When crisis strikes, all businesses are concerned with whether their revenue and custom will continue.
When their services (particularly those involving technology) depend on the use of third party suppliers, businesses should also think about their own ability to deliver.
Questions that business managers will be agonising over during a crisis include:
Will our suppliers deliver to the same standard of quality as before?
Will they deliver at all?
Will our organisation be able to pay for those services?
What should we do if any of these situations arise?
Whether your organisation is a customer of technology services or a supplier that relies on tech services to deliver its own products, those same business managers will be turning to their general counsel (GC) to help them understand the legal and contractual positions of their supply relationships.
This client alert explores the immediate actions that a GC and their in-house legal team should take as a priority during a crisis.
The ability of an organisation to withstand disruption of its operations and still function determines whether or not it is resilient.
The actions taken in such events are often set out in business continuity plans (BCPs) or crisis management and disaster recovery procedures.
Many businesses, such as essential service providers, are legally required to have business continuity measures in place. Others, particularly technology suppliers, have them as a matter of good business practice.
UK and European financial regulators have introduced the concept of ‘Operational Resilience’, which will require financial organisations to set impact tolerances that their important business services can withstand in a crisis.
Embedding impact tolerances within the third party contracts that govern the provision of your important business services should be one of the key components of success in the drive to be resilient.
But what happens when the relevant event that causes the operational disruption is not isolated to your business but impacts the world at large?
Although no one can be expected to prepare for such an event, or even to have legislated against it in the contract, organisations can still deploy the main components of Operational Resilience post hoc in order to reduce disruption to their technology supply chain.
The key components required to achieve this involve communication and good contract management, which should be deployed via the steps described below.