Tuesday, September 22, 2009

BCP

1. Continuity Planning

Business continuity planning for pandemic influenza is critical, particularly in the IT department, as your organisation will be relying on IT like never before. So identify a pandemic coordinator and/or team with defined roles and responsibilities for preparation and response planning immediately. The planning process should include input from all relevant stakeholders in your business including sub-contractors, outsourced services and the logistic providers needed to maintain business operations by location and function.

2. Business Impact

Talk to your suppliers about their swine flu plans and identify alternate suppliers. Train and prepare an ancillary workforce if necessary, for example, using retirees who have left the company. Develop and plan for scenarios likely to result in an increase or decrease in demand for your products and/or services during a pandemic. Determine potential impact on service delivery by using multiple possible scenarios that affect different services, products or production sites. Ask what would your department look like with a 20% or 40% cut in personnel and supplies?



3. Sustainable Plan

The critical question to ask is: When the pandemic strikes how long can you sustain service delivery? Any plan must include identification of key contacts (with backups), chain of communications (including suppliers and customers), and processes for tracking and communicating business and employee status. Implement an exercise to test your plan, and revise periodically. For a training drill select 40% of your staff at random and see how your department would function without them.



4. Preventative Measures

Implement guidelines to reduce the conduct of face-to-face contact for example, no hand-shaking among employees and between employees and customers. Critically, for IT and support staff there is the issue of hygiene around work stations (contact with mice, keyboards and shared resources like printers – invest heavily in antiseptic wipes and introduce a culture of your staff regularly washing their hands.



5. Attention to Detail
Critical to all this is the actual IT itself, or more importantly, the operation and support of IT by people. You need to ask, how hands on is your operation? For example, do backup tapes need to be changed manually every day and what will happen if they are not replaced? It is these types of details that need to be mitigated against with planning and preparation.

6. Impact Assessment
The key is to understand the impact on your department and have a strategy in place to suit the business needs. It is often underestimated how much human intervention is needed to keep IT services running, particularly those housekeeping tasks. It might be necessary in extreme circumstances to make fundamental changes to the operating model and make it less ‘hands on’ for a defined period of time whilst the risk of staff absenteeism is high. Some tasks may be able to be done by non-IT staff. However, it is not acceptable to grant non-IT staff systems administration authority, so it is critical to identify vulnerable skill sets that are held by key IT staff.

7. Failure Points
Consider the impact of an IT component failure, such as server, storage or network and the fact there may be no engineers available to resolve the problem. Are there single points of failure in your core infrastructure and implement greater resilience where necessary.

8. Eight Point Plan for remote working during a Flu Pandemic

1) Identify the employees can easily work remotely and enable them with the appropriate resources.

2) Develop a policy so that both sides understand the terms under which remote working is allowed and how much employees will be reimbursed for heat/light/phone costs etc.

3) Undertake a Health and Safety risk assessment for minimum working standards that employees must comply with when working remotely.

4) Provide the necessary IT and telecoms tools including call re-routing and wireless/ 3G data connection and secure access to your corporate network.

5) Enable access to corporate applications and data via a VPN or secure web-based email systems (make certain your company directory is up-to-date).

6) Ensure remote workers do not get isolated by facilitating tele/web conferencing and/or instant messaging.

7) Manage remote workers by regular line management communication. (Remember voice recording of re-routed calls and key stroke monitoring can keep the lazy on the straight and narrow.)

8) Trust your staff and don’t expect them to be working the same way they do in the office.

However, what issues might arise when remote access is oversubscribed? In many organisations it’s the ‘road warriors’ who have been the main users of remote access capability so you will need to plan for the most productive use of resources to prevent a free for all as staff compete for connectivity. The options are simple, increase capacity (expensive in a recession) or clearly outline who has access when and for how long.

-from Computerweekly.com