BLOG

Pandemic Preparedness of Business Organizations

Posted by Buck Kulkarni on 20 Nov 2014


Every few years, a major health related episode somewhere in the world brings pandemic preparedness in the limelight and after some time, like everything else, it recedes from peoples’ memory only to be revived by another episode. The recent outbreak of Ebola virus is a case in point.

Almost every single customer has asked us about our pandemic preparedness in the past two months or so. We are a financial services provider organization and do not engage directly in any healthcare activity but the threat of a large number of people becoming unavailable for one reason or another can never be ruled out and hence, we take this preparedness very seriously. Of course, it is reasonable to say that pandemic preparedness should not be looked at only from the limited perspective of a health perspective but every single event that can affect availability of enough people to run the business at near business-as-usual level should be identified and response to each such event should be considered based on the threat and impact matrix of such event.

We developed a robust pandemic preparedness capability over the past three years and some of the best practices we developed or adopted from various industry bodies are shared here to help others in their quest for developing pandemic preparedness capability

1. Define pandemic event threshold – there can be many events that require a response and which one do you declare to be pandemic? E.g. you may say if 40% of our employees are not available to work (whether physically on site or remotely) for more than 9 consecutive work days, we declare it to a pandemic event. Of course, you can tweak the parameters to your specific situation but all your stakeholders must have a common understanding of what is pandemic

2. Take your incident management policy forward to prepare for pandemic incident – a pandemic event is simply a more pervasive event and hence, could be logically considered to be an extension of incident management. Your typical incident management policy would have identified people on various teams to respond to an incident but pandemic may need to take it further as the people you identify may not be available in the event of a pandemic so you must have more people involved in the incident management

3. Multi-location is the key to managing pandemic – pandemic typically means a large number of people losing access to work simultaneously so multiple work locations – far apart or even internationally is a great way to achieve pandemic preparedness

4. Integrate with BCP & DR – pandemic should ideally work as an integral part of your business continuity plans and disaster recovery plans and not as a stand-alone effort. A separate effort will simply mean a lot of duplication of effort and may not necessarily add value. For example, you have a DR plan that you execute once every year or a table-top that you execute every six months and you may find it beneficial to add the pandemic preparedness perspective in the same. E.g. you may plan the switchover from production to DR facility using people at one location and the switchback from DR to production using people at another location. This allows you to have the assurance that one single location has the ability to run the entire operation and this becomes an automatic protection against an pandemic event taking down one of your locations.

There are many more aspects that you need to consider in your own situation but an overall approach to integrate pandemic preparedness into existing policies and procedures provides an efficient and cost-effective way of achieving pandemic preparedness.

Stay connected. Get the latest delivered to your inbox.
Buck Kulkarni Head of Governance, Risk & Compliance Buck leads our Governance, Risk & Regulatory Compliance function to ensure we remain compliant with PCI DSS, HIPAA, HiTrust, SSAE 16, Data Privacy, and other regulations our clients care about. He and his team continuously invest in improving our risk and security posture to provide peace of mind to our clients and use best practices to keep Alacriti on the cutting edge of risk and security management.

Related Articles