By: Leticia Saiid (Security+)
Publication: VACB (Virginia Association of Community Banks)The Community Banker, Winter 2019
Do you have outsourced technology services? If so, are you getting a copy of their business continuity plans? More importantly, do you know what you're looking for when you review them? Due diligence document gathering and reviewing is a critical part of outsourcing. While the service is provided by another company, your institution still maintains responsibility, and ultimate accountability, to your customers. That's where due diligence documents come into play.
First, what is an outsourced technology service? This is a service that provides technology solutions for your bank. This doesn't necessarily include all vendors who use technology to deliver their service to you, but instead those providing solutions to your technology needs. Ask this question to help determine if something is a technology service, "Would the bank be significantly affected if the vendor's services were temporarily unavailable?" I take "significantly affected" to mean: irreparable damage to the bottom line or customer confidence due to service disruption from any cause. Only if the answer to this question is yes are you likely looking at an outsourced technology service.