UK businesses are leaving themselves open to collapse by not checking that the companies they work with are fit to cope with the setbacks that might befall them.
Although UK SMEs are increasingly reliant on information technology, the new research revealed that over 80 per cent of business had never checked if their suppliers had taken adequate precautions to secure their data. This could include financial information, customer data bases and countless other sources that their businesses might not survive without. This is part of an alarming picture. As businesses hand over a growing amount of work to third parties, over 56 per cent perform no checks whatsoever on any part of their potential partners’ operations.
You wouldn’t hire a supplier without requiring at least a month’s notice in the break clause, yet hardly anyone checks to see if their supplier is keeping a backup copy of the computer files related to their business. 60% of companies that suffer a major data loss couldn’t survive for more than 48 hours so it’s vital that, when businesses outsource functions to other companies, they check that they have a proper backup programme in place. Otherwise they could wake up one morning with a gaping hole in their business.
In fact, information management policies are one of the least investigated aspects of due diligence for business outsourcing, the survey found. Only green and CSR (Corporate Social Responsibility) credentials are checked less with less than ten per cent of SMEs carrying out any sort of investigation on their potential partners’ credentials.
Other important aspects of company performance that are not researched include: director and employee background (81.6 per cent); employment practices (82.3 per cent); adherence to industry standards and codes of practice (81.2 per cent); company history and ownership (67.3 per cent); financial viability (66.1 per cent)
In smaller businesses, office managers are often left responsible for dealing with partners and suppliers. When things go wrong, it’s often the poor office managers who chase from pillar to post trying to find a solution to plug the gap and appease the rest of the team as they struggle to carry on without the tools they need. Better due diligence before partnering would save everyone the difficulties of unpicking issues such as responsibilities, disputed agreements and withheld payments.
Before beginning any partnership, companies should follow a few fundamental administrative and policy oriented steps to ensure they are protected.
Here’s a ‘due diligence check list’. It’s not intended to be an exhaustive list, and any entity should properly evaluate its vendors to suit its particular requirements. If you are enlisting or are considering enlisting the help of a third party vendor, I recommend you research these ten items before handing over your business-critical operations.
- Is the company sufficiently insured? Ask to see a certificate of professional indemnity insurance.
2. What’s the company’s credit rating? If the banks don’t trust them with credit, you might not want to trust them with your data, either.
3. Who owns the information that you’re passing to the company? What rights do they have to use that information?
4. What sort of security systems do they have in place to protect your information? Ask to see an information security policy.
5. What are the chances of the company going bankrupt? Do they have sufficient backing to ensure they can ride out a rough patch? You don’t want a supplier going under and leaving you without the support you need.
6. Does the company rely on the intellectual assets of a small group of employees and, if so, how do they manage the retention of this intelligence? If only one person understands your business, what happens if they decide to leave?
7. Does the company rely on third parties to fulfil any part of its commitment to you? If so, make sure they carried out due diligence on their suppliers, too.
8. Where is the company storing the data that it’s creating or using on your behalf? Be aware that, if it’s stored outside of the EU it may be subject to different laws and access rights.
9. Does the company have a disaster-recovery plan? Floods and fires not only devastate lives, they destroy businesses too. Make sure that a natural disaster won’t pull the rug from under your company.
10. Does the company have a data backup strategy that works? 60% of companies would go bankrupt in 48 hours if they lost their data. If you rely on services and information from a supplier, make sure they have up-to-date copies of your data stored offsite.