Preparing for the Coronavirus: Business Survival PlanningBy Melissa Ouari | March 3, 2020
As the coronavirus continues to spread, businesses are struggling to keep their employees safe and healthy while minimizing disruptions due to workforce shortages, travel bans and the inability to rely on products and services they use as part of their daily operations.
Many organizations have made great strides in technology recovery capabilities since there is so much reliance on computer systems and networks, but can your business survive if there are impacts to your people and the supply chain that your business relies upon? Even in the initial state of the coronavirus outbreak, 94% of the Fortune 1000 companies are experiencing disruptions in their businesses. Companies like Apple that rely on manufacturing facilities in China for product sourcing are taking a big hit.
Although we have not reached “panic levels,” community exposure cases of the virus have apparently been identified in the United States (i.e., the virus was acquired even though the infected person had not traveled or come into contact with someone already infected with the virus). As a result, organizations, especially those in densely populated areas, will have to consider how their people will work if they are afraid of traveling to and from the office and must understand why they need to incorporate pandemic planning into their business continuity efforts to address situations like the coronavirus. This article will highlight the key components around people, process and technology that need to be considered to reduce the risk of a business shutdown.
Today’s business landscape is one with interrelated and interdependent systems and processes, and the coronavirus is already having a significant impact on the global economy. A pandemic typically begins with a shortage of people due to illness and employees staying home to prevent exposure. Because of this, business operations and processes are hindered by the lack of or reduced interaction with customers/clients, onsite collaboration, data processing and business travel.
Since pandemics have far-reaching global impact and are not localized incidents, organizations must understand the potential external risks and their impact should supply chains and key third-party vendors, suppliers and business partners also have disruptions. During a pandemic, It is necessary for organizations to think through the right course of action that addresses people, processes and technology. Having a business continuity plan is a good start, but a pandemic presents some unique constraints that are not common in other disaster scenarios.
The most immediate apparent impact during a pandemic is the people shortage. Pandemic planning begins with building robust communication procedures and alternatives. Effective internal and external communication is crucial at any time but increases during a personnel shortage. As a next step, business continuity plans need to be enhanced and specifically tailored to the various personnel shortage scenarios. This may include cross-training strategies to offload work for people who are not available, use of temporary staff and coordination with staff who are working remotely. In conjunction with this, organization workflow, as well as the roles and responsibilities for primary and backup support personnel, must be addressed.
Human Resources plays a key ongoing role in the communication efforts and should set protocols around attendance such as requiring employees to stay home if they are sick. Decisions should be made about what happens if extensive sick time is needed--i.e., if the maximum paid sick time is reached. These considerations need to be addressed and communicated.
A pandemic has the potential to handicap business operations and even bring them to a halt. Organizations need to identify the key components supporting business processes, including dependency on third-party vendors, suppliers and business partners. You must know your suppliers and understand any critical vulnerabilities, and it is important to assess and prioritize these dependencies so that contingencies can be put into place if they are truly critical to the organization. Strategies or workarounds can then be developed for continuation of the business process.
Although it may not be immediately apparent, technology, too, can be impactful in many ways. Many organizations today may acknowledge that employees work from home/remotely from time to time. However, if you have a significant number from your workforce working remotely at the same time, it may result in extensively larger remote connectivity traffic than normal. The company’s access points to the Internet, capacity on interfaces and security mechanisms need to be addressed, to name a few. What happens if your vendors supporting your networks and telecommunications experience capacity issues because of the extensive number of resources on the system?
Even in the world of virtual technology, human intervention and support is required if there are job errors or configuration needs. If IT support resources are unavailable, systems could potentially be impacted. This also holds true of cloud technology. If your cloud provider is experiencing people issues because of a widespread pandemic, your systems may be impacted.
We cannot predict the spread of the coronavirus and how bad it could potentially be. There is growing concern that a pandemic may ensue, and the World Health Organization recommends completing plans to address this possibility. The ability to address people, process and technology issues that may arise because of a pandemic will enable your organization to survive even in the worst-case scenarios.
About Melissa Ouari
Melissa Ouari, CISA, CBCP, is a Senior Manager in the Technology Services Group at Marks Paneth. To this role, she brings more than 20 years of experience in accounting and information technology. Working with clients in an array of industries, Ms. Ouari specializes in IT risk assessment and management as well as IT audits and application level reviews. She is a Certified Information System Auditor (CISA) and Certified Business Continuity Planner (CBCP) and has led numerous... READ MORE +