It is likely that on September 11th, 2001 most organizations did not have a recovery plan strategy or specific procedures regarding large commercial aircraft crashing into their facilities. Similarly, many organizations today did not likely have a plan for the hazard potential of a worldwide COVID-19 pandemic which has shut down the economies and disrupted supply chains of nearly every country on the globe. This has never happened like this before. Who knows what the next unknown hazard will look like?
Many experts recommend that organizations adopt an “all-hazards” planning approach. This involves performing a detailed risk assessment of all potential hazards that can possibly affect the organization, and then develop mitigations, planning strategies, and perform testing exercises based on these prioritized hazards . These potential hazards are defined by certain categories, such as Natural Disasters, Human-caused Events, or Technical Disruptions. For each potential hazard, one should determine the rating for each based on the following risk factors:
Probability of Occurrence (Likelihood the threat will materialize)
Loss Impact (Direct impact due to the loss of the function)
Consequence (Downstream losses as a result of the realized threat)
Exposure (the passive, inherent factors contributing to vulnerability)
Level of Control (the active, controllable variables to offset vulnerability, e.g. – the Fire Suppression system)
In order to be complete in this assessment, it is also important to understand and consider the other side of the all-hazards planning approach, which is to identify and address all the “asset-types” for the organization that can be impacted by these potential hazards. What are the key assets to the organization, and how can the potential hazards affect these different asset types? In many cases, organizational assets can include: Facilities, Personnel, IT/Infrastructure, and Data/Records. So now, as an example you can develop planning strategies to account for all the “loss of facility” scenarios, whether the cause is fire, flooding, tornado, earthquake, train derailment, or other.
Another often missed element is regarding the asset of Image/Reputation where certain hazards can affect and impact the organizational Brand value in the marketplace. Consider that a single Asset can have one or many identified threats, and likewise multiple asset types can be affected by a single common threat.
In summary, a comprehensive Enterprise Risk Management strategy will identify all the potential Hazards that can affect the organization, then rank and prioritize these for the different Asset Types that are identified for the organization, and finally employ mitigation strategies, effective planning approaches and testing/exercising to bring the organization into even greater resilience.
For more detailed information about how to better prepare your organization with an All Hazards Risk Assessment, effective BC/DR Planning tools, or to schedule a tabletop exercise with our Certified Business Continuity Professionals, please contact us via:
The contact form using the link at the top of this page
The recent executive order from the White House requires that all Federal Information Systems should meet or exceed specific standards and requirements for cybersecurity. Do your critical cloud-service solutions meet these modernized cybersecurity requirements?
The Federal Government is moving towards adoption of security best practices towards a “Zero Trust Architecture” which will accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
Among these detailed requirements include standards, procedures, or criteria regarding encryption for data and establishment of multi-factor, risk-based authentication and conditional access across the enterprise.
What is your level of confidence that your organization can meet these modernized standards and could successfully prevent or recover from a security breach?
BC/DR planning tools can assist you and provide an effective foundation to build, plan, document, test, train, mature and continuously improve your organizational resiliency.
For more information about how to better prepare your organization with effective BC/DR Planning tools, or to schedule a tabletop exercise with our Certified Business Continuity Professionals, please contact us via:
The contact form using the link at the top of this page
FEMA has developed a Fact Sheet regarding General Reconstitution Planning Considerations which can be used to develop and coordinate a plan to resume operations. Some of the content includes how organizations should assess the status of personnel, assets and facilities, pandemic planning mitigation measures, as well as financial and insurance considerations.
************************************************
FEMA FACT SHEET
Reconstitution During the COVID-19 Pandemic
In these uncertain times, organizations across the nation are grappling with when and how to resume operations while protecting the well-being and safety of their employees and communities. Many organizations will be returning to a new normal and are asking: When is it safe to bring people back? Do we need to modify how we operate? How do we keep our employees, customers and community safe? How do we maintain a safe and sanitary environment?
An organization may need to adapt and adopt new processes, address physical and psychological impacts to personnel, recover records and files, reestablish communications and IT equipment, or acquire specialized equipment to regain full functionality. Planning for reconstitution requires expertise and coordination from the entire organization and coordination with partners and stakeholders throughout the community.
This fact sheet builds upon the White House guidelines for Opening Up America Again by providing further reconstitution planning recommendations for state, local, tribal, territorial and private sector stakeholders.
General Reconstitution Planning Considerations
Identifying reconstitution considerations assists organizations to develop and coordinate a plan to resume operations. Organizations should determine how to assess the status of personnel, assets and facilities. Organizations should:
Begin now by developing a plan and procedures for how operations will be resumed. Organizations may need to consider a time-phased approach to prepare a facility to be reoccupied. Offices, functions and returning personnel may need to be prioritized or work in staggered shifts.
Communicate with employees and inform them of the process for returning to work. Consider providing online training and guidance for employees before returning.
Coordinate with partners and stakeholders. Determine what methods will be used to inform employees, customers, vendors and stakeholders that operations are being resumed.
Identify and implement additional facility maintenance tasks necessary to safely reopen closed buildings.
Address physical and psychological impacts to personnel through employee and family support plans and other human resource measures.
Develop an after-action report/improvement plan to note lessons learned and improve plans.
FEMA’s National Continuity Programs offers additional continuity of operations and reconstitution planning guidance and resources, including:
Organizations should abide by emergency orders, applicable statutes, and public health guidelines and prioritize employee and community safety and well-being. Refer to the Centers for Disease Control and Prevention (CDC) for COVID-19 guidance and protective measures.
Measures an organization may need to consider include:
Prepare for a resurgence or additional “waves” of the virus and identify mitigation measures.
Continue utilization of telework and other workforce flexibilities. Telework.gov provides telework guidance and resources for the Federal government and may be helpful to others.
Incorporate social distancing measures, including limiting building capacities, staggering shifts, closing common areas, rotating “office days” for shared offices, installing physical barriers, and limiting non-essential travel.
Allow high-risk/vulnerable individuals additional flexibility or continue isolation without repercussions.
Acquire cleaning supplies, masks/face coverings and gloves, and implement personal protective policies or measures (handwashing, hand sanitizer, etc.) to limit the spread of the virus and protect employees and customers.
Conduct health screenings to monitor employee wellness and prevent further infections and develop or revise human resource policies to detail processes for sick employees or family members, as well as those exposed to the virus or showing symptoms.
Intensify cleaning, sanitizing, disinfection and ventilation activities according to CDC and the Occupational Safety and Health Administration (OSHA) guidance:
State, Local, Tribal and Territorial (SLTT) Government Considerations
SLTT and insular area governments play a critical role in involving the whole community in preparing for the resumption of governmental and private sector functions and recovering from a health and economic crisis. The White House Opening Up America Again guidelines establish three phases and gating guidelines to assist SLTT governments in their decision-making processes. SLTT governments will need to continue to coordinate with businesses, industry and critical infrastructure owners and operators to determine resource requirements and how supply chain disruptions affect resource management efforts. Additional considerations include:
Public health infrastructure: Plan for continued virus testing, reporting, and contact tracing efforts and monitoring public health and healthcare system(s) capacity for a resurgence.
Schools: Develop plans and policies for training and resource support for intermittent E-learning. The U.S. Department of Education offers COVID-19 guidance and resources: www.ed.gov/coronavirus
Public Transportation: Develop plans for ensuring public health while providing public transportation. Refer to the U.S. Department of Transportation COVID-19 resource page: www.transportation.gov/coronavirus
Critical Infrastructure: The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) offers guidance and resources for critical infrastructure owners and operators: www.cisa.gov/coronavirus
Intergovernmental Coordination: Coordinate across all branches of government (legislative, judicial, executive) and with neighboring jurisdictions to discuss planning, response and mitigation efforts.
Restarting a business may be challenging, and an organization’s reconstitution plan may need to balance health and financial concerns. Customers will need to feel safe enough to venture out. Organizations will be more likely to succeed if they take serious preventive measures and can demonstrate that they are safe. Organizations should keep up to date with federal, state and local mitigation recommendations, and clearly communicate these updates and measures with employees and stakeholders. Additional private sector considerations include:
Consider applying for a disaster loan. The Small Business Administration (SBA) offers disaster assistance in the form of low-interest loans to businesses, renters, and homeowners: www.sba.gov/disaster-assistance/coronavirus-covid-19.
Contact customers, vendors and suppliers to determine demand or potential supply issues.
Review insurance policies to determine eligibility for coverage of business interruption or loss.
Establish online commerce platforms, train staff to operate in an e-commerce environment, and adjust business models for a new economy.
Questions to Consider When Reconstituting Operations
People
Who will be responsible for COVID-19 issues and how they impact our workplace(s)?
Are our human resources policies and processes consistent with public health recommendations and federal/state statutes?
Have we established a priority order of return?
Do new policies regarding sick leave, scheduling, control measures, etc. need to be established and/or continued?
How do we determine employee status and their availability to return?
Have employees been exposed to COVID-19?
How can we protect employees?
Can alternate work arrangements be established for at-risk employees?
Will there be new requirements for returning to work (e.g., employees must be symptom-free)?
How will hiring be conducted?
Have we accounted for a possible resurgence of COVID-19 within our workforce and the community?
Do we have a plan if stricter social distancing policies are enacted?
Can training be conducted virtually, including new hire and new health and safety requirements?
What is the status of childcare and dependent care services to support employees returning to work?
Messaging/Communications
How and what are we messaging/communicating with our employees, stakeholders, vendors, and customers?
What considerations need to be communicated to employees prior to reopening?
Health and safety measures?
Change in schedule or shifts?
Employee status?
Priority/phased opening?
Requirements for returning to work?
How frequently will messages be disseminated?
What should employees expect when they return to work?
How would we conduct employee accountability?
What should customers/stakeholders expect when we reopen?
Have we coordinated with contractors or vendors about their plans to reopen or how our reopening will impact them?
Facilities
Who is responsible for ensuring our facilities meet the necessary safety and health guidelines to reopen?
Have we established a priority order for opening multiple facilities or business locations?
Have we identified the health and safety requirements outlined by CDC, HHS, OSHA, etc. specific to our organization?
Can our facilities accommodate any necessary social distancing requirements?
What health and safety assessments need to occur before we can re-enter our primary location?
Will this require contract or vendor support?
Can any necessary facility repairs, updates, or cleaning occur now (during social distancing measures) to prepare for reopening?
How can we reduce our employee exposure to COVID-19?
Have we created a plan to clean and disinfect our frequently touched objects and surfaces per EPA’s criteria for use against COVID-19?
Resources/Logistics
Have we determined which portions, if any, of applicable statutes apply to our organization (e.g. CARES Act, etc.)?
If required or necessary for infection control, do we have the necessary cleaning supplies and personal protective equipment (PPE) for our employees (e.g., masks, gloves, face shields, etc.)?
Has an accounting been done to determine what resources we have on hand, and what resources are required to reopen?
Is our supply chain able to accommodate supporting our logistical requirements in preparation for reopening?
For more detailed information about how to better prepare your organization with an All Hazards Risk Assessment, effective BC/DR Planning tools, or to schedule a tabletop exercise with our Certified Business Continuity Professionals, please contact us via:
The contact form using the link at the top of this page
The following news article provides an excellent introduction to the basic facts about coronavirus. Below are some important activities to consider when building your pandemic response plan.
From CBC News: Information about the coronavirus outbreak is spreading fast, but what do we actually know about the illness? CBC News medical contributor and family physician Dr. Peter Lin breaks down the facts about what it is, where it came from, how it spreads and what you can do to protect yourself. To read more: https://www.cbc.ca/1.5433625
How does the organization get started? While this is not an exhaustive listing, a basic Pandemic response plan should at least include the following considerations:
Containment Activities
Reducing risk of infected persons entering the workplace
Social Distancing
Environmental cleaning
Management Activities
Managing Fear
Communicate Sick Leave policy
Prevent Travel to infected areas
Maintain Essential Business Activities
Identification of core people and skills
Business Planning for absence
Contingencies for remote work
Alternate staffing and alternate work locations
For more detailed information about how to better prepare your organization with effective BC/DR Planning tools, or to schedule a tabletop exercise with our Certified Business Continuity Professionals, please contact us via:
The contact form using the link at the top of this page
How can one demonstrate a measurable return on investment (ROI) from the implementation of an continuity planning tool?
In the economic landscape of today, it is no news to anyone that we see companies that have been in business for generations closing their doors. Organizations that remain are forced to have leaner operations, coordinate just-in-time inventory levels and manage the highest levels of employee productivity; all to drive sustainable profit margins and positive cash flows for the stakeholders.
Even government agencies, especially at the local and state levels, are struggling with dwindling revenues from their private sector constituencies, facing increases in unfunded mandates, higher costs, lower budgets and cut-backs in services and operations. Needless to say, all spending is highly scrutinized no matter the industry or sector, and discretionary spending items are omitted from budgets without even a second thought.
This being the case, why would any organization choose during these critical times to implement a Business Continuity (BC) or Continuity of Operations (COOP) program?
Request our complete Whitepaper to learn more about demonstrating ROI from a continuity planning solution.
