Pandemic preparedness requires extensive organizational planning. The uncertain time frame of disease outbreaks means security and risk management leaders should arrange short- and long-term plans for protecting employee health, assessing third-party exposure, and ensuring continuity of operations.
The new coronavirus strain (COVID-19), which emerged in Wuhan, China, is the latest reminder that companies need to plan and prepare for large-scale outbreaks of the dangerous disease. Such a dynamic situation, which could span months and expand well beyond the Asia/Pacific region, has the potential to be as or more disruptive to an organization’s continuity of operations as a cyber intrusion or natural disaster.
Even before the World Health Organization (WHO) declared a global public health emergency on 30 January 2020, companies had already begun taking steps to reduce their exposure. This includes quarantining people in apartments in the hot zone of the emergency, restricting travel to China, closing stores and factories there, and ordering employees in affected regions to work from home.
Pandemics aren’t your usual business disruption. Unfolding over months, these events require an extra set of activities that include consultations with epidemiologists, critical role identiﬁcation and third-party evaluations. We consider a pandemic to be an operational risk that must be managed at the highest levels of the organization because it cuts across every department and location in which the organization operates (see Figure 1).
The following research describes considerations and planning that leaders can undertake as the coronavirus outbreak continues. We will update it as more research is published over time and as the emergency plays out.
Organizations should prepare for a possible pandemic because resources won’t be available once a pandemic strikes. The benefits of this planning work include:
Minimizing the impact upon staff
Minimizing the impact on the organizational supply chain
Minimizing the impact upon service delivery
Minimizing the impact upon the IT infrastructure
Protecting the corporate reputation
Reducing the financial impact
Enabling the organization to return to a new normality sooner
The conditions of a pandemic that organizations need to understand to best prepare, respond and recover from such an event can be categorized in three ways. However, they all stem from one key condition: employee absenteeism.
A pandemic is worldwide in scope and of indefinite duration.
A pandemic can be a moving target; you need to adjust your expectations and preparations as things change.
Quarantines and travel restrictions may be in place.
Economic conditions become distorted during a pandemic dislocation.
Government essential services will be seriously disrupted during a large-scale pandemic; this may include delays in responding to all types of events, such as civil unrest or natural disasters.
Power outages due to utility workforce reduction may be more frequent.
Residential internet supply won’t meet demand in a large-scale pandemic.
Food rationing may occur.
Hospitals may be overwhelmed.
Fuel may be in short supply.
Multilocation enterprises will likely be more affected than those with a single location.
The key business impact trigger will be a result of quarantines, travel restrictions, school closures and sick family members.
Supply chain and third-party pandemic preparedness is critical.
Technology can help organizations better adapt to the changing situation.
Consider cultural and religious differences in preparedness plans.
As such, Gartner has a number of research notes categorized below to support organizational leaders in their pandemic preparedness activities.
Overall Pandemic Preparedness Advice:
: Security and risk management leaders should use this Toolkit as a guide and checklist of advice to ensure they have as complete a pandemic preparedness plan as possible.
(Enterprise Risk Management) and (HR): Pandemics aren’t your usual business disruption. Unfolding over months, these events require an extra set of activities that include consultations with epidemiologists, critical role identification and third-party evaluations. These notes cover concerns for various leaders throughout the organization.
: Digital business initiatives present more risks and opportunities for crises than enterprises experience today. Security and risk management leaders should use a cross-functional BIA as an essential tool in developing collaborative procedures in response to a major business disruption.
: A business impact analysis is the best way to estimate the effect of disruptions to service delivery. Security and risk management leaders should use this Toolkit to capture and analyze the data needed to determine the recovery priorities that will drive recovery strategies and solution development.
: A critical evaluation of recovery plans is essential to effectively ensure continuity of operations. This user-customizable Toolkit offers enterprises an easy way to assess the effectiveness of their plans following a business disruption.
: Crisis escalation procedures are often ambiguous, resulting in delays in getting critical information to those responsible for the crisis management plan, which leads to slower response times. This research provides heads of enterprise risk management solutions to this challenge.
: Security and risk management leaders must assess the strengths and weaknesses of recovery plans to ensure the organization’s ability to survive disruptions. An exercise management strategy provides a comprehensive approach to assessing the effectiveness of recovery plans.
: Tabletops are an early type of recovery exercise that organizations conduct on their path to ensuring recovery plans meet recovery needs. Security and risk management leaders can use this template to create and conduct a tabletop exercise for a scenario relevant to their organization.
COVID-19 Impact on the Supply Chain
: As the coronavirus spreads rapidly from ground zero in Wuhan, China, supplier ecosystems are being interrupted as labor, subassemblies and raw materials become scarce. Disruptions are likely to grow. Supply chain leaders focused on procurement can use this research to mitigate potential impacts.
: The coronavirus could have a major impact on global supply chains, as numerous factory workers in China share accommodations on campus with many other workers. Supply chain leaders can use this research to put scenario plans in place to mitigate the impact.
: Coronavirus is disrupting global logistics as several modes of international shipping grind to a halt in parts of China and movement in and out of the country is limited. Supply chain leaders responsible for logistics can use this research to evaluate the impact of this disruption.
: Coronavirus is forcing chief supply chain officers to make extremely fast decisions with high levels of uncertainty to find workarounds for broken supply chain networks in China. This research outlines how CSCOs can use decision-making constraints to better respond to the impact from coronavirus.
COVID-19 Impact on the IT Services Industry
Technologies to Help Manage a Crisis
: Emergency/mass notification services solutions send critical and emergency messages to internal and external stakeholders in support of many use cases. Security and risk management leaders with business continuity management responsibilities can use this research during the EMNS procurement process.
: Since 2017, the 2019 business continuity management program solutions market has broadened its IT disaster recovery management, crisis management and risk management capabilities. Gartner’s Magic Quadrant evaluates 15 vendors to help with the vendor selection process.
: Gartner has identified 11 critical capabilities and four use cases to assess and compare disaster-recovery-as-a-service offerings from 15 service providers. Security and risk management leaders should select a provider that best aligns with their business needs before purchasing a BCMP solution.
: Crisis/emergency management platforms orchestrate and manage tasks, resources, communications, collaboration and data during a crisis. Security and risk management leaders responsible for crisis management should use these solutions to demonstrate command and control during a crisis.
In addition, travel risk management services can help organizations to provide location-specific intelligence to their traveling workforce. Two vendors in this market are:
: In an effort to reduce the cost of office space, leaders often encourage employees to work remotely. This research describes the essential first steps of creating remote work programs.
: CIOs need to take the lead to help managers and other stakeholders overcome their fears of implementing a remote work program. The program can bring to the organization a competitive edge in the recruitment and retention of highly valued IT talent.
: Remote work programs benefit from having well-designed policies that clarify employee and manager responsibilities. Leaders can use this template to create policies for their organization.
: Corporate giants such as Yahoo, Wells Fargo and IBM have eliminated their remote work programs, believing that will promote better collaboration and innovation. But CIOs should be cautious and first address these key issues before making the decision to halt a remote work program.
: This research will help CIOs assess what jobs and which individuals are suitable for remote working and provide strategies for effectively managing the remote worker.
: Leaders must address the changing enterprise needs as the digital workplace evolves and remote working becomes more common.