Skip to content
Go to GoCardless homepage
Pricing
LoginSign up
BreadcrumbResourcesDirect Debit RFP Guide

Business Continuity

A list of suggested questions to ask your Direct Debit provider about their Business Continuity Plan (BCP).

You should include a section in your RFP asking your payments provider about their Business Continuity Plan (BCP).

Suggested questions to ask include:

Question Explanation
1. Do you have a Business Continuity Plan (BCP)? If so, please attach to this RFP. If not, please explain your processes around Business Continuity, i.e. procedures for recovery from a partial or total loss of your services due to a technical failure. A BCP is a step-by-step explanation of what the process is for restoring data and availability of the service after any adverse event, both major and minor. It should explain the exact steps taken, resolution times, and key risks - in particular, how much data would be lost in a major event.
2. How frequently do you create data backups? These should be as close to real-time as possible to minimise potential data loss.
3. For how long are these backups retained?
4. Where are these backups stored?
5. How are backups secured?
6. In a disaster event, how long would it take you to restore the system from these backups? Would any data be lost, and if so, how much? Naturally, you should be looking for an answer as soon as possible and no data loss. 2-4 hours is a good answer here.
7. How are employees kept aware of the BCP? This should be a quarterly/semi-annual review with the person in charge.
8. How frequently is the BCP reviewed and how do you ensure that it is kept up to date? This should be quarterly/semi-annually reviewed by a senior team member.
9. Who has responsibility for deciding to invoke the BCP? This is usually the Head of IT/Engineering or Security.
10. When was your BCP last tested? Describe how testing took place. The organisation should have simulated a disaster event to ensure all steps of the process work.
11. Describe your review process in the event of a disaster that required the BCP to be invoked. The organisation should perform a retrospective and take specific actions to improve the process in case of future adverse events.

Our sample RFP includes all of the questions above and more. You can download it here and use it as a template for creating your own.

Note: The questions suggested on this page are intended as a starting place for writing your own RFP. They're provided for general information only: they're not intended to be prescriptive or to provide legal advice. We suggest working closely with your management to develop an RFP that is tailored towards the specific requirements of your business.

GoCardless makes it easy to collect recurring payments

Sign upContact sales

PreviousIT & Data Security

Interested in automating the way you get paid? GoCardless can help

Contact sales

Contact Us

Sales

Contact sales

+44 20 8338 9539

Support

Request support

+44 20 8338 9540

Seen 'GoCardless Ltd' on your bank statement? Learn more

GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom

GoCardless (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services. GoCardless SAS (23-25 Avenue Mac-Mahon, Paris, 75017, France), an affiliate of GoCardless Ltd (company registration number 834 422 180, R.C.S. PARIS), is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services.