Over the past two months alone, the nation has witnessed an array of threats that could undermine businesses caught off-guard.
Four convicts, all radical Islamists, were caught planning to blow up two Bronx synagogues and shoot military planes out of the sky. Another American-born Islamic extremist was charged in a bloody rampage outside an Arkansas military recruiting station. A white supremacist unleashed an attack on the Holocaust Memorial Museum, killing a guard. And, the World Health Organization declared an N1H1 Pandemic.
These events are just the latest examples of why companies need a robust program to handle all hazards — from a single violent terrorist act to a pandemic. A Business Continuity Program, as we call it in the lexicon of homeland security, is no longer a “nice to have” option. It is a “must have” reality.
In April, the WHO announced the emergence of a new contagious and spreading influenza virus that had not previously been circulated in humans — the N1H1 strain of a virus known commonly as the “swine flu.” On June 11, 2009, the WHO raised the level of the influenza alert from phase 5 to phase 6. Phase 6, the pandemic phase, is characterized by community level outbreaks in at least one other country in a different WHO region in addition to the human to human spread of the virus into at least two countries in any one WHO region. Designation of Phase 6 status indicates that a global pandemic is under way.
At this time, nearly 30,000 cases of swine flu have been reported in 74 countries. There have been 17,000 reported cases in the United States. The Center for Disease Control is urging businesses to re-examine and modify their continuity programs to adequately prepare for the impending pandemic. The CDC is also recommending that companies keep regular contact with local and state representatives, establish procedures to keep sick employees away from well employees and re-assess supply-chain security and resiliency.
A pandemic presents unique circumstances. That means certain fundamental precepts of business continuity planning do not apply.
For instance, business continuity planning generally assumes that an entity will be back to business as usual in 30 days or less. Practically speaking a major disruption lasting more than a few days would cause significant harm to most companies — reputation damage, lost sales, consequential damages, drop in stock price, lawsuits, etc. A pandemic is not a discrete event; it can last as long as 18 months. The CDC estimates that companies should assume a 40% absenteeism rate during this time. This will create a cascading effect within the public and private sectors. The number one question: who will carryout mission critical functions? Remedies will not be immediately available and anti-virals such as TAMIFLU will be in limited supply. A pandemic would likely affect all aspects of our society. Plans need to be put in place to prevent mass panic in such situations.
Traditionally, after an “event,” the focus shifts from the “affected” site to the “unaffected” site to ensure that business resumes as quickly as possible. However, in the context of a pandemic, a company may not have an “unaffected site.” A pandemic plan must include provisions for social distancing and robust teleworking strategies — you do not want to send your officers and key employees to an alternate site because one or more may have been exposed to the virus but not yet symptomatic.
A company should institute a plan to prepare its workforce for a seamless transition once a pandemic hits. Administrative controls should be instituted that educate and train employees and create a hierarchy of essential positions to ensure those positions are consistently filled. Basic environmental controls should be implemented such as encouraging the use of hand sanitizers and personal protective equipment. Finally, companies should be informed and supply vaccinations to their employees as they become available. These measures are just a few examples of the many things that should be included in an effective plan.
Modifying or developing a business continuity program for an upcoming pandemic will make organizations and companies more resilient in the event of any emergency situation. A company that is well prepared will suffer minimal impact and quickly recover from an emergency situation. Those companies who are poorly prepared face the potential for long term damage to strategic interests, customer relations, brand reputation, and employee commitment.
For most people, not a day goes by without saying or hearing someone say while on a cell phone: “Can you hear me now, can you hear me, how about now?”
In just the past two months, the United States was tested by threats to the safety and health of its population and the next H1N1 wave is expected to hit us in September.
The public and private sectors must use the rest of the summer to ensure that they are fully prepared to deal with the H1N1 pandemic while at the same time continue to prepare for and guard against all hazards. Unlike using a cell phone where you can move into another zone or call back to get better reception, there is no safe zone in which you can go to ensure that you are not affected by a pandemic.
Can you hear me now?
Scott Louis Weber is a partner at the law firm Patton Boggs LLP and is the former Senior Counselor to the Secretary of the U.S. Department of Homeland Security.