Specific Pandemic guidance

Wikipedia:

A pandemic (from Greek πᾶν, pan, “all” and δῆμος, demos, “people”) is an epidemic of disease that has spread across a large region, for instance multiple continents or worldwide, affecting a substantial number of people. A widespread endemic disease with a stable number of infected people is not a pandemic. Widespread endemic diseases with a stable number of infected people such as recurrences of seasonal influenza are generally excluded as they occur simultaneously in large regions of the globe rather than being spread worldwide.

Strategically, which Effects does the Company need to take into account

  • Which type of Pandemic events are likely to happen in their main production area?
    • Which of them is most relevant and therefore preparation is key?
    • How does it affect the supply chain?
    • How does it affect the customers?
  • Which measures are expected by the government?
    • Can you expect support?
  • How will support communicate with your stakeholder?

 

Source: https://www.visualcapitalist.com/history-of-pandemics-deadliest/

Source: https://www.visualcapitalist.com/history-of-pandemics-deadliest/

Prepare for Global Pandemic

What makes IT continuity different during a pandemic?

  • Team no longer able to work
  • Quarantine
  • Workforce!!
    • Critical infrastructures could link employees “on-site” to keep CRITIS operating
      • Using A, B and, if necessary, C Teams working independently of one another
      • Preparation for this is also necessary, or at least desirable
      • On-site rest and sleeping areas must be created
      • Care, personal hygiene facilities
      • Consideration of allergies, dietary requirements (vegan etc.)
      • Working hours and rest periods (E.G. Extension to 16 hours or 12(13) hours)
    • How do I deal with sickness in the CRITIS team or infections?
    • Decontamination by public authorities (e.g. Germany’s Federal Office of Civil Protection – Bundesamt für Bevölkerungsschutz for CRITIS) or privately?
      • If necessary, military assistance (example of Austria: post-sorting offices decontaminated by the military)

Support Structure:

  • Several teams in one region capable of taking over service for a different team location
    • Example: Linux operation not just in one location for Europe but in at least two.
  • Home offices should always be prepared for a pandemic
  • What to do if the housing structure leaves little or no space for a home office??
    • For example, in Asia or maybe New York or somewhere like that?
  • Have support Teams in different places and not a single center for i.e. Europe
  • Enablement to let people work from off site locations:
    • Security
    • Smart home aspect to be taken in consideration

Topic for People Lifestream

A pandemic situation will always result in a local, regional or overall infection risk and therefore requires overall measures managed centrally as well as regional or local per plant or service department steered countermeasures:

  • However, the company must for all decision makers give a general guidance how the company want to deal with pandemic, so that a local decision maker is not guided to make unpopular decisions, because that is out of his cost centre perspective, the best solution. But at the end it hurts the overall brand

Build and maintain prepared response threat response plans for likely threats.

Assess annually if the IT and Work Equipment is ready for a pandemic or if the missing capabilities are of acceptable nature:

  • Enable all work staff required to work from home, where no physical presence is required
    • Mobile IT Equipment
    • IT Applications must work remote
    • Print Infrastructure supports remote working
    • Electronic handling of documents is possible
  • Perform IT Security assessments every 2-3 years if the remote IT is secure enough also in a pandemic situation and take identified necessary actions
    • If most people work from home, acceptable security risks for a few people grow to possibly an unacceptable level (like unsafe webcams or other IOT devices)

Assess annually if the IT and Work Equipment is ready for a pandemic or if the missing capabilities are of acceptable nature:

  • Assess if physical work environments can short term be changed to comply with a pandemic requirement
  • Assess and define, which safety goods for pandemic need to be on site on stock
    • Manage the expiration dates of these goods
  • Define which parts of the company are more vital than others so that decision makers can immediately focus on these areas first
  • Assess if staff need to be able to stay overnight during a pandemic and if so, take precautions that this is possible
    • Determine which amount of people this might mean and have the necessary space available

Preparing for Pandemic

  • Regularly assess on board level if the IT and security are ready for pandemic
    • A pandemic situation will always result in a local, regional or overall lock down situation. As a result, each business need to verify how it is reliant on people working on site or if it is possible to also perform work in a distributed manner. If work needs to be local, it needs to be assessed, if workers can be secured, so that work in full strength or limited functionality can continue
  • Assess if HR can continue business within a pandemic situation and if current precautions are sufficient
  • Define requirements out of the assessment towards and improved preparation and assign them to the corresponding service owners for execution
  • In the assessment the following items need to be looked at
  • Enable the organisation to receive current input for authorities which the company in their operating sites to to follow

 

Best Practice – Invocation

The invocation should be handled as follows:

  • The pandemic is identified
    • In a pandemic situation the identification must happen early, before or quickly after the first impact has happened to prepare the organisation and safeguard it
  • A pandemic case is formally called out
  • The major incident or other disaster determined organisation (as defined previously in planning phase) is being called together
  • A leader and stand-ins are defined
  • A team is assembled to handle the Pandemic as their full time job (no other assignments)
  • The organisation is formally announced with decision rights and therefore formally enabled
  • The planned and prepared communication plan is adjusted to the current situation
  • Initial communication is being performed to all employees about the following information
    • Severity at the moment
    • Countermeasures being taken
    • What to expect next
    • How to react and communicate
    • Where to receive concrete help if situations occur where support is required
  • Use a website with up to date information where employees can inform themselves as well as a managing team
    • In best case this is an already known instance like the Group Management Center or similar
  • Perform customer communication about the upcoming situation and how your company will handle it in a sufficient manner and which impacts this might cause for them
    • Provide answers to customer concerns, especially for IT Business Critical services hosted for the customer

Invocation of prepared countermeasures based on utility for the given situation and risk level

  • Separate Teams into A and B teams without physical connection so that one team can continue working when the other got sick
  • Enablement of distributed (home) working mechanism
  • Movement of production to other non affected places

Best Practice – Run

As per ITIL ITSCM process the invocation should be handled as follows:

  • The disaster is identified
  • A disaster case is formally called out
  • The major incident or other disaster organisation (as defined previously in planning phase) is being called together
  • A leader and stand-ins are defined
  • The organisation is formally announced with decision rights and therefore formally enabled
  • Build a communication structure via prepared channels

Invocation of prepared countermeasures based on utility for the given situation and risk level

  • Movement of production to other non affected places

Perform regular communication about

  • Current risk level
  • Current invoked countermeasures
  • Current restrictions/precaution actions
  • Especially for critical functions, IT Services, Personnel and locations/offices/data centers be specific on which limitations have been invoked where
  • Ensure Information is easily reached/accessible for each employee
  • Health and safety information everyone need to adhere to
    • Social distancing
    • Keeping distance
    • Wash hands
  • Decide if Projects or other activities should be stopped/reduced to keep key personnel free for possible important activities
  • Ensure sales is putting new business under pandemic limitations in terms of delivery at all and dates