“We must evaluate the impact of the discontinued service and look for alternatives based on that assessment,” she says, adding she’s been in situations like this before. “In one case, it was a supplier of an application that managed a crucial activity with hospitals, which maintained support until we managed to migrate to another platform. In another, an external data center was dismantled after being acquired by another company. We had another data center from a different provider, which allowed us to move the entire infrastructure to this second one, thus minimizing the impact on our operation.”
García’s response to these challenges includes some of the basic actions when there’s disruption to the supply of IT resources: looking for an alternative as quickly as possible, and maintaining a supplier strategy that’s not limited to a single company. del Poyo also stresses the importance of organization, acting quickly, and practicing interdepartmental collaboration to identify and prioritize the critical needs of the company and its end users. “The ultimate goal must be to ensure that any interruption of services provided is minimal and short-lived so consequences arising from a potential breach of contract are few or very limited,” he says. This will help to not only mitigate immediate risks, but strengthen long-term resilience.
It may happen that sensitive information is affected in this process, so it’s crucial that client companies agree on measures to protect these assets during the execution of the contract. “If data is lost or compromised due to a breach attributable to the supplier, the consequences can be serious and of very diverse scope both in contractual and regulatory matters,” says del Poyo. He recalls the obligations imposed by the GDPR when dealing with personal data, which make it essential to establish both preventive measures and robust response plans. The consequences of poor management can range from interruption of business operations and loss of critical information, to financial losses derived from the effects on the company’s reputation. “Moreover, the mere activity of recovering lost data can be very costly in terms of time and money,” he says.