Business Continuity Management Advice for Employers ― COVID-19 (Coronavirus) Outbreak

To date, the number of worldwide documented cases of COVID-19 is more than 75,000, with the majority of the cases narrowed in the Hubei province of China. To try and control the infection rates, the government has implemented various social distancing policies which have intensely slowed business activities in the respective region. A lot of countries have started taking immediate actions, including travel restrictions and quarantine measures, in order to prevent any unexpected outbreak in their particular industries and jurisdictions.

According to the World Health Organization, common signs of infection include respiratory symptoms, fever, cough, and shortness of breath and breathing difficulties. In more severe cases, the infection can cause pneumonia, severe acute respiratory syndrome, kidney failure and even death.

As governments try to grapple the spread of the virus, the question that applies to organizations of all sizes is, how can they effectively respond to such a situation?

We are dealing with a threat to business operations or disruption of business. Since 2012 the ISO 22301 Business Continuity Management System standard, now in its revised version of 2019, describes requirements for implementing a management system to reduce the impact of disruptive events. This sleek requirements document is accompanied by a rich guidance document ISO 22313, which offers practical information on how to prepare for, respond to and recover from disruptions. The COVID-19 developments are unfolding at an accelerated pace and organizations may have a lot of gaps to cover in their Business Continuity Plan(s). Factors such as operational agility and employee morale are just some of the main points at play.

Organizations of all sizes have a very significant role to play during a virus outbreak, especially when it comes to implementing good practices and communicating hygiene protocol advice, personal protective equipment, as well as behavioral changes (i.e., properly washing hands, social distancing and avoiding handshaking in meetings).

Within organizations, the team responsible for the business continuity plan can use a variety of proactive strategies in order to try and take control of the virus outbreak within their organization.

Inverse Scenario?

First and foremost, an organization has to ensure that its management team, as well as the team leaders, are clear about the organization’s prioritized activities, key products and services, people, skills, and the minimum staff arrangements. These and similar information should be available in key documentation such as the business continuity policy, the business impact analysis, the business continuity strategies and the business continuity plans.

While business continuity, at first glance, appears to primarily deal with breakdowns or loss of physical resources (with staff being available), in this context we deal with an inverse scenario: the physical resources are available and are working, but the human “operators” are missing.

Staff might be unavailable due to several reasons. People might actually be sick, or are afraid of being infected, or just need to stay away from work due to responsibilities towards other family members (such as minors, next of kin, and elderly). These people might well be motivated to show up for work but feel an obligation that they have other priorities.

Another problem factor is commuting: if gas stations cannot supply their customers, or if public transportation has been affected or curtailed, showing up for work might be difficult.

The bottom line: organizations need to provide their key products and services with only a fraction of their normal staff, and there needs to be a business continuity plan for this scenario, possibly containing, but not limited to:

1. Employee absence preparation – Prepare for employee absences by knowing which employees are trained and can provide back-up for others who are infected. This necessitates prior cross skill training and an up-to-date list of “who can do what”.

2. Work policy modification – In such an instance, modifying work policies is recommended in order to have more flexibility in normal working conditions. Some of the modifications include:

• Expand working from home opportunities (including network connectivity, security, data protection, confidentiality, etc.), and make sure that there are enough configured hardware resources available
• Use video conferences and telephones (rather than face-to-face meetings)
• Try to reduce the number of people in the workplace through flexible working hours or rosters
• What workarounds, internally or externally, are available and realistic?
• Do some “make-or-buy” decisions need to be revised, envisaging supply chain disruptions?  Consider that suppliers might as well be affected.
• Customer demand for your products/services might decrease or increase
• Try to reduce/cancel activities which involve large groups of people
• Awareness programs on how to enhance personal hygiene

Administrative, Legislative, and Occupational Health & Safety (OHS) Regulations

Besides the abovementioned guidelines, there other administrative and occupational Health & Safety requirements and procedures that organizations call to follow as well:

1. Establish welfare policies – Establish welfare policies for your employees who display virus symptoms, have a relation with someone who is infected, or who have recently returned from travel or have been in contact with someone from the infected zone. Such policies may include the following:

• Compile protocols for those whose health is in question and want to come back to work
• Monitor who sits next to a person who has not turned up for work that day due to virus symptoms
• Create work protocols for those who have already had the virus and have recovered
• Create a protocol for employees who are currently at home but insist on coming to the workplace
• Create a protocol for visitors as well as suppliers (i.e., water contractor, cleaners)

2. Internal-support reinforcement – Reinforce internal support and welfare mechanisms in order to assist employees with health concerns.

3. Access to hygiene products – Make sure that your workplace has all the necessary supplies of hygiene products (disinfectant sprays, disinfectant wipes, etc.) in accessible and visible locations, and encourage the use of these products

4. Continuity strategy awareness – Confirm whether your team, customers, and suppliers are in line with the organizational pandemic plan, including alternate working arrangements, and make sure that each and every one of them knows their role.

Should You Be Planning for the Long Term?

Organizations ought to consider planning for an extended and uncertain period of time in which they will have to run on contingency measures due to a pandemic crisis. For the current outbreak, whose roots haven’t been properly researched, health agencies are in the midst of containment efforts, however, it is not clear how much time these initiatives will take to contain the virus outbreak or if these initiatives will be successful in preventing the virus spread at all.

Taking that into consideration, organizations must systematically examine how they will function under various scenarios with different percentages of operational capacity, expecting disruptions of the supply chain (see the ISO/TS 22318:2015).

It is highly recommended to follow best practices as laid down in the documents, in order to minimize to the impact of the current crisis on your organization.

ABOUT THE AUTHOR

Ardian Berisha is a Senior Product Marketing Manager for ISR at PECB. He is in charge of conducting market research while developing and providing information related to ISO standards. If you have any questions, please do not hesitate to contact him: marketing.ism@pecb.com.

CO–AUTHOR

Dr. Wolfgang Mahr has over 25 years of experience in consulting and project management in ICT and during the last 20 years has specialized in the field of Business Continuity Management. He is experienced in IT governance, information security, business management, marketing, account and product management, in professional education as an author of educational content and international public speaking.