Traditional Business Continuity and Pandemic Planning require management to follow a periodic process of planning, preparing, responding and recovering. According to the Occupational Safety and Health Administration (OSHA), “With 85% of the nation’s critical infrastructure in the hands of the private sector, the business continuity plan plays a vital role in ensuring national pandemic preparedness and response.”
There are, however, distinct differences between business continuity and pandemic planning. Business Continuity Planning and Disaster Recovery (BCP/DR), often referred to as Resiliency and Recovery respectively, considers the effects of various events like natural or man-made disasters, technical disruptions and cybersecurity breaches. These events may differ in their severity but are usually shorter in duration or limited in scope.
Pandemic Planning is defined by a unique set of obstacles given the impact is much more difficult to determine due to the difference in scale and unknown duration. As a result, the Pandemic Plan must be flexible enough to respond to an extreme range of possible effects that could result from a pandemic. Most importantly, Pandemic Planning and should reflect the institution’s size, complexity, and business activities.
Why You Should Care
No individual or organization is immune to the adverse effects that might ensue from a pandemic event. The global economy must prepare and adapt to the effects of a pandemic disaster which will be widespread and threaten not just a limited geographical region or area, but potentially every continent. Additionally, it’s essential to plan for multiple waves of outbreaks that could last two to three months and occur over a year or more.
Pandemics will test every department’s preparedness and response from Risk Management, HR, and C-Suite to Security, Maintenance and Janitorial. A lack Pandemic Planning and pre-preparation can trigger a cascade of failures such as insufficient resources, procedures and inadequate trainings for essential workers.
Pandemic Planning is an operational risk but includes strategic and reputational risks as well. Ensuring vendors have an adequate pandemic plan minimizes disruptions to operational delays and processes, loss of data, and maintains the trust and confidence of its customers.
What to Look For
Most likely, your organization already has a pandemic plan in place. But what about your vendors? Comprehensive pandemic risk management encompasses critical interdependence, meaning a failure at one of your vendors is a failure at your organization as well.
5 Main Factors to Consider When Reviewing Your Vendor’s Pandemic Plan:
1. Preventive Program
Reduces the probability that a vendor’s operations will be severely impacted by a pandemic event. A Preventive Program should include: monitoring of potential outbreaks, educating employees, communicating and coordinating with critical service providers and suppliers, as well as providing appropriate hygiene training and tools to employees.
2. Documented Strategy
Scales the vendor’s pandemic efforts so they are consistent with the effects of a particular stage of a pandemic outbreak. A Documented Strategy means defining parameters for action based on different assumptions, i.e., first case overseas, first case in United States, first case within the vendor itself. Make sure the strategy outlines additional plans for how that vendor will recover from a pandemic wave and proper preparations for any following wave(s).
3. Comprehensive Framework of Facilities, Systems, or Procedures
Provides the vendor the capability to continue its critical operations in the event that large numbers of the staff are unavailable for prolonged periods. Procedures include social distancing measures like remote work and redirecting customers to online services as well as actions by public health and government officials.
4. Testing Programs
Validate the vendor’s pandemic planning practices and capabilities are effective and will allow critical operations to continue.
5. Oversight Programs
Confirm the vendor implements continuous monitoring with ongoing review and updates to the pandemic plan so that policies, standards, and procedures include the most up-to-date, relevant information.
VendorInsight® Can Help!
Validating and reviewing a vendor’s Pandemic Preparedness and Response Plan requires a configurable and scalable solution, like VendorInsight®. Quickly react to an unexpected pandemic with automated tools and features that strengthen existing systems rather than developing new ones. VendorInsight® Features Include:
Pandemic Preparedness Assessment
The foundation for a Pandemic Plan is a risk assessment of the potential effects of a pandemic on the ability to maintain or expand operations. A Pandemic Preparedness Assessment should include questionnaires that report on vital components outside the vendor, such as resilience of supply chains for essential goods and services.
Evaluate your vendors in a fraction of the time with VendorInsight®’s Questionnaire Module! Questionnaires enable you to send out Pandemic Preparedness Assessments with integrated conditional logic to every vendor. Ensure your vendors are equipped to manage business interruptions, including high absenteeism or disruption of critical supplies.
Vendor Geographic Risk Concentration
In normal BCP/DR cases, malicious activity, technical disruptions and natural/man-made disasters typically will only affect a specific geographic area, facility, or system. In the case of a pandemic, there could be a wave(s) of impacts that may affect regions differently in terms of timing, severity and duration.
VendorInsight®’s Geographic Risk Concentration Feature maps your vendors’ location data, providing insight into an organization’s overreliance on a single third- or fourth-party vendor and/or geographic region. For example, you may want to determine how many of your vendors’ call centers will be most impacted by high absenteeism due to sickness or a natural disaster.
It may seem overblown to ensure your organization, and its third- and fourth-party vendors, has a comprehensive pandemic plan in place. Nevertheless, during and after a pandemic strikes, you’ll always think you didn’t plan enough.