The current COVID-19 pandemic has severely disrupted supply chains and business operations around the world, and its impact continues to reverberate across every economic sector. While nothing can avoid risks inherent in a global pandemic, this article offers a risk mitigation and contracts review process specifically focused on an organization’s third-party customer and vendor relationships. This process may be applied not just to pandemics, but more generally to other crises as well.
Step 1: Plans and Teams: When possible, establish incident response plans in advance (these may vary depending on the type of crisis) and perform regular exercises to test the plans (referred to as “tabletops”). This is already best practice for mitigating cybersecurity incidents and lessons learned there can be applied more generally. The plan among other things should identify the team responsible for the organization’s response to a particular type of crisis. But if no plan exists, when disasters arise, organizations quickly should establish the team responsible for leading triage and decision-making during the crisis. The team might include key business decision-makers, operations, disaster recovery specialists, crisis subject matter experts, supply chain managers or others familiar with key vendor and customer relationships and risk managers. Team members required may change over the course of the crisis.
