Business Continuity Plan Agreement

If your or your suppliers` BC/DR plan is defective, use the mechanism in your agreement to request updates or supplements to your plan. In addition to correcting deficiencies with the above, you should also ask what is specific to viruses or pandemics: Backup Facility Agreements and Security. For the duration of this agreement, [PARTY A] retains contracts and/or agreements that are essentially equivalent to those currently in force. [PARTY A] ensures that all data processors adhere to no less than the data security and protection standards in this agreement. There is no longer a critical time to check your supplier`s and supplier`s BC/DR plans. If you do not respond during this pandemic, your employees and customers – ultimately – and especially your employees and customers – may be put at risk. Smith, R. (1995), “Business Continuity planning and service level agreements,” Information Management – Computer Security, Vol. Ultimately, PCO should indicate how a business will continue to operate, regardless of disruptions caused by critical system failures, virus attacks, natural disasters or loss of access to the organization`s core infrastructure or supply chain impact.

A PCO is a strategy, tactics and scenario plan that involves dealing with an event or crisis like the one we have today. Before entering into a contract with a critical supplier, assess the status of the continuation of the activities. Ask for a copy of the business continuity plan for the products or services they provide and consider the workarounds they wish to implement if they lose an important resource to ensure that this bypass actually works and that products or services are resumed during your restoration period (as identified in the business impact analysis). The current state of affairs will undoubtedly result in many businesses needing more than just one PCO. Anticipating potential exit strategies, including the most pessimistic scenario of bankruptcy, requires in-depth knowledge of a company`s critical assets and agreements, IP, data protection practices and other key aspects. Companies that have undergone an “exercise” PCO will undoubtedly be in a better position for the best possible exit, because they have taken the time to assess the global activities, strengths and weaknesses of organizations. However, companies that go further and use the information gathered during the preparation of PCO to address other legal and other issues that may prevent exit will be even better placed. With the example of privacy and security, an organization`s data protection practices will not be an integral part of a PCO, but these practices will undoubtedly be reviewed in the event of a sale, even in the event of bankruptcy. Today, one of a company`s most valuable assets is the personal data it has collected from its customers or end-users – often more than all of its hardware assets. But when a company becomes a debtor, the sale of personal data can be a problem. Section 363 (b) of the U.S.

Banking Corruption Code provides that a debtor who has a data protection policy that prohibits (or does not disclose) the transfer of personal data, that the debtor is entitled to sell or transfer this information to third parties), cannot sell or lease this information unless the sale or lease is in accordance with the terms of the Data Protection Directive or (2) after the appointment of a Consumer Protection Ombudsman (CPO), the court finds, after proper consideration of the facts, circumstances and conditions, that the sale or lease would be contrary to the right of non-competition.