Pandemic Planning and Tabletop Testing
With the recent outbreak of the Coronavirus (COVID-19), the Centers for Disease Control and Prevention (CDC) has recommended that organizations assess their current pandemic response plans. If your organization doesn’t have a pandemic response plan in place, it is highly recommended that you begin to develop one. Not only is it a recommendation, but in the banking industry, it’s also a requirement. The FFIEC recently updated one of their IT examiner handbooks. The “Business Continuity Planning” (BCP) booklet was updated to “Business Continuity Management” (BCM) booklet. In the updated booklet, the requirement that financial institutions have a pandemic plan remains required. In addition, the CDC has recommended this as a best practice for several years. In this article I will be going over the key elements of an effective pandemic response plan and ways to test your plan to ensure your organization is ready to face the Coronavirus.
What should be in the plan?
Pandemic planning is a subset of a business continuity plan and many of the key elements of a business continuity plan will apply to your pandemic response plan. The first item to be addressed is to identify a pandemic coordinator or team. This person or team owns the pandemic facet of the organization’s overall continuity plan. They are responsible for making sure it is up to date, includes input from all areas of the organization, and is in line with the recommendations from organizations like the CDC, HHS, and the FFIEC. Be sure that your employee contact list and call trees are up to date and include ways of contacting third party providers and backups. Next, just like you would in a business continuity plan, identify critical functions and critical employees that are required to maintain business operations during a pandemic outbreak. You will want to plan for scenarios that may drive your services or product to increase or decrease in demand. The plan should take into account limited employee contact and maintaining business operations if people are out sick or unable to be at work for whatever reason. Implement guidelines and educate employees on the steps to take to better protect themselves in and outside of the workplace. Ensure that your policies and procedures are up to date and align with your pandemic response plan. This is a very high-level overview of what to consider when creating your plan.
Testing of the Plan
Now that we have a general plan in place, it’s important to perform exercises to test different facets of the plan and to identify any gaps, and then to follow with a postmortem/lessons learned. There are many different levels of testing ranging from a tabletop exercise where organizations will talk through a scenario all the way to a functional walk through of the test. It is always recommended that organizations start with just a tabletop exercise, so that is what we will outline today. The first step is to identify key members that should be included in the testing. This might include the CEO, IT, legal, operations, and many more. We want to get all these team members on a call or in the same room, if possible. Regardless of who is facilitating the testing, a realistic scenario (such as a flu outbreak that has struck the world and is affecting businesses) should be drafted. Once a pandemic incident scenario has been identified and the plan has been activated, the team members will talk through the steps they would take to maintain or resume business functions. You will quickly realize there are several things that you could have done better or that have deviated from the plan. Actions that are discussed during the exercise should be recorded and the plan should be adjusted, as needed, or staff should be reeducated on the documented pandemic process that should have been followed initially.
Tying it all together
It’s rare that organizations must worry about pandemic issues, as fortunately it is not often that they arise. It’s certainly beneficial to have a plan in place when a scenario like the Coronavirus does become a reality. Across the globe we have already witnessed the effect it’s having on organizations of all sizes. We don’t know what’s coming next with this pandemic, but we can ensure we’re prepared. By having the appropriate plans in place and educating staff, organizations can better protect themselves for what’s to come. We briefly outlined key elements and considerations when developing a pandemic response plan and we touched on an effective tabletop method to test the plan and identify gaps in procedures. For more information or assistance with your pandemic planning needs, please reach out to your trusted business continuity partner, Compass IT Compliance. We’d be happy to help you get started today!
Contact Us
Share this
You May Also Like
These Related Stories
No Comments Yet
Let us know what you think