“It is not the strongest of the species that survives,
nor the most intelligent that survives. It is the one
that is the most adaptable to change, that lives
within the means available and works co-
operatively against common threats.”
The Presidia team helps organizations protect their most valuable assets – their people, foremost, followed by their information, infrastructure and equipment, operational capability and reputation. The COVID-19 pandemic is a threat like no other in recent memory – one that has forced most organizations to reassess priorities and scale down operations significantly or, in the worst cases, to cease operations entirely.
As we enter our second month of “Stay at Home” – a drastic and necessary measure to curtail all but essential services that was taken to protect Canada’s most vulnerable citizens and to ensure our health care system is not overwhelmed by COVID 19 cases – it is understandable that people are getting antsy. Everyone is eager to get back to work, to a sense of normalcy and to “the way things were.” Alas, most Canadian thought leaders – scientific, economic, political, et al – are struggling hard to determine exactly what the “new normal” will be. And only time will tell. Organizations should be using this time advantageously to prepare for the eventual return to work.
Once we get reassurances from our health experts that we have successfully “planked the curve” and our health care services are no longer at serious risk, getting our economy re-booted and our workforce re-engaged will certainly be top priorities. It will not happen overnight and it will require careful management. The adage “plan early, plan often” has never been more apropos.
In order to ensure the continued safety and security of their most valuable assets, organizations will need to have a business resumption plan. The possibility of second and third waves of COVID-19 cases looms large, so we can expect that social distancing and careful hygienic practices will be mandatory requirements for quite some time to come. Organizations will have to adapt accordingly. The following checklist can help shape your plan and get your operations back up and running in a safe, secure and methodical manner:
- Conduct an After Action Review. While awaiting a return to “normal” operations, leaders should take some time to reflect on what went well and what didn’t go well with their organization’s response to the COVID-19 crisis. Conducting an After Action Review (AAR) of how they tackled the initial problem will identify strengths and weaknesses. (See https://presidiasecurity.com/the-crisis-is-overwhat-now/ for ideas on conducting effective AARs).
- Prioritize Key Activities. Identify the critical functions that keep your business working. Look at your supply chain and identify any potential vulnerabilities. Create a list of “must haves” and “nice to haves” to put things into perspective. Establish and maintain a planning team of key personnel to manage this effort and monitor its implementation.
- Clean and Sanitize. Ensure work areas are cleaned and sanitized before employees return, and have a plan to maintain a high standard of cleanliness and sanitization.
- Establish Strict Access Control Measures. Ensure you have an access control plan so that you can screen employees, contractors, delivery personnel and clients. Consider a provision for identifying those who may be symptomatic through observation and/or no-touch thermometers as part of your access control program to help mitigate potential outbreaks or infections.
- Develop Social Distancing Policy and Enforcement Mechanisms. Develop protocols that fit your business to adapt work functions to meet social distancing norms. Protocols may include:
- Rearranging workspaces to allow for proper social distancing.
- Procuring essential hygiene products like soap, disinfectant, masks and gloves as required to meet duty of care requirements under the Canada Labour Code
- Considering ways to improve client interface (we’ve all seen the plastic shields go up at grocery stores – is this something that can be accomplished for your business?)
- Creating a “battle rhythm” – establish a routine to facilitate effective communication, monitoring and decision-making by key leaders. This should be a very concise daily update to key management and a forum to address potential concerns before they become issues.
- Considering 24/7 staggered operations to minimize number of personnel on site at any given time.
- Defining the new normal – ensuring you are ready for when the inevitable second and subsequent waves hit. This may include ensuring your information technology capability is resilient and flexible enough to allow employees to continue to work from home (where possible) should quarantine or isolation be required.
Business resumption and recovery require meticulous and deliberate planning. Organizations should take the time now to develop business resumption plans that will take into account the post-COVID-19 operating environment. While we can’t see into the future, we can prepare for the inevitable return to work and the potential that we will have to endure second or third waves of COVID-19 cases that will undoubtedly affect future business operations. Planning early and often will help a business adapt and overcome when challenges arise.
Presidia Security Consulting Inc., a member of the ADGA Group of Companies, has extensive experience in planning and program management at the strategic, operational and tactical levels. Our seasoned team has expertise in security, emergency management, business continuity, threat and risk assessment and mitigation planning. We have conducted Table Top Exercises and After-Action/Lessons Learned Reviews for large, medium and small government departments and private businesses. We can help you develop and implement an effective business resumption plan. Should you require further information or assistance we can be reached at email@example.com.
The author, James Legere, is a Principal of Presidia Security Consulting Inc. He can be reached at firstname.lastname@example.org.