Analysis
COVID-19: Managing Risks and Ensuring Business Continuity
To ensure business continuity, having an emergency scenario is essential. In the current situation, it is vital to react as fast as possible in order to mitigate impacts and other risks and to prepare the organisation for the further development of the COVID-19 pandemic and its possible scenarios. Business continuity management covers infrastructure, cyber, employee, business, operational and communication risks, with the aim of managing an organisation that has to face new challenges and risks and wants to ensure continuity of operations and production.
In normal operation activities and in reaction to common events (e.g. breakdowns), business continuity management sets a strategic and operational framework to actively increase corporate resilience. The objective is clear: to prevent suspension of operations or services. How can your organisation ensure continuity of business?
Business Continuity Management
COVID – Initial Measures
· Implement fundamental emergency measures for the current situation
· Implement all the recommendations of the local authorities and World Health Organization
· Benchmark of introduced measures within your industry
· Employee travel restrictions or travel ban
COVID – infrastructure risks
· Check the readiness of infrastructure and other services (SaaS
etc.) for the higher load of employees working remotely
· Check if the corporate systems can be managed remotely without the
physical presence of IT employees (Operations, Support etc.)
· Map single points of failure in the infrastructure in case of
remote operations, design countermeasures
· Define the responsibilities of suppliers according to SLAs in case
of emergency situations, draft any required amendments
· Set up sufficient IT support for remotely working employees
Prioritise access to corporate systems (Management, Top Management priority
etc.)
· Review the number of application licences that ensure remote
access
COVID – cyber risks
·
Check security and monitoring of applications for remote access
· Test applications for remote access (VPN etc.) + patches,
hardening
· Perform Awareness campaign for specific cases of social
engineering attacks in communication related to crisis
COVID – employee risks
·
Analyse key roles that require on-site access, plan a backup plan
in case of their absence (e.g. substitutability)
· Design measures to help employees’ with management of stress and
stressful situations
·
Arrange a method of assigning and distributing employees at
various levels of operational reduction
· Set up access for employee mobility (division of shifts,
transport, etc.)
COVID – business and operational risks
· Map single points of failure within the organisation (processes,
employees, technologies) and draft countermeasures
· Establish emergency measures and organisational instructions in
order to ensure continuity of operations according to the level of risk
· Set up reaction plans (procedures, allocation of employees, tools
and other resources)
· Prepare for issues in the supply chain
· Make arrangements for work that cannot be done remotely
· Prepare for the need to close down office or business premises
· Stabilise the organisation for the event of a significant impact
on its economy (Plan for optimization ofcosts, processes and portfolios)
· Prepare scenarios, plans and measures to restore business
operations (disaster recovery plans)
COVID – communication risks
· Set up a mechanism of communication with employees (positive),
partners, suppliers, authorities, and the public