Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
1 of 22

Business Continuity Planning During and After the Coronavirus (COVID-19) Pandemic



Download to read offline

In this session, we went through how a Business Continuity Planning can assist you in managing your business operational disruptions during and after the COVID-19 pandemics.

The webinar will cover:

Blind spots in your pandemic response
Preparing your business for unpleasant surprises.
What are the top actions undertaken by organizations.
What are the implications, advantages, and challenges.
What actions are still to be implemented?

Date: May 13, 2020
Recorded Webinar:

Find out more about ISO training and certification services






For more information about PECB:





Business Continuity Planning During and After the Coronavirus (COVID-19) Pandemic

  1. 1. Blind spots in your Pandemic Response Have you activated your Business Continuity Plan?
  2. 2. Unpleasant surprises 1. Loss of Internet and/or mobile telephony  What’s your Business Continuity Plan (BCP) for such situations?  Do you have any work-arounds left for communication during this (partial) lockdown period (e.g. for 2-factor authentication and staff/ client/supplier notifications)?  Do your voice/data communication providers have BCPs?  Have these recently been tested?  Do you know where you are in their priority listing?  Would you have to start looking for a new supplier from scratch… whilst everyone else is doing the same?  Have your executives considered conducting an exercise on such challenges whilst in lockdown?
  3. 3. 2. Cloud-based services/applications down  Consider your increased dependency on cloud-based services, e.g. for o online sales o data storage o accounting o banking o product ordering  What are your (manual) work-arounds that will help you sufficiently if any of these were to be disrupted?  Are dual supplier arrangements even possible in order to be prepared for such situations? (in advance, yes… but on the spot?) Unpleasant surprises
  4. 4. Unpleasant surprises 3. Data centre failure  For those who have their servers in a self-managed or outsourced data centre facility: To which degree has regular maintenance been reduced?  If an incident occurs, can it be fixed if IT staff are not able/allowed to troubleshoot the problem on-site?  Is the remote access capability of technical staff sufficient?  From where can you still obtain spare servers, UPSes, generators, fuel, AirCon units and/or cabling related equipment/parts?  Will these come soon enough, considering current disruptions in supply (particularly from overseas) and overloads on postal services and couriers?  Could you still develop dual supplier arrangements now, in order to be prepared for such situations?
  5. 5. Unpleasant surprises 4. Cyber attacks Considering staff are working on various WiFi networks, BYOD devices and possibly less controlled/secure systems, this is a realistic threat. If you rely to a high degree of interfacing between your systems and those of external customers and suppliers…  How will you know how far a cyber attack may have travelled?  How can you quickly get external technical assistance if the best service providers are most likely overloaded and snapped up by the ‘big end of town’?
  6. 6. Unpleasant surprises 5. Staff related challenges  Are your policies regarding teleworking, workplace health, flexible work, paid/unpaid leave and staff expense reimbursements clear?  How are you preventing ‘meeting fatigue’ and disinterest due to inefficient group call protocols?  How are you keeping yourself and your colleagues/staff engaged and motivated when stood down/not rostered in for a while?  Could downtime be used for remote study or certification activities?  What about staff who are suffering from health/wellbeing issues due to dealing with limited ergonomic comforts and lack of social interaction?
  7. 7. Unpleasant surprises 5. Staff related challenges  Have you explored ‘Pomodoro’ and other techniques that may help staff being productive whilst working more on their own?  How are you and your colleagues managing distractions? Have you looked into tools like Checky (time tracker for phone), Hey Focus and Freedom?  On the flipside, who in your team seems to be drawn to their beeping devices all day and night?  Is there a true culture in place where staff comfortably speak up if they’re struggling?
  8. 8.  Practical: Ensure staff are ‘incident-ready’ by means of Quick Reference Cards and regular ‘mini invocations’  More is less – Reduce document volume and make it easy to maintain  Fun & engaging: Involve staff ‘hands-on’ including use of interactive workshops and gaming techniques including ‘red teaming’  Culture: Ensure there is a comfort amongst staff that making mistakes is ‘OK’  Global best practice: For proper BCP as with DR, Risk Management and Security), apply up-to-date principles/strategies (and standards!) Making Business Continuity plans that actually work when you need them most
  9. 9. 2020 Pandemic • The BCI has conducted a series of fortnightly global surveys to learn more about how organizations are adapting to the current pandemic: • BCI Organizational Preparedness Report • 3rd and 4th Edition, April 2020 • Around 350 respondents from 60 countries and roughly 20 industries
  10. 10. Abbreviations Abbreviation, Acronym Term comms Means of communication (tech) Communications (policies, media) wfh Work from home
  11. 11. Organizational Aspects Main areas covered 1) HR/Staff Measures 18 Questions 2) Health and Hygiene 13 Questions 3) Travel 10 Questions 4) IT, Technology and Telecoms 14 Questions 5) Supply Chain 7 Questions 6) Business Continuity Plans 18 Questions
  12. 12. Question Selection • Top implemented questions (100% down to ca. 50%) Already implementing  Considering implementing  Not considering implementing  Unsure  Not applicable
  13. 13. 1. HR/Staff Measures • Restricted visitor and/or contractor engagements • Ensured a plan is in place if a staff member is diagnosed with COVID-19 • Implemented non-punitive leave policies to allow quarantining staff to wfh • Allowed staff to work from home to look after children if school/nursery closures • Ensured staff have a dedicated helpline/contact to share personal COVID concerns • Reviewed job roles to ensure key processes can be carried out by skeleton staff • Implemented regular org-wide calls for staff to briefed on corporate strategy updates • Implemented leave policies to allow staff to care for sick relatives • Provided additional support to those struck by COVID-19 • …
  14. 14. 2. Health and Hygiene • Implementing social distancing measures • Cascaded health & hygiene communications from government/other trusted sources • Provided hand sanitizer in office spaces • Instructed office cleaners to engage in more thorough daily cleansing • Prepared procedure to respond in the case of a confirmed COVID-19 infection • Taken steps to safeguard employees’ mental health and wellbeing • Implemented daily team calls to maintain structure and reduce isolation • Enforced a non-handshake policy • …
  15. 15. 3. Travel • Implemented a domestic travel ban (e.g. to external meetings and events) • Implemented an international travel ban • Closed offices and other locations to access unless approved by senior management • Asked staff to wfh for seven or more days if returning from holiday/travel in “high risk” countries • Implemented an inter-office travel ban • Provided keyworker staff with travel guidance and/or alternatives • …
  16. 16. 4. IT, Technology and Telecoms • Transferred meetings to conference calls where possible • Ensured staff who are wfh have acceptable cyber-security measures in place • Ensured IT capabilities support wfh measures to cover peak/non-peak times • Ensured comms in place so staff can communicate if all staff wfh • Reviewed cyber arrangements so systems stay secure in mass-staff absences • Internal comms regarding medical advice & company procedures given to staff • Established IT helpdesk/upscaled existing to allow increased reliance on technology • Ensured external comms plan in place should a staff become infected • …
  17. 17. 5. Supply Chain • Identified a list of critical suppliers in response to COVID-19 • Maintained regular communications with suppliers • Reviewed the business continuity plans of key suppliers to ensure continuity of service • Prioritised suppliers for review based on operating location • …
  18. 18. 6. Business Continuity Plans • Have a validated information source which is monitored daily • Ensured incident management teams are meeting regularly • Activated Incident Management teams to manage the business disruption • Considered how sustainable the business continuity response is • Ensured all plans have been reviewed to reflect the current circumstances • Reviewed the BIA to reflect changing priorities given prolonged impact of COVID-19 • Undertaken scenario analysis to identify range of potential outcomes/est. impacts • Undertaken financial modelling to determine how the organization will be affected post- COVID • Conducted horizon scanning for other risks that may materialize during the pandemic • …
  19. 19. ISO/IEC 22301 Training Courses • ISO 22301 Introduction 1 Day Course • ISO 22301 Foundation 2 Days Course • ISO 22301 Lead Implementer 5 Days Course • ISO 22301 Lead Auditor 5 Days Course Exam and certification fees are included in the training price. 22301
  20. 20. THANK YOU ?