Organizations worldwide have been reacting to the recent coronavirus outbreak, COVID-19, in a variety of ways, from restricting nonessential employee travel to canceling large conferences and events. The possibility of a pandemic has the potential to disrupt workforces, supply chains and economic activity in the months ahead. So, it is with a sense of urgency that prudent organizations review and update their business continuity plans to insure their operational resiliency.
A healthy and available workforce is any organization’s most valuable asset. A pandemic will incapacitate some employees and result in other employees being quarantined. This could result in a major disruption to normal operations, with potentially large numbers of employees working from home or remote locations.
To safeguard your staff and help ensure their continued productivity, it is important to establish a strategy that enables employees to continue to function without putting them at risk. Having a plan to isolate employees should the threat of possible infection arise is necessary. The plan should encompass policies and procedures to ensure that:
- Personnel can effectively work from home or a remote location;
- Your organization possesses the tools, technology, capacity, and security measures in place to support a large remote workforce;
- HR policies include that employees will not be personally impacted if they must be quarantined for an extended period and modify any policies as appropriate to give greater flexibility to normal working arrangements;
- Key employees and other staff members have received appropriate training to comprehensively cover their absence; and
- A communications plan that includes providing employees and other stakeholders with regular situation updates as well as actions taken.
In a global economy, virtually every organization is connected to or dependent upon others. You may not be directly affected by a pandemic but could be impacted if a vendor at a critical point in your supply chain is. Understanding your reliance on third parties is important. Are your suppliers, vendors and service providers prepared?
To protect your operations and ensure continuity of services or products to your customers, it is important that you map your dependencies to understand where disruptions might impact your value chains, review the preparedness of your critical third parties (suppliers, vendors, service providers, etc.); and identify single points of failure in your environment.
When assessing the impact of a disruption to your organization, it is essential to recognize the amount of time before the actual impact occurs. So, as you review and update your plans, you should also conduct walkthroughs and exercises. This is the best method for identifying gaps in your procedures and will give you the highest chance of successful execution. Active participants will become familiar with the goals and objectives of the plan and begin to use it as guidance rather than a prescriptive list of tasks to be followed without applying rational thought. Practicing the execution of your plan ensures all necessary parties understand their roles and responsibilities.
During preparedness reviews, you should also assess the tools used to maintain relevant information and assist in executing your plans. Old technologies and obsolete tools will put successful execution of even the best plans at risk. Identify any deficiencies in the tools available and create a comprehensive list of requirements that will enhance your ability to execute. The sooner you begin to upgrade your tool set, the sooner you will be able to reduce execution risk.
An organization’s ability to effectively respond to a disruption of its workforce or a critical third-party not only depends on how effective you were in the planning process, but also how effective you were with the tools you have and the training you implemented. The tools you use to communicate, maintain situational awareness, and provide current and accurate information will also have a major impact on the execution of the plan.
By investing now in the development, implementation and maintenance of a viable business continuity management (BCM) program, organizations can provide the most effective approach to restoring and resuming critical and essential functions and processes. And most importantly, provide a layer of protection for their most important assets: people, information, cash flow and reputation.
Testing & Checklists
Work with your HR department to review, test and update your pandemic plans against a realistic pandemic scenario. Create a variety of scenarios for your employees to test their skills, conduct relevant drills, identify plan gaps and rehearse team roles and responsibilities. Invariably, you might find things you can do better; you might even gain insights about improving day-to-day operations, too.
Infectious Disease Threat: Supplier/Third-Party Checklist
- In the event of an outbreak, does the supplier have documented Business Continuity and/or IT Disaster Recovery plans?
- Do the supplier’s plans identify critical business processes and their recovery priority?
- Does the supplier take into consideration assumed time frames for the outbreak and is it, therefore, planned for?
- If mission-critical business processes are affected, what are they and what is the expected recovery time?
- Do the supplier’s plans observe critical staff absenteeism over an extended period of time?
- Does the supplier’s plans account for interdependencies that are both internal and external to the organization?
- Do the plans address all the locations from which it provides services to your organization?
- Where is the supplier’s primary IT facility or data center located – in the same building or office complex occupied by its main business or operations staff?
- Does the supplier have other locations that can – or could – provide the goods or services currently being used by our organization?
The Litcom Approach
Business continuity (BCP) and disaster recovery plans (DRP) are used to prepare for potentially disruptive incidents and ensure that your business can minimize the negative effects of those events. Litcom can test your plan to ensure that an incident doesn’t turn into an avalanche of financial and reputational penalties. After understanding your unique business processes and technologies in place, our team will review the documented BCP and/or DRP for compliance with industry best practices and published standards. Litcom will then issue a report analyzing your BCP/DRP, identify gaps and offer guidance to remediate those gaps. Contact us today for more information.