After experiencing previous global health scares such Ebola, H1NI, SARS and MERS, pandemic response has become a standard emergency response procedure for most organizations. In 2011, when I was onboarding with a new company, we received detailed training on how to handle dead birds in the parking lot. This usually received a good laugh from the new employees; however, the company saw it as an important protocol, directly in response to the Avian Flu.
Emergency response plans typically include how to manage operations in infected areas, screening employees who show symptoms and how to continue operations when large portions of your working population may need to stay home. Generally, these plans are pointed inward, focusing on how the pandemic event will impact day-to-day life at the company locations. Where pandemic response plans tend to fall short is in the assessment of the broader operational impact, through the entirety of the organizational value chain.
In today’s global economy, the value chain is more connected than ever and with the current Coronavirus outbreak, supply lines are being tested like never before. China is a main supply line for industries around the globe and while widespread disruption of trade activity has not yet been felt, should the situation worsen, global industries will be impacted. In previous incidents, the focus was understanding if company travelers were impacted and if in-country operations may be affected by the virus outbreaks. In today’s world, there are so many interdependencies through the global supply chain that the broader operational disruption can be immense.
Deploy an ESRM Approach
So, how can the security function play a role in minimizing the impact of pandemic incidents? In general, the more you know about your operation, the more effective you can be in securing it. Deploying an Enterprise Security Risk Management (ESRM) approach to your security program can provide the data points, operational intelligence and situational awareness to help navigate through such an incident.
ESRM provides a mechanism to assess the organization’s needs broadly, from collecting information from the business’ functional stakeholders to understanding their key processes and the possible intersection points with security operations. In doing so, security professionals can review various risks and understand the level of impact they will have on various functional groups. Once identified, they can monitor these areas and provide intelligence to the functional stakeholders ahead of anticipated incidents or in response to emergency situations.
In the example of a pandemic outbreak, such as the Coronavirus, the security team can look at the key business functions that would be disrupted. The traditional functions would be employee travel, operations in impacted countries, screening processes at company facilities and possible shut down of operating sites. As previously discussed, an area that is less likely to be incorporated in traditional pandemic planning is the company supply chain. Security may be prompted to ask questions such as: where are the critical suppliers located? Have alternative suppliers been identified? Where are key customers located and what is their operational status? Are any trade routes or ports being directly impacted by the incident? What are the financial impacts of disruption to our customers should we be unable to deliver our product on time?
While these are not planning areas that the security organization would own, they are in the position to ask the questions, collect the data, proactively monitor critical locations, and provide valuable information to their organization. In taking on the role of an intelligence gathering and risk assessment entity, security can provide a proactive impact analysis to the organization in order to inform critical business decisions. If these mechanisms are established ahead of an incident, the security organization can provide accurate information as soon as it is needed and support the stabilization of the organization during what will inevitably be a stressful period.
While no security organization can prevent a pandemic incident from occurring, incorporating an ESRM structure to the security program can play a critical role in supporting an organization through the situation, minimizing the operational impact and providing immense value to the company.