Not If But When: Is Your Company Ready for the Next Global Pandemic?

Not If But When: Is Your Company Ready for the Next Global Pandemic?

Many experts believe that the chance of an influenza pandemic or similar outbreak sweeping across the globe is high and growing higher every year.

In today’s post, we’ll set forth some of the things your organization should be doing to prepare for this grave eventuality, starting with a pandemic plan.

Related on MHA Consulting: America’s Red Zones: Where Natural Disasters Cluster and What It Means for You


A few days ago Bill Gates posted his annual “What I learned at work this year” address for 2018, and he devoted a good portion of the address to talk about the dangers of a pandemic.

After noting the reality of such dangers as terrorism and climate change, Gates writes, “But if anything is going to kill tens of millions of people in a short time, it will probably be a global epidemic.” He adds that an epidemic similar to the Spanish flu outbreak of 1918 could kill 30 million people worldwide in six months.

Anticipating Gates, a 2017 article in CNN set forth the “Seven reasons we’re at more risk than ever of a global pandemic.” The reasons include population growth and increased urbanization, climate change, and the rise in international travel.


For organizations, pandemics are anticipated to have a unique impact profile. They will remove from the able-bodied staff at the organization:

  • A large number of people
  • With no advance warning
  • For an indefinite period of time

This is very different from the impact of vacation absences, which are planned and have known end dates. It is also different from illnesses and injuries that affect only a few people.

At many companies we work with, critical business processes often come to a halt when one key person is away. Imagine what the impact would be at your organization if half the people at every department were out indefinitely.

The risks and danger of a pandemic are real, so it’s incumbent on business continuity programs and organizations to think about it and prepare for it.


Here are some steps and considerations that can help your organization be better prepared for a pandemic:

  1. Make a plan. Write a recovery plan specifically addressing the steps people at the organization should take in the event of a pandemic. Your Pandemic Plan should be separate from or at least be a separate section in, your overall crisis management plan.
  2. Answer one key question. Your Pandemic Plan should answer the question, If every department has fewer than 50 percent of its people reporting for work, what are you going to do?
  3. Think about your business processes. You should prioritize your business processes, figuring out ahead of time which you are going to do and which you are going to put off in the event you only have 50 percent of your people. You should also review every process, identifying what is required to perform it. And within each process, you should determine the priority of which functions, customers, or products and services will be supported.
  4. Set your tripwire. Identify when the organization will activate the pandemic plan. This could be tied to World Health Organization levels or certain milestones such as when 25 percent of the staff is absent.
  5. Analyze your community. Different communities respond to disasters in different ways. Try to come to an understanding of how the community where your facility is located is likely to respond. What will people’s reaction be? Is the social structure likely to break down or be resilient?

    Look at past history (hurricanes, earthquakes, power outages, etc.) for clues. Your Pandemic Plan should be tailored to your facility’s social environment.

  6. Figure out how you will communicate. Your plan should ensure appropriate levels, methods, and frequency of proactive communication to employees and families. Communication channels might include social media, email, status lines, SMS, and intranet pages.
  7. Don’t forget your customers. Determine how you will keep the lines of communication open to your customers and continue to support them.
  8. Remember your suppliers. You also need to have a way to be in touch with your suppliers and other third parties to communicate about their status and your needs.
  9. Examine your critical vendors’ readiness.
  10. How are your key vendors set in terms of readiness for a pandemic? You should assess and document this and plan accordingly.
  11. Test your remote access capability. Make sure your network remote access technologies can support a large number of remote users for an extended period of time. Many cannot. This is different from the standard work from home.
  12. Analyze your work from home capability. Determine how long your staff could maintain critical operations while working from home. Extend this capability, if necessary. Don’t forget voice capability.
  13. Think about your data centers. Identify the areas where data centers or other processing needs require hands-on access. While most IT processing is supported “lights out,” it is likely that some important functions require a degree of hands-on intervention, even if it is just to power cycle or check cabling. Find ways to provide the necessary level of hands-on attention.
  14. Work out your social distancing controls. Keeping people separated from each other can slow the spread of disease. Should you close your office to cut down on sickness? Identify criteria that can be used to address this issue and other such social-distancing controls.
  15. Sort out your HR policies. A pandemic with its multiple extended absences can stretch the limits of HR policies. You might consider reviewing and updating yours, especially regarding such issues as additional workload and overtime.
  16. Train your staff. After you work out your Pandemic Plan, make sure you train the staff on it. They need to know that it exists, why, and what it will involve.
  17. Practice. Once the plan is devised, you should conduct exercises on it, at both the corporate level and the departmental level. You should also test your remote capability. Also, consider having the secondary people perform the tasks for a day while the primary people monitor them (especially if the plan is to use staff who are in a different departments or who do not perform the task regularly).

Two final points:

  • You’ve probably already covered much of the above in your regular business continuity planning. You should definitely leverage those existing materials.
  • Don’t assume that your regular BC plan will cover everything you need to be ready for a pandemic. Pandemics bring unique challenges.


According to many experts, the risk of a pandemic in our shrinking, warming, and increasingly crowded world is significant and growing larger. By following through on the steps and considerations outlined above, you can increase the chances that your organization will be able to carry on its essential operations even in the face of widespread, long-term absences.


For more information on this and other hot topics in business continuity and disaster recovery, check out these recent posts on MHA Consulting and BCMMETRICS:

Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog