Contractor's obligation to provide the client with BIA/BCRA

Please note that the provision of Business Impact Analysis / Business Continuity Risk Assessment needs to be considered in the contract or service agreement you have with this supplier because this way in case they do not provide the documents you can have legal means to enforce compliance. Anything out of the contract or service agreement must be negotiated with the supplier.

Considering that, to see a material with examples of applicable legal clauses to contracts that you can use as a basis to make your questionnaire for performance review, please access this template demo (although it is about ISO 27001, it also can be applied to business continuity): https://advisera.com/27001academy/documentation/security-clauses-for-suppliers-and-partners/

These articles will provide you a further explanation about supplier management:

• 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
  Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/

These materials will also help you regarding supplier management:

• ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
• Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/