Pandemic Planning

by Stephanie Goetz | Mar 2, 2020

PandemicPlanning


We are in the midst of flu season, which according to the reports from my health care provider as I was recently diagnosed, is one of the top 10 from recent memory.  Additionally, we hear daily reports in the news about the effects of the Coronavirus which has driven the outlook of the financial markets down.  We are seeing reports of the effects to the economy due to the current outbreaks, for example Apple, Inc. had revised its second quarter earnings estimates due to the impact to production as a result of the Coronavirus. 

So, what are we to do?  Well, let’s dust off the ol’ pandemic plan and make sure it’s updated and hitting the high points.  Here’s five things you need to know about pandemic planning:

  1. Why is pandemic planning important?

Overall, planning for the worst case scenario not only can preserve your institution’s reputation but help minimize disruptions to the local and national economy. A paper published by Thomas A. Garret of the Federal Reserve Bank of St. Louis details cites studies by the U.S. Centers for Disease Control and Prevention stating that the initial impact a severe outbreak could lead to 207,000 deaths and losses of $166 Billion or 1.5% of US gross domestic product (GDP) or at the time of the study (2007). 

To try to get a picture of what this could look like, many have studied the effects of the 1918 outbreak of the Spanish flu on the US. This outbreak was a classic worst case scenario as the timing was concurrent with World War I and the population being hit hardest in this outbreak was your typical household bread winner.  Can you imagine this?  The mortality rates were highest for males aged 18-40, typically those with strong immune systems as the deaths were not caused by the flu itself, rather immune system’s response. As a result, businesses were reporting declines of 40-70% due to absenteeism and lower customer activity.

 

  1. What is the difference between a traditional business continuity scenario and a pandemic scenario?

Unlike your traditional disaster scenario (natural disasters, technical disasters, malicious acts or terrorist events) pandemics are much more difficult to predict and would potentially affect every continent.  Pandemics also expand the timeframe of a disaster as they typically occur in multiple waves of two to three months. 

(For more information on a traditional Business Continuity Plan check out out blog post: Business Continuity Planning)

  1. How are the effects of a pandemic typically incorporated into the business impact analysis?

We have to look at the potential impacts to our businesses through a slightly different lens given the differences in a pandemic vs. a traditional scenario.  For example, a pandemic would not result in the loss of a physical facility or system which are typical the most impacted in your traditional scenarios.  This hits arguably an even more precious asset, our people. The Department of Homeland Security expects in a severe pandemic absenteeism would reach 40% in the peak of an outbreak, not only due to illness but the need to care for family members and fear of infection.  Public health measures may also prevent employee attendance when closures and quarantines are placed in effect. We could then use this lens to determine the impacts to the business with nearly half of the employees absent.

 

  1. What measures can we use to mitigate the risks in our plans?

Again, we have to put on a slightly different lens when it comes to risk mitigation given the potential impact(s) of a pandemic.  Here are some typical pandemic mitigation measures:

  • Coordinate with outside parties- Coordinate with community working groups and critical service providers to provide support and maintenance during a pandemic.  This could include local public health and/or emergency management.

  • Identify an early trigger for the plan- Monitor national and international pandemic news as well as local health organizations and in order to invoke your plan early enough for it to be effective.

  • Educate and protect your employees- Use the preventative education out there about preventative measures such as “Cover Your Cough” and “Clean Your Hands” to keep employees mindful of preventative measures.  Provide supplies such as plenty of hand soap and masks to help them protect themselves.

  • Cross training and succession planning- Make sure you have these in place for the critical roles and processes. This allows for the continuity of those key roles in the absence of key personnel.

  • Remote Access- Make sure your employees and backups have remote access, where appropriate so that they can continue to work if they need to stay at home.

 

  1. What are some ways to incorporate this into testing?

Testing should include pulling in those key assumptions of your mitigation strategy, some examples include:

  • Include your cross trained employees in testing- Include these and any third parties who would be expected to take up some of the capacity in the pandemic. Have them run through procedures or perform the work expected of them for that day.

  • Have “work from home days” – To allow your essential employees and backups to become more comfortable and identify gaps in your remote work strategy.

  • Test your systems for the increased capacity- Test your systems, such as  your online banking or remote teller to ensure they can handle the anticipated load during a pandemic.

  • Ensure your security controls are still working- May I also add a shameless plug here? Make sure you have the proper security controls covered and tested, such as two factor authentication for remote access.  There is no good time for a security incident, but in the middle of a pandemic would be one of the worst possible times!

  • Test your crisis communication plans- Sending out test messages not only allow an opportunity to find gaps in your plan but ensure that recipients can properly identify and respond to the communication.

 

If you would like to update or put your pandemic plan to the test, we can help!  Contact us at  support@bedelsecurity.com or 833-297-7681.

More Resources:

Remote Access Risk Assessment
https://www.bedelsecurity.com/lp-remoteriskassessment 

Business Continuity Planning
https://www.bedelsecurity.com/blog/business-continuity-planning 

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!

© 2024 Bedel Technology, LLC | 833-297-7681| Support@bedelsecurity.com