Business Continuity
Last editedJan 20201 min read
A list of suggested questions to ask your Direct Debit provider about their Business Continuity Plan (BCP).
You should include a section in your RFP asking your payments provider about their Business Continuity Plan (BCP).
Suggested questions to ask include:
| Question | Explanation | |
|---|---|---|
| 1. | Do you have a Business Continuity Plan (BCP)? If so, please attach to this RFP. If not, please explain your processes around Business Continuity, i.e. procedures for recovery from a partial or total loss of your services due to a technical failure. | A BCP is a step-by-step explanation of what the process is for restoring data and availability of the service after any adverse event, both major and minor. It should explain the exact steps taken, resolution times, and key risks - in particular, how much data would be lost in a major event. |
| 2. | How frequently do you create data backups? | These should be as close to real-time as possible to minimise potential data loss. |
| 3. | For how long are these backups retained? | |
| 4. | Where are these backups stored? | |
| 5. | How are backups secured? | |
| 6. | In a disaster event, how long would it take you to restore the system from these backups? Would any data be lost, and if so, how much? | Naturally, you should be looking for an answer as soon as possible and no data loss. 2-4 hours is a good answer here. |
| 7. | How are employees kept aware of the BCP? | This should be a quarterly/semi-annual review with the person in charge. |
| 8. | How frequently is the BCP reviewed and how do you ensure that it is kept up to date? | This should be quarterly/semi-annually reviewed by a senior team member. |
| 9. | Who has responsibility for deciding to invoke the BCP? | This is usually the Head of IT/Engineering or Security. |
| 10. | When was your BCP last tested? Describe how testing took place. | The organisation should have simulated a disaster event to ensure all steps of the process work. |
| 11. | Describe your review process in the event of a disaster that required the BCP to be invoked. | The organisation should perform a retrospective and take specific actions to improve the process in case of future adverse events. |
Our sample RFP includes all of the questions above and more. You can download it here and use it as a template for creating your own.
Note: The questions suggested on this page are intended as a starting place for writing your own RFP. They're provided for general information only: they're not intended to be prescriptive or to provide legal advice. We suggest working closely with your management to develop an RFP that is tailored towards the specific requirements of your business.
