Operational resilience was brought suddenly to the foreground in the wake of the COVID pandemic. Since then, a considerable amount of legislation has been published or revised to make expectations clear that organizations should prioritize operational resilience and consider business continuity.
Despite worldwide regulatory and governmental focus, in the past year businesses have faced wide-scale technological outages that have exposed unanticipated vulnerabilities and led to operational havoc across industries. With operational resilience now top of mind for firms – many of whom are now reconsidering their third-party solution providers – we’ve provided a quick guide to essential, high-level considerations.
Notable outages to date
Tech stack issues or outages are part of the day-to-day of business, and many low-impact events never make the news. However, over the past year, notable instances with far-reaching consequences have included:
- July 2024: CrowdStrike IT outage caused 8.5 million Microsoft Windows devices to become inoperable – the “largest IT outage in history”
- October 2025: Amazon Web Services (AWS) outage saw 2,000 organizations affected by a serious and sustained outage of AWS Cloud Services
- October 2025: Microsoft Azure outage saw organizations lose access to Microsoft 365, with users like Natwest and Heathrow Airport affected
- December 2025: Cloudflare reported that its network was experiencing “significant failures” affecting thousands of organizations globally
- December 2025: Microsoft Copilot outage prevented EU-based users from accessing the AI-powered digital assistant
Key questions to ask your technology vendor
Often, your third-party vendors will rely on other parties to deliver their technological solutions. This can mean that, in the event of a worst-case scenario like the AWS outage, vital tools like recordkeeping solutions or surveillance tools might be inaccessible.
The chain of reliance on these third parties can be unclear, causing confusion and administrative burdens when systems go dark. In the wake of continued outages, firms should consider asking the following fundamental questions when talking to current vendors or conducting due diligence on a new provider.
- How is a vendor delivering that service?
- Will they use a web of other third parties?
- If so, what do these third parties deliver? Are any critical components dependent on these vendors?
It’s important to request documentation of any third-party dependencies your vendor might have, especially if they deliver critical services.
- What do their business continuity plans and disaster recovery plans look like?
- How often are these tested? And how stringently?
- What is their cloud dependency – could they survive a regional or service-level outage?
- Which cloud providers are being used specifically (down to a regional level)?
- Are any critical components dependent on this service? If yes, how do they plan to mitigate outage risk?
- Understand their operational maturity and experience in responding to disruptions
- Do they have an incident response plan? How are they monitoring for outages? Is there a communications protocol in the event of outages or disruption?
- Could they provide a list of outages over the last few years?
- What does their data resilience look like in the event of an outage?
- Is there a backup or redundancy?
- Where is your data stored – in what jurisdiction?
- Future state – are they planning any activity which could affect their service or continuity i.e. acquisition, mergers, investment?
Where possible, request tangible examples and testimonials. Plans are useful, but demonstrable experience is critical.
How Global Relay delivers operationally resilient technology
Global Relay is uniquely positioned as a solution provider that is seldom affected by the outages and downtime of large cloud or infrastructure providers. Our architecture, our experience, and the overall foundation of our company means we are operationally resilient, can ensure business continuity, and have complete control of both your data and our technology stack.
There are five key components that set Global Relay apart as an operationally resilient technology vendor:
1. We build, not buy
We build all our technology from the ground up. Unlike other vendors – who often leverage a stitched-together web of acquired solutions to deliver an ‘end-to-end’ offering – we’ve built everything from scratch.
This means that all our products, from the Archive to the Global Relay App to Surveillance and the cloud that hosts our services, were all built in-house and seamlessly interlink by design. Not only does this mitigate the risk of data outages as data passes from, for instance, recordkeeping to surveillance, it also means we have complete control over our products.
In the rare event of an outage, we would understand where that outage has occurred and have the power to fix it – reducing downtime and administrative burden.
2. We’ve unmatched experience in data handling
Global Relay is over 25 years old. We’ve built our product over many years and have innovated and adapted to meet changing regulatory environments, economic turbulence, technological change, and the needs of our users. We have future-focused technology, founded on reputation, experience, and trust. So much so that we preserve and manage the communications data of most of the world’s largest banks and 20,000 partners across multiple industries.
This legacy means numerous things, not least that we have the experience and know-how to manage your data. From the 2008 financial crisis to the COVID pandemic, and myriad geopolitical events – we’ve securely and robustly protected our client’s data and will continue to do so.
3. We’re privately founded, owned, and run
It’s not uncommon in the technology space for firms to acquire other firms or take investment from private equity. Every approach is different and can bring both risk and reward. However, acquisitions and investment often lead to service interruption, loss of service quality, or – in some instances – service blackouts.
Global Relay is privately founded and owned. We don’t rely on investment from others, and we won’t suddenly disappear or pause our service due to a merger or takeover. This means we can deliver unwavering, exceptional service that isn’t at the whim of events outside of our control.
4. We deliver 24/7/365 support
It’s easy to treat customer service as an afterthought or necessary industry “buzzword” to include on a website. But good customer service is essential – especially when things go wrong.
Customer service is at the core of what we provide. Not only will we help you implement our solution, and train your teams to use it, we’ll be here constantly in the event that you need assistance. If operationally disruptive events occur – we’re here to support you.
By ‘we’, we mean real humans who are experts in their field and can deliver truly valuable outcomes – not AI chatbots, automated responses, or untrained individuals.
5. We constantly check our services to ensure they’re operationally resilient
We often hear horror stories of instances where firms have failed to notice significant performance outages or gaps in the data lifecycle because their third-party vendor didn’t flag a problem.
At Global Relay, our unique Constant Integrity Checking (CIC) process guarantees every bit and byte of data we store for our customers is “true, accurate, and complete” – as required to meet multiple regulations around data completeness, including FINRA Rule 4511. In the event of any outage, gap, or suspicious activity, we’re able to spot it and report it – before it becomes a potential regulatory issue.
As firms across the globe continue to contend with outages, and the impacts of these outages grow, Global Relay prioritizes ensuring we remain operational, secure, and reliable. If you’re uncertain about the operational resilience or effectiveness of your technology vendor, get in touch.
