In this session, we went through how a Business Continuity Planning can assist you in managing your business operational disruptions during and after the COVID-19 pandemics. The webinar will cover: Blind spots in your pandemic response Preparing your business for unpleasant surprises. What are the top actions undertaken by organizations. What are the implications, advantages, and challenges. What actions are still to be implemented? Date: May 13, 2020 Recorded Webinar: https://youtu.be/4_0vHEbSlHg Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/iso-22301-societal-security-business-continuity-management-systems Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION

2. Blind spots in your Pandemic Response
Have you activated
your Business
Continuity Plan?

3. Unpleasant surprises
1. Loss of Internet and/or mobile telephony
 What’s your Business Continuity Plan (BCP) for
such situations?
 Do you have any work-arounds left for
communication during this (partial) lockdown
period (e.g. for 2-factor authentication and staff/
client/supplier notifications)?
 Do your voice/data communication providers have BCPs?
 Have these recently been tested?
 Do you know where you are in their priority listing?
 Would you have to start looking for a new supplier from scratch… whilst everyone
else is doing the same?
 Have your executives considered conducting an exercise on such challenges whilst
in lockdown?

4. 2. Cloud-based services/applications down
 Consider your increased dependency on
cloud-based services, e.g. for
o online sales
o data storage
o accounting
o banking
o product ordering
 What are your (manual) work-arounds that will help you sufficiently if any of these
were to be disrupted?
 Are dual supplier arrangements even possible in order to be prepared for such
situations? (in advance, yes… but on the spot?)
Unpleasant surprises

6. Unpleasant surprises
3. Data centre failure
 For those who have their servers in a self-managed
or outsourced data centre facility: To which degree
has regular maintenance been reduced?
 If an incident occurs, can it be fixed if IT staff are
not able/allowed to troubleshoot the problem on-site?
 Is the remote access capability of technical staff
sufficient?
 From where can you still obtain spare servers, UPSes, generators, fuel, AirCon
units and/or cabling related equipment/parts?
 Will these come soon enough, considering current disruptions in supply
(particularly from overseas) and overloads on postal services and couriers?
 Could you still develop dual supplier arrangements now, in order to be prepared
for such situations?

7. Unpleasant surprises
4. Cyber attacks
Considering staff are working on various WiFi
networks, BYOD devices and possibly less
controlled/secure systems, this is a realistic threat.
If you rely to a high degree of interfacing
between your systems and those of external
customers and suppliers…
 How will you know how far a cyber attack
may have travelled?
 How can you quickly get external technical assistance
if the best service providers are most likely overloaded
and snapped up by the ‘big end of town’?

8. Unpleasant surprises
5. Staff related challenges
 Are your policies regarding teleworking,
workplace health, flexible work, paid/unpaid
leave and staff expense reimbursements clear?
 How are you preventing ‘meeting fatigue’ and
disinterest due to inefficient group call protocols?
 How are you keeping yourself and your
colleagues/staff engaged and motivated when
stood down/not rostered in for a while?
 Could downtime be used for remote study or certification activities?
 What about staff who are suffering from health/wellbeing issues due to dealing with
limited ergonomic comforts and lack of social interaction?

9. Unpleasant surprises
5. Staff related challenges
 Have you explored ‘Pomodoro’ and other
techniques that may help staff being
productive whilst working more on
their own?
 How are you and your colleagues
managing distractions? Have you looked
into tools like Checky (time tracker for
phone), Hey Focus and Freedom?
 On the flipside, who in your team seems to be drawn to their beeping devices all
day and night?
 Is there a true culture in place where staff comfortably speak up if they’re
struggling?

10.  Practical: Ensure staff are ‘incident-ready’ by means of Quick Reference Cards and
regular ‘mini invocations’
 More is less – Reduce document volume and make it easy to maintain
 Fun & engaging: Involve staff ‘hands-on’ including use of interactive workshops and
gaming techniques including ‘red teaming’
 Culture: Ensure there is a comfort amongst staff that making mistakes is ‘OK’
 Global best practice: For proper BCP as with DR, Risk Management and Security),
apply up-to-date principles/strategies (and standards!)
Making Business Continuity plans that actually work when you need
them most

11. 2020 Pandemic
• The BCI has conducted a series of fortnightly global surveys to
learn more about how organizations are adapting to the current
pandemic:
https://www.thebci.org/knowledge/coronavirus.html
• BCI Organizational Preparedness Report
• 3rd and 4th Edition, April 2020
• Around 350 respondents from 60 countries and roughly 20
industries

12. Abbreviations
Abbreviation, Acronym Term
comms Means of communication (tech)
Communications (policies, media)
wfh Work from home

13. Organizational Aspects
Main areas covered
1) HR/Staff Measures 18 Questions
2) Health and Hygiene 13 Questions
3) Travel 10 Questions
4) IT, Technology and Telecoms 14 Questions
5) Supply Chain 7 Questions
6) Business Continuity Plans 18 Questions

14. Question Selection
• Top implemented questions (100% down
to ca. 50%) Already implementing
 Considering implementing
 Not considering implementing
 Unsure
 Not applicable

15. 1. HR/Staff Measures
• Restricted visitor and/or contractor engagements
• Ensured a plan is in place if a staff member is diagnosed with COVID-19
• Implemented non-punitive leave policies to allow quarantining staff to wfh
• Allowed staff to work from home to look after children if school/nursery closures
• Ensured staff have a dedicated helpline/contact to share personal COVID concerns
• Reviewed job roles to ensure key processes can be carried out by skeleton staff
• Implemented regular org-wide calls for staff to briefed on corporate strategy updates
• Implemented leave policies to allow staff to care for sick relatives
• Provided additional support to those struck by COVID-19
• …

16. 2. Health and Hygiene
• Implementing social distancing measures
• Cascaded health & hygiene communications from government/other trusted sources
• Provided hand sanitizer in office spaces
• Instructed office cleaners to engage in more thorough daily cleansing
• Prepared procedure to respond in the case of a confirmed COVID-19 infection
• Taken steps to safeguard employees’ mental health and wellbeing
• Implemented daily team calls to maintain structure and reduce isolation
• Enforced a non-handshake policy
• …

17. 3. Travel
• Implemented a domestic travel ban (e.g. to external meetings and events)
• Implemented an international travel ban
• Closed offices and other locations to access unless approved by senior management
• Asked staff to wfh for seven or more days if returning from holiday/travel in “high risk”
countries
• Implemented an inter-office travel ban
• Provided keyworker staff with travel guidance and/or alternatives
• …

18. 4. IT, Technology and Telecoms
• Transferred meetings to conference calls where possible
• Ensured staff who are wfh have acceptable cyber-security measures in place
• Ensured IT capabilities support wfh measures to cover peak/non-peak times
• Ensured comms in place so staff can communicate if all staff wfh
• Reviewed cyber arrangements so systems stay secure in mass-staff absences
• Internal comms regarding medical advice & company procedures given to staff
• Established IT helpdesk/upscaled existing to allow increased reliance on technology
• Ensured external comms plan in place should a staff become infected
• …

19. 5. Supply Chain
• Identified a list of critical suppliers in response to COVID-19
• Maintained regular communications with suppliers
• Reviewed the business continuity plans of key suppliers to ensure continuity of service
• Prioritised suppliers for review based on operating location
• …

20. 6. Business Continuity Plans
• Have a validated information source which is monitored daily
• Ensured incident management teams are meeting regularly
• Activated Incident Management teams to manage the business disruption
• Considered how sustainable the business continuity response is
• Ensured all plans have been reviewed to reflect the current circumstances
• Reviewed the BIA to reflect changing priorities given prolonged impact of COVID-19
• Undertaken scenario analysis to identify range of potential outcomes/est. impacts
• Undertaken financial modelling to determine how the organization will be affected post-
COVID
• Conducted horizon scanning for other risks that may materialize during the pandemic
• …

21. ISO/IEC 22301
Training Courses
• ISO 22301 Introduction
1 Day Course
• ISO 22301 Foundation
2 Days Course
• ISO 22301 Lead Implementer
5 Days Course
• ISO 22301 Lead Auditor
5 Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-
22301
www.pecb.com/events

22. THANK YOU
?
rinske@businessasusual.com.au
wolfgang.mahr@continuuuity.ch
linkedin.com/in/businessasusual/
linkedin.com/in/continuuuity
www.businessasusual.com.au
www.continuuuity.com