BCP and Covid-19

Who remembers the 25th May 2018?

That was the date that GDPR became law, it was also the day that the vast majority of companies sent out emails saying "We have updated our privacy policy". GDPR was known about for at two years prior to the launch date so why did so many companies wait until the very last minute (and in some cases, several days after the last minute) to review their privacy polices and update them?

BCP (Business continuity Practice) is often discussed alongside DR (Disaster Recovery) and while the two certainly go hand in hand during a systems outage or disaster that takes out a datacentre/cloud provider etc, BCP is something
that needs to be considered on an at least monthly, if not weekly or even daily basis under certain circumstances.

The whole point of BCP is about how to keep the business running if something happens, note that I am using the term "something happens" and not "something unexpected" because BCP isn't there just for the unexpected but for the expected and what do I mean by that? well, GDPR is a great example.
GDPR was known about for two years and yet how many companies ignored it until the final few weeks? While I don't have official figures for this, I will bet that the majority did based on the email flood I had in the 24 hour period before GDPR went live.

A good company would allow their BCP team to pull together the people it needed to ensure that GDPR did not cause any disruption to the normal flow of work, that same BCP team should be keeping a watch for anything that could potentially harm or disrupt normal business.

This leads me to the current conerns around Covid-19, the coronavirus currently at risk of becoming a pandemic. Now, I'm not going to comment on anything medical here, there is some good advice on the NHS website and, if in doubt, do speak to your local health providers.
What I'm more interested in is how business will ensure continuity of service in the event of a Wuhan style lockdown or should the general advice be to self isolate where possible.

A good BCP needs to consider several things:

  1. Can staff work remotely?
  2. If staff can work remotely, is the capacity there on any remote access systems or do they need augmenting?
  3. Can additional facilities (e.g. AWS workspaces) be brought online in the cases where remote staff may not have corporate laptops?
  4. How do we cope if office support staff (cleaners, security, etc) are unable to come in?
  5. Do we need to slow down work plans and delay delivery schedules to accommodate sick team members?
  6. How will we handle local system issues where a staff member would be needed to attend site to replace a part?
  7. Do we have sufficient spare parts to handle a slowdown in the supply chain?

I know a few companies that are deeply concerned about a breakdown in the supply chain as many companies shun keeping spares on site seeing it as something of a sunk cost with no real pay off as the supply chain has not really let us down in the past. However, that's ignoring several things here. Firstly, the whole supply chain is based on a JIT (just in time) framework. Any disruption anywhere along that line and it can have a real impact and as the supply chain often involves transiting several countries there is a real risk of something like covid-19 or even a no deal brexit causing a significant disruption.

This is not to say that panic buying spare parts is the right solution, rather that a balanced approach should be taken over the course of time and stocks slowly increased. There is something of an irony that panic buying could disrupt the very supply chain that companies rely on long before covid-19 (or some other issue) really hits the supply chain.

If the worst does hit and Covid-19 turns into a pandemic, it becomes more important than ever to support staff if they are caught up in the middle of it.
I fear that too many companies will use guilt and intimidation to force sick people to work rather than letting them fully recover. I can also foresee cases of companies abandoning staff who might be on
overseas travel should major disruption hit. Don't do this, do support your staff and be understanding around deadlines, schedules, etc. The IT industry does a lot of talk around being agile and flexible and this is one of the times when it can really be shown to be agile, flexible and hopefully supportive.

The last thing I want to say is simply this - do take care of yourselves and family before any work commitments and I hope that Covid-19 ends up blowing itself out in a relatively short time frame.

Gary Williams

Gary Williams

IT Person | Veeam Vanguard | VMware vExpert | Windows admin | Docker fan | Spiceworks moderator | keeper of 3 cats | Avid Tea fan

Read More