Swine Flu Prompts Aussie CIOs to Revisit Business Continuity Plans

Australian health authorities may have given the all clear for two local suspected cases of the swine flu virus -- which has killed more than 80 people in Mexico and infected 20 in the United States -- but concern over the spread of the potentially fatal disease has local CIOs revisiting their business continuity plans (BCP).

A new app may have launched on Google to track the spread of the deadly virus, but should red dots start showing in your area, it may already be too late.

Allan Davies CIO at logistics and material handling solutions company Dematic, says given his company’s offices throughout Asia, Dematic’s business continuity plan was specifically designed to deal with the threat of a pandemic.

Dematic’s business continuity plan, in place for the last 10 years, includes actions from individual medical checks through to carrying out operations under individual movement restrictions implemented by the authorities.

“We do have a number of projects operating overseas with staff there so we would have to have them checked and looked after,” he says. “We would restrict movement of staff in that region to that region until we got an all clear.”

To ensure that staff and executives can maintain voice and data communications, Dematic has a Nortel Business Communications Manager (BCM) system, which in normal times it uses to communicate between its offices and customer sites.

“We work on customer sites, rather than in our offices overseas, so we put in an ADSL circuit into that customer site then connect a Nortel BCM unit to the other end and that allows us to keep in touch with our staff.”

Rob Livingstone, CIO at Ricoh Australia says that given Ricoh’s highly distributed business, developing the ability to run a headquarters out of any one of a number of its branch offices in the event of a disaster of pandemic has been a priority.

“The IT strategy has been over the last few years to move to a secure, pervasive platform, so as long as you can get to the Internet you can do your work,” he says.

“Pervasive access to systems and the ability for IT staff to work remotely would be the two key areas. If you can’t have your key IT staff physically access the infrastructure in a secure manner -- ie. they can’t get to work -- then it is going to be fairly difficult to get things to run.”

Page Break

At the CXO level, Livingstone says Ricoh has structured its main tools and systems so they can be accessed and delivered through the Web, so it’s less of a concern if the CEO is quarantined at home or is restricted from travelling within or between countries.

“The operational aspect of warehousing staff is more of a concern, the people who have to move physical goods," Livingstone says. "Decision making can occur in a virtual environment so there is less of an issue about having restricted movement of executives.”

Livingstone says a major spur to developing Ricoh’s BCP was the creation of the information security management system (ISMS) standard, ISO 27001. The outbreak of SARS was also a driver to the creation of a pandemic-based BCP.

“It revolves around quarantining staff, restricting movements and the early detection of symptoms and signs and being proactive with the management of the appropriate person or people,” he says.

“We now have the model in place with ICMS ISO 27001 certification as well as the SARS policy and processes, so we would just look at revising those for any new pandemic [such as swine flu].”

According to Gartner, CIOs need to have a good look at the state of their IT business continuity plans, because in a crisis CEOs will rely on IT to keep the business running — not to mention compensate for a very high rate of absenteeism.

“The recent outbreaks of Swine flu are highlighting the need for organisations to have pandemic plans that address workforce absenteeism rates of 40 percent or higher, and stress the central role of IT to remain in operation during pandemics,” Rick DeLotto, principal research analyst at Gartner.

Nick Jones, another analyst at Gartner says remote working, looking for creative uses of mobile devices, and teleworking should all be considerations. Writing in a recent blog post he says wireless broadband can enable remote working from a wide range of locations very quickly without waiting for a local telco to install DSL.

“Also take a look at the HSPA adapters with built-in WiFi as a quick way to set up a remote office. It’s probably worth buying some laptop HSPA adapters as part of your contingency plan. It’s also probably a good idea to spread your purchases across several networks, because if there is pandemic or epidemic some may become overloaded. And don’t forget satellite data is an option (if an expensive one) for people outside wireless broadband coverage.”

He also says CIOs should try to identify ways in which you can use mobile devices in new ways. This could include dropping a copy of disaster/contingency plans onto every smartphone so that every senior employee has it in their pocket to refer to.

“Try to identify ways in which you could develop alternative business processes that used mobiles instead of PCs or desktops,” he says. “Could you perhaps use video phone calls as a low-grade video conferencing substitute to avoid staff travelling to expensive VTC suites?”

Page Break

James Turner, analyst at IBRS, says that IT managers and CIOs should avoid the mistake of suddenly opening all the locks “just because there could be an epidemic”. Concerns about the security of an organisations operations should be foremost in mind.

“The main risk is for those who are caught by surprise by any epidemic and suddenly decide to leap into untried technologies and processes just to work around the situation,” he says. “That’s how we end up with sensitive information being thrown around and potentially being forgotten -- until it comes back to haunt people.”

Chances are, swine flu will be just a small note in history, says Dematic’s Davies, but he stresses that concern over the spread also gives CIO an opportunity to show their value to the business.

“It’s really not IT’s role to run a BCP, but it tends to fall to us as we have been so mature in having a DR plan in place,” Davies says. “However, it’s definitely a way for IT to show some leadership and a good way to get involved in all the areas of the business.”

SIDEBAR: Gartner’s tips for organisations during a pandemic:

• Go to www.pandemicflu.gov to find out the actions the US government recommends to ensure workforce safety and continuous business operations.



• Download and examine the FFIEC’s Pandemic Flu Exercise of 2007 After Action Report immediately, and disseminate their findings across your organisation.



• Monitor Australian government updates here



• Emphasise the urgency of performing personal hygiene disciplines that will inhibit the spread of the virus.



• Identify existing and projected critical skills shortages; and initiate staff cross-training, testing and certification. Make sure that cross-trained personnel are also given the appropriate access rights in your applications. This is the longest lead-time and most disruptive of the improvements.



• Determine which business operations are sustainable, at what level, and likely durations of downtime for normal business operations with staff absentee rates of 40 percent. Test for various combinations of leaders and skilled staff.



• Testing should start immediately to isolate and remediate problem areas. Testing should be rigorous, inventive, ongoing and documented.