Pandemic Planning as Part of Business Continuity Planning
Swine Flu Impacts Business Continuity Planning - Many enterprises are putting in place plans to ensure services continue to operate in the event of a swine flu pandemic.
There is concern worldwide of a possible 'Swine Flu' pandemic. The World Health Organisation (WHO) is suggesting that this is quite likely and business have been advised to develop plans to minimise the risk to our staff and business.
Enterprises should put in place a business continuity planning team which will be able to react if any enterprise operations are disrupted. The enterprise, via this team, should establish processes and a plan to ensure that the enterprise will continue to operate as smoothly as possible in any eventuality.
Disaster Recovery Business Continuity Pandemic PLanning
In Business Continuity and Disaster Recovery Planning when a pandemic occurs the processing centers many exist, however staffing may not be available.
The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience as similar as possible so that the work environment is the same in the remote site (often home) as in the office. A key requirement is to increase remote access capabilities and to:
- Define necessary staff levels for critical business processes
- Identify who can work remotely and who has to be in the office
- Validation of vaccinations for key staff members
- Identify the lights out processing issues for computer operations staff
- Identify the network and remote access capacity requirements - what percent of workers do you need to be on the system for the enterprise to continue to operate
- Train and test of users and IT staffs in how to operate from remote locations
Require key employees to work from remote site at least once a month
- Validate broadband capacity to remote sites (home users)
- Have copies of disaster plan available in remote site
- Put in place process for the synchronization of OS system patches and VPN updates - if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
- Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
- Define change management and version control processes to be used and how they will be controlled during the pandemic.
The question of what to do with unused IT equipment is a rapidly growing security problem for many companies hit by the recession and the accompanying layoffs. Countless desktops, laptops, servers and hand-held devices are lying around -- often with sensitive data on them -- gathering dust in cubicles, in stockrooms or on vacant desks. At the same time, software licenses, notoriously easy to lose track of, are also piling up. Many IT functions are under funded as enterprises drive for improved productivity and expense reductions. Decisions are made on in a spirit of making do. For example, Since no one is using the abandoned offices and equipment there is no risk...
When an organization is in survival mode, resources are being husbanded and everyone's working flat out, it takes a strength and leadership to say "no, not good enough" to something that is apparently working well. It is also difficult to justify more spending with no direct effect on revenues, and to demonstrate that something that seems optional is in fact required.
Responsibility for security and disaster recovery planning cannot be abdicated. It is hard enough for an organization to recover from a serious security breach at the best of times. These are not the best of times. Argued from the context of minimizing risk, the value of doing it right is clear. Make sure you're equipped to win that argument.