Three often-overlooked questions to ask when evaluating business continuity software vendors

Published: Thursday, 11 July 2019 07:48

Organizations looking to purchase a new business continuity software solution tend to focus on software features but often fail to thoroughly evaluate risks specific to the vendor, says Mike Jennings.  In this article, Mike examines three commonly overlooked vendor evaluation criteria and provides suggested questions for exposing hidden risks.

What did they build, what did they buy?

All software vendors strike a balance between investments in R&D and investments in other functions including support and services. Increased spending in R&D comes at the direct cost of competing initiatives. As a result, software vendors often reduce development costs by utilizing components provided by other vendors. For adjunct functions such as reporting, this can result in benefits for the vendor (reduced cost and increased speed-to-market), as well as benefits for the customer (more robust reporting). For system-critical functions however, dependence on third-party components can introduce risks. For instance, if the software’s platform is designed and maintained by a third-party, your potential software vendor sacrifices the ability to control stability and prioritize enhancements and bug fixes. As a result, your business continuity program could be exposed to additional risks.

Questions to ask your potential vendor:

1. Do you own and control your entire technology stack?
2. Which components in your system are provided by a third-party?
3. Are any of these system-critical? If Yes,

Alignment of customer support to your business continuity program requirements

Your business continuity program is most likely designed to ensure the resiliency of your organization in the event of a crisis no matter when it may occur. To achieve this objective, you should be able to activate your critical plans on short notice at any time of day or night. During a crisis, if you need immediate assistance from your business continuity software vendor, you should be able to have a live conversation with a support representative 24 x 7 x 365. Without this fundamental support from your vendor, your ability to activate your plan during a crisis may be delayed.   

Questions to ask your potential vendor:

1. Do you provide 24 x 7 x 365 live support for critical issues?
2. What are the SLA commitments for minimum response times for live support?
3. Do you outsource or off-shore any of your support services?
4. Request the hotline number from the vendor and try it out, unannounced, during off-hours.

Hidden financial risks

Most likely, your organization is financially stable. If that status should change, your overall risk profile would degrade. Since you rely on your business continuity software vendor for a critical service, if the vendor is not financially stable, your dependence on their software may introduce new risks that are difficult or impossible to mitigate.       

Questions to ask your potential vendor:

1. Do you operate profitably on a consistent basis?
2. Can you provide audited financial statements for the last 3 years?

Selecting an enterprise software system for business continuity is a significant commitment that will impact the success or failure of your continuity program over the long term. A thorough examination of your vendor should accompany the software evaluation to ensure that potentially hidden risks are exposed and fully considered.   

The author

Mike Jennings is an industry veteran with more than 25 years of business continuity management, disaster recovery and enterprise risk management experience. His current role is Vice President of Advisory Services for Assurance Software, Inc.

Do you agree or disagree with this article? What criteria do you use when selecting a business continuity software vendor? Let us know…