Below I highlight some of the key Coronavirus steps that organizations can take to help with their mitigation planning of the Covid-19 pandemic.
Below I highlight some of the key Coronavirus steps that organizations can take to help with their planning of the Covid-19 pandemic.
A readiness assessment is a great place to start when organizations don’t know what their business continuity program should consist of. Industry and role readiness templates as well as pandemic specific templates allows an organization to evaluate their business continuity program against a best practice standard and identify where any gaps may exist. These readiness libraries break down standards and best practices into actionable pieces so that organizations can track progress and adherence.
All organizations should complete a risk assessment on their core business processes to identify and prioritize any new risks or gaps in their existing controls for new scenarios like pandemics, recession, and geopolitical conditions risks. Process owners when prompted with risks are in the best position to be able to think how these scenarios will impact their areas of responsibility.
Not all risks within processes or functions within an organization should be treated the same. A business impact analysis allows organizations to identify which parts of the business are most critical to its operations. Use the results of the BIA to determine which parts of the organization to prioritize during a BCP event to maintain operations.
As the pandemic evolves and new information arises, policies will need to be revisited and updated and communicated. For example, reviewing and revising a work from home policy will be effective only if dissemination of that revised policy is made with governance tracking for adoption across the organization.
Incident management is typically a highly silo’d activity embedded within a process. In times of change management, a unified enterprise-wide mechanism is needed as an input to evaluate the effectiveness of mitigation and policy activities as well as to manage the exceptions, which are typically 20% of all activities.