Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Contact Us

The current global outbreak of the respiratory disease Coronavirus, named COVID-19 by the World Health Organization (WHO) on 11th February 2020, provides a reminder to organisational executives and boards that risk management and business continuity plans should include appropriate levels of pandemic preparedness, depending on the nature of their business and their risk appetite.

WHO is responsible for providing leadership on global health matters and its latest Situational Report, indicates that since the first reporting of COVID-19 in Wuhan, China on 30th December 2019, the virus has now been detected in 32 locations, including Australia. Currently, there is no vaccine available to prevent transmission of COVID-19, however researchers are using a variety of approaches in their urgency to develop a vaccine to contain the virus.

On 30th January 2020, WHO declared the outbreak a ‘Public Health Emergency of International Concern’ (PHEIC) and considered the global health threat posed by COVID-19 to be high.

Although the immediate health risk from COVID-19 for the general public who are unlikely to be exposed to the virus is considered low, ‘Black Swan’ events are unpredictable, rare events often with widespread severe impact.  COVID-19 is an emerging disease, and there is more to learn about its transmissibility and severity.  Authorities advise that as a respiratory disease, COVID-19 is spread by droplets, but it may also be spread by touching a surface that has the virus on it. More information is available via the link to the US based, Centre for Diseases Control and Prevention website and the Australian Government’s Department of Health website. Regular updates on the status of COVID-19 are provided by WHO.

Although public health officials take the lead in limiting the effects of infectious diseases, organisations manage their risks by having appropriate Risk Management and Business Continuity Plans in place.

Pandemic preparedness planning

A comprehensive approach to pandemic risk management is required between governments, business and society at national, state and local levels. WHO advises the disaster management continuum of mitigation, prevention, preparedness, response, and recovery represent nine key essential areas: health, defence, law and order, finance, transport, telecommunications, energy, food and water.

Organisations should incorporate pandemic preparedness into existing crisis and continuity management systems. As essential services in Australia are provided by both public agencies and private companies, it is essential that all service providers undertake pandemic risk management activities, with clearly articulated formal communication strategies.

Leadership should include strong engagement with all stakeholders and sectors, with sound coordination and control mechanisms in place between public health authorities and non-health sectors. Clearly defined emergency management roles, responsibilities and mechanisms should also be in place, paying particular attention to the sustainability of response capacity and decision-making roles.

The continuity of activities by businesses involved in medical supplies and services, e.g. manufacturers, distributors and providers are critical to pandemic risk management. As all organisations have an obligation to protect their employees during a health emergency, a communication plan is essential. Provision of personal protective equipment and training may also be required.  Monitoring absenteeism is important in ensuring the accuracy of a pandemic risk assessment.

Public and private providers of essential services are interdependent and rely on the goods and services of other sectors to sustain their operations. Therefore, pandemic plans should consider potential failures generated by interdependencies and by each essential service provider.

It is vital to have clarity regarding:

  • critical goods and services necessary for the organisation to provide essential service/s;
  • key interdependencies for each critical good or service;
  • the impact of the loss or reduction of any of the critical goods or services to the customers/beneficiaries;
  • critical employee groups;
  • the impact of the loss or reduced availability of critical employee groups; and
  • likely points of failure.

Healthcare institutions depend on goods and services provided by other organisations, such as:

  • transport for the movement of supplies, personnel and patients;
  • telecommunications to support patient care, provide tele-triage and maintain business processing;
  • energy to power critical systems;
  • water for health care facilities, pharmaceutical operations and sanitation services;
  • pharmaceuticals, including consumables, for treatment of patients; and
  • finance to ensure the supply chain.

Business Continuity Planning

Business Continuity Plans (BCPs) are at the heart of preparing all levels and groups of society for an emergency. Pandemic risk management should be an integral part of any establishment’s business continuity management. Business Continuity Plans should be based on a risk assessment of the potential effects of a pandemic on the ability to maintain or expand operations. The risk assessment should include consideration of vital components outside the specific organisation, such as the resilience of supply chains for essential goods and services. BCPs should address managing the business with delays or interruptions, including significant absences of staff or disruption of supplies, with corresponding action plans.

Business Continuity Plans should be based on explicit assumptions that characterise the parameters of a pandemic, and potential impacts. They should include:

  • identification of critical functions that need to be sustained;
  • identification of the personnel, supplies and equipment vital to maintaining critical functions;
  • dealing with staff absenteeism to minimise its impact on critical functions; and
  • clear command structures, delegations of authority and orders of succession.

Conclusion

The World Health Organisation has not yet declared COVID-19 a pandemic, as it doesn’t satisfy all criteria, i.e. although it is a new disease without immunity, its global spread has not exceeded expectations.  A pandemic requires a second wave of infection to spread from person to person throughout the community, which has not yet occurred in the USA, UK or Australia.

However, on 26th February 2020 the Australian Government activated the Australian Health Sector Emergency Response Plan for Novel Coronavirus (the COVID- 19 Plan), which is designed to guide the Australian health sector response. The COVID-19 Plan is a live document which will be updated by authorities as and when required.

Agilient urges all organisations to proactively review their risk management strategies and pandemic plans to ensure that they are optimally prepared should the health risk from COVID-19 escalate. This may be a daunting task, however Agilient’s expert consultants are available to assist executives, boards and/or risk managers by taking the time to methodically review and understand your business, and prioritise your needs to mitigate identified risks.

Contact us today to discuss ways we can assist you in ensuring your organisation is appropriately pandemic prepared.

Author: Phillipa Lee, Agilient Consultant.

 

Tweet
Share