Vendor failure drill packet
Make vendor risk real. Make your first moves predictable.
Designed for a 60 to 90 minute drill. Also reusable during a real event.
No spam. Unsubscribe anytime. We will email the packet plus a short set of follow-ups on decision readiness.
Map the dependency chain and blast radius before the vendor breaks.
Escalate in minutes, not hours, with clear triggers and timing rules.
Keep customer messaging consistent and time based, without over promises.
Why this packet exists
Vendors reliant businesses do not fail because they lack vendors. They fail because nobody mapped the dependency chain, the escalation path, and the customer messaging constraints before the vendor breaks.
This packet forces clarity on what matters. Who to call. What to ask. When to notify. What not to say.
What's inside
Board Level Flag Criteria
A simple way to determine when a vendor issue becomes a board or audit risk chair event.
Vendor Dependency Map Worksheet
Pick one critical vendor and map the blast radius across processes, systems, data, failure impact, and max downtime.
Notification and Escalation triggers
A first 30 minutes guide that prevents slow motion. Includes when to escalate to exec sponsor, legal, comms, and the board.
Vendor Incident Intake Script
A tight set of questions for the first 10 minutes so you get answers in writing and stop improvising.
Customer Messaging Guardrails
What you can say early. What you should not say. Approval rules and commitment rules that keep you from making it worse.
Packet preview
Here is what you will use in the room. It is built for speed and discipline.
The Dependency Map Table
One row per integration so you can see what breaks first, who feels it first, and whether a workaround exists.
The Escalation Triggers Page
A checklist that tells you when to pull in execs, legal, comms, and the board, plus time rules for updates.
The exact questions to ask in the first 10 minutes. Then deeper questions if it is a security issue, an outage, or the vendor is vague.
The Vendor Call Script
Who is this for
Best for
COO or exec sponsor
CISO, security, incident response
IT ops and reliability
General counsel, privacy, compliance
Comms lead and customer support lead
Vendor management and procurement
Best when
Your product is built on third parties you do not control
Vendor incidents turn into internal confusion and delayed comms
You need board level thresholds that are explicit, not emotional
You want a repeatable way to prove improvement after each drill
How to use it in 60 to 90 minutes
First 10 minutes - Pick the vendor and failure type. Assign roles. Start the clock. Use the escalation triggers.
Next 20 minutes - Fill the dependency map. Run the vendor intake script. Decide customer messaging posture and cadence.
Next 30 minutes - Identify the top 3 decision bottlenecks. Draft the first customer message and a board heads up. Capture changes shipped with owners and dates.
Quick FAQs
Is This Only For Outages?
No. It covers outages, degradation, suspected vendor security incidents, data integrity issues, and third party compromise that impacts your environment.
What Makes This Different From A Tabletop Deck?
This is an executable packet. It gives you worksheets, scripts, triggers, and messaging rules you can reuse during a real event.
What Should We Promise Customers?
Only what you control. Give time based updates, not outcome guarantees. Do not speculate. Do not over promise.
What Does The Board Want To See?
Which vendors are still single points of failure. How fast you can reach a real human at the vendor. What you changed since the last drill, with evidence.
Want vendor failures to feel boring, not chaotic
Run one drill. Map the blast radius. Set escalation triggers. Lock in messaging guardrails. Then prove what changed.
