Business continuity and disaster recovery (BC/DR) plans are an essential element of your and your suppliers’ business—an increasingly apparent fact as we now face the uncertainty caused by COVID-19. Your agreements with suppliers and service providers likely account for exigent circumstances via force majeure and BC/DR provisions, and reviewing and updating those contingencies now is imperative. The following steps will help you critically review how the BC/DR plans supporting your organization plan for COVID-19.
1. Identify Critical Suppliers/Services
Start by identifying and prioritizing your key suppliers. First, consider which products and services are critical to your business. If downtime of a given supplier-system would impair your mission-critical functionality, that supplier should top the list.
Second, the nature of the supplier’s product or services should play a role in your prioritization. Services that rely on highly concentrated personnel resources, such as call centers and service desks, will likely be the first wave of impacted services. Alternatively, infrastructure-related outsourced functions will be less impacted by workforce-related issues, but they may be negatively affected by increased user volume as more users shift to online services while in isolation. Supply-chain issues related to hardware deployment are also possible.
If your agreement permits you to request a copy of the plan, do so. Many suppliers are proactively providing updates and revised plans—but requesting additional information about their obligations and asking specific questions is invaluable in your ability to assess the plan.
2. Review BC/DR Plans and Identify Deficiencies
Whether you are reviewing your own, or your supplier’s BC/DR plan, determine first whether it properly accounts for pandemic circumstances. Your garden-variety plan may not appropriately account for a pandemic. Most BC/DR plans respond to data transfer outages, natural disasters or terrorist events. Pandemics differ in both scale and duration to these events.
While a terrorist attack, for example, would target just one region of the world, COVID-19 has spread vastly and rapidly. At present, very few geographic locations have yet to see cases of the virus. As such, BC/DR plans that properly account for the risks associated with a pandemic will be global in scope, and they will contemplate a disaster that impacts a significant number of people spread out geographically. Similarly, a pandemic, unlike the usual disaster triggers, is not a one-time occurrence. Even as we endeavor to “flatten the curve” of COVID-19, it is impossible to know if it will be contained or if it will reoccur. The BC/DR plan should present long-term solutions, with contingencies that can be reactivated at any time.
Once you have established that the BC/DR plan is appropriate in scope and scale, also consider the following elements:
3. Correct the Deficiencies
If your or your suppliers’ BC/DR plan is deficient, utilize the mechanism in your agreement for requesting updates or supplements to your plan. In addition to correcting any gaps as compared to the elements mentioned above, consider also requesting the following, specific to viruses or pandemics:
4. Review Agreements for Related Clauses
Sometimes a crisis is so catastrophic that a business is unable to continue or recover. In that case, look to your force majeure clause. Generally, force majeure clauses are narrowly construed and will only excuse a party’s nonperformance that has been rendered impossible by an unforeseen event. In many cases, pandemics or the like are not addressed in force majeure clauses, but are addressed in BC/DR plans. Before this “nuclear option” is triggered, which often results in contract termination, consider whether the BC/DR plan is sufficient to carry the business forward even during trying times. For more information on whether your force majeure clauses cover COVID-19, visit Pillsbury’s COVID-19 Resource Page
Ensure that the BC/DR provisions, especially when updated, do not run counter to security requirements. Remote working, specifically, can trigger data security and processing issues, and therefore, such policies should be considered critically.
Force majeure events or other exceptions may excuse a supplier’s performance-level obligations or provide relief from service level credits. Account for this risk in your own BC/DR by seeking backups or other providers to fill in the gaps.
There is no more critical time to review your and your supplier’s BC/DR plans. Failing to react during this pandemic may leave your bottom line—and more importantly, your employees and customers—at risk.
Pillsbury’s experienced crisis management professionals are closely monitoring the global threat of COVID-19, drawing on the firm's capabilities in supply chain management, insurance law, cybersecurity, employment law, corporate law and other areas to provide critical guidance to clients in an urgent and quickly evolving situation. For more thought leadership on this rapidly developing topic, please visit our COVID-19 resources page.