0%

2.7%10.8%

3.6% 1.8% 1.8%

Do Critical Suppliers' Recovery Sites Support all Area of the Firm or Essential Areas Only


Do the critical suppliers’ recovery sites support all areas of the firm or essential areas only?

Do the critical suppliers have a firm-wide work from home day?


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%


82.4%

2.7%6.8% 6.8%

1.4%

76.9%

5.1%2.6% 12.8%

2.6%

80.5%

3.5% 5.3%8.8%

1.8%

Do Critical Suppliers Inspect Mail Before Bringing into Primary Facility


0%

10%

20%

30%

40%

50%

60%

70%


56.8%

24.3%

17.6%

1.4%

60.5%

23.7%

5.3%

10.5%

58.0%

24.1%

13.4%

3.6%0.9%

Do Critical Suppliers Screen Visitors Before Entering a Primary Facility


Do the critical suppliers inspect mail before it is brought to their primary facility?

Do the critical suppliers screen visitors before they enter their primary facility?


0%

10%

20%

30%

40%

50%

60%

70%

80%


74.3%

6.8% 6.8% 4.1%8.1%

79.5%

2.6% 2.6%5.1%

10.3%

76.1%

5.3% 5.3% 4.4%8.8%

Do Critical Suppliers Scan/ X-ray Visitors' Bags Prior to Entering a Primary Facility


0%

10%

20%

30%

40%

50%

60%

70%


61.6%

15.1% 16.4%

4.1% 2.7%

70.0%

15.0% 5.0%

10.0%

64.6%

15.0% 12.4%6.2%

1.8%

Do Critical Suppliers Encourage/ Support Personal Preparedness/ Readiness for their Staff


Are visitor’s bags scanned/X- rayed before they enter the critical suppliers’ primary facility?

Do your critical suppliers encourage and support personal preparedness/readiness for their staff?

Critical Supplier Assessment – Personal Readiness


0%

10%

20%

30%

40%

50%

60%

70%

80%


64.9%

12.2% 13.5%

5.4% 4.1%

80.0%

2.5% 7.5%10.0%

70.2%

8.8% 11.4%7.0%

2.6%

Do Critical Suppliers Educate Staff on Personal Preparedness/ Readiness


BC Management’s International Benchmarking Advisory Board was instrumental in reviewing the study to ensure it focused on the topics that are of the greatest interest to continuity professionals today. The goal was to develop a credible reporting tool that would add value to the business continuity profession.

BC Management’s International Benchmarking Advisory Board Roberto Alvarez, ISO 22301 MASTER, ISO 22301 LI & LA, BCMM Assessor, ISO 20000 LI (Latin America Focus – Based in Mexico) – Roberto Alvarez is an experienced Business Consultant with over 20 years working on Business and IT disciplines like Corp Performance Management (CPM), Strategic Planning, Business Intelligence (BI/DW), IT Operations, Disaster Recovery Planning, Business Continuity Management, Mobile Computing, as well as improving IT and business processes.

He started working on Disaster Recovery and Business Continuity Management in 2000. As member of a consulting firm, he set up the Business Continuity Solutions area and services portfolio based on ITIL ("Business Continuity Management" and "Contingency Planning"), where he provided consulting and implementation services for Disaster Recovery and Business Continuity in automotive, oil & gas, pharmaceutical, government, staffing, consumer goods, human & animal health industries.

Roberto is certified as ISO 22301 Lead Auditor (through PECB and BSI), Lead Implementer & Trainer (PECB), and he also have a certification as Business Continuity Maturity Model® Assessor. He has participated as researcher and co-author of the “BCMS Competencies Development Model”, which objective is to build Personal Resilience in personnel devoted to crisis management, disaster recovery and business continuity practices, as an alternative to reinforce Enterprise Resilience.

Nowadays he is promoting and creating awareness about the importance of implementing serious efforts on Business Continuity Management Systems in Mexico and Latin America.

Mark Armour, CBCP (US Focus) – Mark Armour, CBCP, is an experienced global business continuity leader, having managed resiliency functions and programs for global Fortune 500 companies. With over 13 years in the profession, Mark has managed business continuity, disaster recovery, emergency and crisis management programs with a focus on ordered, structured response and frequent, robust exercises. During that time, Mark has been involved in or facilitated organizational responses to over 20 major events and disruptions.

Do your critical suppliers have an education program on personal preparedness/readiness for their staff?

Thank you to BC Management’s International Benchmarking Advisory Board


Mark has built and matured programs following the principles of lean continuous improvement and agile project management. Mark’s most recent contribution to the business continuity practice was the development of the Continuity 2.0 Manifesto, co-authored with David Lindstedt, PhD which outlines a new, more effective, approach to the discipline.

Mark joined the profession in 2002 and is currently the Global Director of Business Continuity for Brink’s Inc., a global leader in secure logistics solutions.

Philip Bigge, CBCP (USA Focus) – Philip Bigge is the Vice President, Consulting Services for Ripcord Solutions. Prior to joining Ripcord Solutions, Phil served as the Vice President for Business Continuity at OneWest Bank, FSB. Philip joined OneWest Bank in May 2009, continuing his fourteen consecutive years as a leader of international business continuity programs. He has spoken at numerous industry conferences demonstrating how companies can improve their business continuity practices while decreasing cost to accomplish their goals. Philip holds a Bachelor’s degree from West Chester University of Pennsylvania and is a Certified Business Continuity Planner (CBCP) from the Disaster Recovery Institute, International.

Larry Chase, CBCP (USA Focus) – Larry Chase is United States Air Force veteran, published author, industry speaker with a notable record of industry leadership roles across national level public/private sector board and advisory committees. Responsible for developing Humana’s Enterprise Resiliency Office, he now serves as its program director and possess more than 25 years of touted accomplishments in operational risk & resiliency program development across the banking, medical, manufacturing and technologies sectors. Leveraging a unique first-hand expertise in global event management, throughout both his professional careers he has gained international acknowledgment for his efforts leadership and visionary approaches—including 2017 BCI Continuity and Resiliency Team Award, 2017 Humana Volunteer Leadership Award, 2015 DRI Business Continuity Program Leader of the Year, and the 2010 Asia BCI Group Excellence Award. Larry has been instrumental in establishing an international non-profit organization providing industry related scholarships to military veterans and active duty members through the DRI Foundation’s Veteran’s Outreach Program.

Renata Davidson, ISO 22301 Master, ABCP (Eastern Europe Focus) – The co-founder and President of Davidson Consulting LLP- company specializing in Business Continuity, Risk Management and Business Process Modeling. She has worked with domestic and international companies to develop business continuity and disaster recovery plans since 1998. Ms Davidson studied at the Warsaw University in Poland and is one of less than 100 professionals globally to qualify for a Master Business Continuity Professional (MBCP) certification from the Disaster Recovery Institute (application pending).

Greig Fennell, FBCI (USA Focus) – Currently Greig serves as the Sr. Director of Business Continuity with Comcast. He has 28 years of hands-on experience in creating or enhancing management decision making frameworks to identifying, assess and prioritize company risks and in developing cost effective strategies and solutions to minimize impacts to supply chains, business operations and services. Greig has been both a consultant to companies and has created and lead ERM and business continuity programs at two Fortune 100 companies. His diverse background includes extensive involvement in manufacturing, distribution and logistics, the apparel industry, healthcare and telecommunications. He is a results-driven executive with experience in bringing management teams and technology enablers together to develop cost-effective and risk-tolerant solutions designed to achieve positive results for companies.

Guy Gryspeerdt, AMBCI (USA Focus) – Guy Gryspeerdt BA (Hons), AMBCI, has worked internationally across industry sectors, managing risk, business resilience, crisis management and security in the financial, retail, manufacturing and government sectors and has managed high level projects in these areas for leading organizations globally. Organizations have included Ernst & Young, Goldman Sachs, Reinsurance Group of America, The Westfield Group and Bridgewater.

Guy has strong experience in aligning the risk, business resilience and crisis management functions to the organization’s strategic business goals and managing both the change process and subsequent organizational systems. He is outcome focused and sees a robust resilience program as a key business enabler to deliver a competitive advantage to the organization and value to customers.

Working at the Australian Securities and Investments Commission (ASIC) as Head of Enterprise Risk & Business Resilience, Guy developed a risk based surveillance framework to assist ASIC's business teams in regulating their market participant population. During his time working in London, for EY & Goldman Sachs, Guy was appointed Chairman of the first Community Security Zone in the UK, a Metropolitan Police counter terrorism initiative.

Guy joined General Electric at the beginning of 2014 as Assistant Chief Security Officer with responsibility for Global Business Continuity, Crisis Management and Supply Chain Security. GE is the 8th largest company in the world by market cap, working in 175+ countries with over 450,000 employees and contractors. GE is the only company listed in the Dow Jones Industrial Index today that was also included in the original index in 1896.

Prashant Jha (India Focus) – Prashant Jha has 11 Plus years of business continuity management, business resilience, crisis management,

http://continuity20.org/docs/Continuity%202_0_v1_final.pdf


emergency response, disaster recovery, IT service management, pandemic planning, operational risk Expertise. Certified as ISO 22301 Lead Auditor BS25999 Lead Auditor, CBCP, CEH, ABRCCI, ITIL V2 Service manager, ITIL V3 Foundation, PMP trained. Currently working as Head of business resilience establishing the business resilience for the Markets and International banking (Investment banking). Acquired the skills in BCM from various parts of the world (Germany, India, UAE, Singapore, US, Australia, Hong Kong, Japan, Thailand, Indonesia etc.)

Alberto Jimenez, CBCP, PMP (Latin America Focus – Based in USA) – Alberto is a Principal with Datalink. He's a former a strategic engagement manager with SunGard Consulting Services, a director and founder of MiaTomi, LLC; a former associate director with Protiviti, and manager at Accenture. Alberto has led a variety of business risk management, business continuity and IT strategy efforts at global organizations, including the delivery of Business Continuity, Crisis Management, disaster recovery, pandemic preparedness, project risk management, and audit solutions. His industry experience includes Banking, Brokerage, Insurance, Healthcare, Biotech, Energy, Manufacturing, Transportation, Telecommunications, Retail, and Media and Entertainment. Additionally, Alberto is certified project manager (PMP), and business continuity professional (CBCP).

Sohail Khimani, MBCP, AFBCI (Middle East Focus – Based in UAE) – Sohail Khimani is a BCM/ERM expert and a dynamic professional in developing the BCM/ERM disciplines throughout UAE and in the MENA region. With over 15 years of industry experience both nationally and globally within sectors ranging from banking and finance industry, telecommunications, IT & management consultancy, pharmaceuticals and manufacturing, Sohail is currently employed with Booz Allen Hamilton and previously served as the Head of BCM & Information Security at KASB Bank – banking arm of KASB Group – specializing primarily in investment banking, research, brokerage, asset management, Islamic finance and commercial banking. In addition, Sohail previously served International Association of Emergency Managers (IAEM) as Country Representative for Pakistan. He is also a part of instructor cadre of Disaster Recovery Institute (DRI) International and upholds MBCP and AFBCI Certifications. He also actively contributes articles on BCM discipline, being published by local and international associations and recently accepted the role of Contributing Editor for DRI International’s Regional Blog Thrive! In 2013, Sohail was also awarded ‘Best CBCP Award’ by DRI Malaysia.

Linda Klug, MBCP (USA Focus) – Linda Cerni Klug, MBCP, has been in the disaster planning, response and recovery industry for 23 years. Her former employers include the American Red Cross, FEMA, and the United Nations, as well as EMC, Symantec, VERITAS, and Comdisco. She has developed, implemented, and validated Disaster Recovery and Business Continuity programs for IT environments, enterprises, and governments. Linda has supported several Fortune 500 clients including United Airlines, Nike, Microsoft, OfficeMax, Northwest Airlines, Charles Schwab, Wells Fargo, and Fidelity Investments. She is currently the President of Axiom Recovery, Inc.

Jayaraj Puthanveedu, CISSP, CISA, MBCI, CGEIT, ITIL (Asia Pacific Focus – based in Singapore) – Jayaraj Puthanveedu currently serves as Director, APAC Regional Head of Business Continuity and Head of CSBC(Corporate Security, and Business Continuity) for Singapore/South East Asia and previously served as the Head of Corporate Security, Operational Risk and Business Continuity - India and Sri Lanka at Deutsche Bank, responsible for a portfolio comprising Operational Risk Management, Business Continuity, Crisis Management, Corporate Security, Anti-Fraud Unit, Protective Intelligence and Forensics. Prior to joining Deutsche Bank, he worked with Northern Trust Bank as the APAC Head of Business Continuity with additional responsibilities for Corporate Operational Risk activities in India. In the past, Jayaraj has held various senior management and technical positions at Goldman Sachs and Cable & Wireless in the areas of Business Continuity, Information Security, and Technology Risk etc.

Lisa Reshaur, Ph. D., CBCP (USA Focus) – Lisa is the Senior Director for Microsoft’s Enterprise Business Continuity Management Program (EBCM). She sets the governance and standards for the Company’s BCM program which includes continuity, recovery and resiliency. Lisa earned a Ph.D. from the Disaster Research Center at the University of Delaware where she focused on studying businesses in disasters. Prior to joining Microsoft, Lisa worked for PricewaterhouseCoopers where she spent 14 years working with companies around the world to help them build, improve and sustain risk and compliance programs.

Lisa earned a Six Sigma Black Belt, is a Certified Business Continuity Professional (CBCP) and is in the process of earning her Certified Risk Manager (CRM) designation.

Kenny Seow, MBCI, CBCP (Asia Pacific Focus – Based in Australia) – Kenny Seow is a Partner at Riskwest (www.riskwest.com.au) and a Board Member and Western Australia Area Representative of the Australasian Chapter of the Business Continuity Institute. He has over 24 years of international experience in disaster recovery, business continuity and crisis management in banking, securities, logistics and government. Kenny was formerly the Director and Regional Head of BCM for a global investment bank with responsibilities across 16 countries in Asia Pacific. He now consults extensively in business continuity and risk management to a broad range of government agencies, community service organisations and private sector companies in Australia and Asia.

http://www.riskwest.com.au/


Wong Tew Kiat, CBCP, MBCI, CITBCM(S), COMIT(S), Fellow SCS (Asia Pacific Focus – Based in Singapore) – Wong Tew Kiat has more than 25 years of experience and is equipped with excellent knowledge in Business Continuity Management (BCM), IT Disaster Recovery (DR) and Data Centre (DC) management.

He is a Certified Business Continuity Professional (CBCP) since 1997, a Certification by the Disaster Recovery Institute International (USA) and member of the Business Continuity Institute (MBCI, UK) since 2005. He is also a Certified IT Project Manager, Senior (CITPM), Certified Outsourcing IT Manager, Senior (COMIT) and Certified IT BCM Manager, Senior (CITBCM) by the Singapore Computer Society (SCS), Singapore. He was the President for the Business Continuity Group, an industry chapter in SCS from 2005 – 2008 and 2010 – 2011. In addition, he chaired the CITBCM Resource Panel to develop the Body of Knowledge for the CITBCM. He currently chairs the CITBCM Board of Assessors.

In 2008, he received the Asian Lifetime Achievements Awards by BCP Asia, Singapore.

With his passion for business continuity, he has been actively involved in the industry to promote BCM and ITDR. He has contributed to the industry’s BCM Standards and Guidelines: TR19 BCM Guidelines, SS540 BCM Standards, ISO22301 BCM Standards and SS507 certification for DR/BC service providers. He is also invited as a distinguished speaker for many BCM and DR related conferences and seminars since 2003 in Singapore, China, Taiwan and Philippines. In addition, he is also an established BCM consultant to China BCM through special invitations and has conducted BCM and ITDR courses in both China and Taiwan in Mandarin.

He has been actively engaged in providing BCM consultancy, DC risk & resiliency workshops for the Ministries, government agencies and SMBs. He had also developed the Body of Knowledge for the CITBCM (Certification in IT BCM) Certification Course and is appointed by Singapore Computer Society as the authorised training provider for the CITBCM course.

Thomas Wagner, CBCP, MBCI (USA Focus) – Tom is a recognized expert and innovative thought leader in the Business Continuity Management space with over 25 years’ experience as a practitioner, management consultant and technology executive in the financial services industry. Tom is currently the Managing Director for SIFMA and he previously served in senior BCM roles at HSBC, Marsh, Gartner, Booz Allen and the NYSE. While at Booz Allen, Tom consulted to the President’s Commission for Critical Infrastructure Protection (PCCIP), the White House Critical Infrastructure Assurance Office (CIAO / Homeland Security) and Intelligence Communities where he conducted risk assessments and helped develop strategies to protect the financial services industry from terrorism and natural disasters. Tom is also a recognized thought-leader in the IT Controls and Risk Management space having served as a SME with ISACA ITGI for the on-going development of CobiT and the IT Risk and Governance frameworks.

A special thanks to our sponsoring organizations that assisted in translating our study. Without these organizations the study may not have been available in Chinese, Japanese and Spanish.

Distributing Organizations BC Management also greatly appreciates the efforts of those organizations that assisted in this global effort. Below is a list of participating organizations that assisted in distributing our annual study. The contribution of each individual organization does not indicate an endorsement of the study findings or the activities of BC Management, Inc. This is NOT a complete list of distributing organizations.

Thank you to our sponsors and organizations that assisted with this global effort

Global Data Solutions LTD Sponsored the Chinese translation

Risk Managers and Consultants Association Sponsored the Japanese translation

MiaTomi Sponsored the Spanish translation


Associations

Business Recovery Association of Virginia

B.R.A.V.

Certifying Organizations

– www.thebci.org

– www.drii.org

Business Continuity/Disaster Recovery Service Providers

– www.mxtel.mx

– www.acp-international.com

– www.brma.com

NorthEast Disaster Recovery Information X-Change

– www.nedrix.com

– Business Recovery Association of Virginia

– www.continuitylink.com

Disaster Recovery Information Exchange – www.drie.org

– www.madra.org

http://www.thebci.org/

http://www.drii.org/

http://www.mxtel.mx/

http://www.acp-international.com/

http://www.bcmie-australia.org/

http://www.brma.com/


http://www.nedrix.com/


http://www.continuitylink.com/

http://www.drie.org/

http://www.madra.org/




– www.strohlbrasil.com.br

Periodicals/Media

– www.continuityinsights.com – www.drj.com

– www.resiliencepost.com

BC Management, Inc., founded in 2000, is an executive staffing and research firm solely dedicated to the business continuity, disaster recovery, risk management, emergency management, crisis management and information security professions. With decades of industry expertise, our staff has a unique understanding of the challenges professionals face with hiring, benchmarking and analyzing best practices within these niche fields. BC Management’s Complimentary Research - BC Management has been collecting data on the factors that impact compensations and business continuity programs since 2001. To download our current complimentary reports please visit www.bcmanagement.com. We Value Your Comments - Thank you for participating in our study. Your contribution adds value to our comprehensive reporting and allows us the opportunity to assess industry trends. Please share any comments or suggestions on how we can improve at [email protected]. Inquiries For more information or to order a report please email us at [email protected] or call us at (714) 969-8006. Complimentary Report Exclusively for Study Respondents This is a complimentary report that is exclusive only to those professionals who contributed to BC Management’s 2nd Edition – BCM Service provider/ Critical Supplier/ Supply Chain Management Assessment. This report is not meant for general distribution. Any distribution of this report or reference to any information enclosed within this report is prohibited unless approved by BC Management, Inc.

About BC Management, Inc.

– www.ormgt.com.sg

– www.scs.org.sg

http://www.strohlbrasil.com.br/

http://www.continuityinsights.com/

http://www.drj.com/

http://www.resiliencepost.com/

http://www.bcmanagement.com/

mailto:[email protected]

mailto:[email protected]

http://ormgt.com.sg/

http://ormgt.com.sg/

https://www.scs.org.sg/index.php