Business continuity planning: Conduct a critical vendor review

Emerging state and federal laws require that companies in nearly every industry implement a disaster recovery or business continuity plan. This holds especially true for companies engaged in health care, insurance, financial service, and other highly regulated sectors. In addition to regulatory mandates, sound business judgment encourages that companies prepare a “Plan B” for their operations to respond to unforeseen events.

Critical vendors

When considering continuity planning, many companies mistakenly limit their plan to cover continuation of business during natural disasters – such as floods, hurricanes, and other weather-related events. This approach is too narrow and misses one of the most likely causes of business disruption: namely, the demise of a company’s critical vendor. The loss of a critical vendor may result in significant loss or downtime to a business.

Consider, for example, the impact on a company if its key source for materials or component parts goes out of business or terminates its agreement with the company. Similarly, consider the impact if a critical software vendor terminates a company’s license to use the software through which it runs financial and accounting operations. During uncertain economic times, companies are well advised to conduct a legal review of their most critical vendors annually.

The process

  1. Review existing vendor relationships and determine which are mission critical. These should be vendors whose products or services are not readily attainable in the marketplace. These might also be vendors for whom it would take significant time and resources to transition to an alternate source. Focus on an initial number of vendors that is manageable. Five to 10 vendors is a good start.
  2. After compiling the list, perform financial due diligence on each vendor and obtain financial statements from each. Pay particular attention to vendors that are privately owned. If they are unable or unwilling to provide financial statements (preferably audited), consider whether there are other assurances such as bonds, letters of credit, or guarantees that should be requested. Require annual financial statements from each or quarterly statements from vendors that exhibit less financial stability.
  3. Prepare a checklist of key contractual terms that should be in each contract with key vendors. For example, the checklist should include an action item to confirm that a vendor does not have the right to terminate its agreement for convenience or without notice. It would not be unusual for the checklist to contain up to 50 key points to review in a vendor contract.
  4. Using the prepared checklist, review each of the existing agreements between the company and mission-critical vendors. Highlight those areas in which the company has not adequately protected itself by contract. Consider whether to initiate negotiations with the vendor to amend the existing contract, or to postpone negotiations until the next contract renewal.
  5. Review existing standard form agreements to ensure that they contain the protections identified in the checklist. These standard form agreements may take the form of purchase orders, quotations, terms and conditions of sale, master service agreements, and the like. This will help to ensure that new vendor engagements include the company’s standard protections going forward.
  6. Conduct a review of the company’s existing insurance program to determine whether adequate coverage is in place in the event of a business disruption. The insurance agency can provide further guidance on insurance requirements to place in vendor agreements.


Not only is business continuity planning required by law in many cases, it is also a sound business practice to help ensure the uninterrupted operation of a business. The demise of a critical vendor is one such event that may result in significant loss or downtime. Companies should conduct an annual review of critical vendors. The review should focus on confirming that the vendor is financially stable and that there are adequate protections in the agreement with the vendor.

Attorney Andrew J. Schlidt is a shareholder with the law firm Whyte Hirschboeck Dudek, where he is co-chair of the firm's Corporate Practice Group and is leader of the Technology Law team.

Sign up for the free IB Update – your weekly resource for local business news, analysis, voices, and the names you need to know. Click hereIf you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.