Ready or Not, Here It Comes: 5 Steps to Protecting Your Company Against Coronavirus

Ready or Not, Here It Comes: 5 Steps to Protecting Your Company Against Coronavirus

Officials at the Centers for Disease Control have warned that the coronavirus outbreak may cause severe disruptions to everyday life. In today’s post, we’ll look at five steps your organization can take to protect itself from the impact of this deadly, fast-spreading disease.

Related on MHA Consulting: Not If But When: Is Your Company Ready for the Next Global Pandemic?


A recent article in USA Today had this to say about the current status of the coronavirus outbreak in the United States:

“Disruption to everyday life may be severe,” Nancy Messonnier, director of the Centers for Disease Control and Prevention’s National Center for Immunization and Respiratory Diseases, warned at a news conference Tuesday [Feb. 25, 2020]. “Schools could be closed, mass public gatherings suspended and businesses forced to have employees work remotely,” she said.

That last sentence should get the attention of every organization.


I have an acquaintance who, in the early stages of the outbreak, was quarantined along with his family for 14 days on a military base in Nebraska after they returned from a visit to China.   

If and when such quarantines become more common, organizations will surely feel the strain.

As regular readers of this blog know, I’ve written previously about the need to be ready for pandemics. See this post for an example.

We also discuss pandemic planning with all of our clients in our engagements as business continuity consultants.

The spread of coronavirus in the U.S. might end up being anywhere and everywhere. Many large organizations trust to their dispersed physical presence for protection; however, this might not be enough if the disease takes root in many places.

Many states in the U.S. have known infections. Even without infections, mandatory or self-quarantines could occur.


In light of the situation with coronavirus, I thought it might be useful to set down five steps organizations can take now to cushion themselves against the impact of this outbreak. I’ll also bullet out some other steps you can and should take, once the main five are under control.

A few notes before we get going:

  • You should definitely leverage your existing business continuity materials, if possible.
  • Don’t assume that your regular BC plan will cover everything you need to be ready for a pandemic. Pandemics bring unique challenges.
  • There’s no need for you to drop everything to get this done, but it is moderately urgent. You should aim to get ready within the next several weeks.
  • Steps 1 and 2 are the most important.


Step 1: Identify your human “single points of failure” and provide redundancy for them.

At every organization, there are one or more employees who are the only people who possess certain knowledge or skills critical to the organization’s ability to carry out its mission.

If those folks get sick, the organization is in trouble, to put it bluntly.

We’re concerned about those colleagues as individuals, but it would also be nice if the company had a fighting chance of carrying on successfully without them.

To make sure your organization could get by without them if it had to, you need to identify such people, identify the critical tasks they alone know how to perform, prioritize those tasks, and make sure you can compensate for their absence. This might involve preparing documentation, training backup staff, or both.

You might also consider having these “human SPFs” work from home even when the rest of the staff is coming in to the office.

Step 2: Identify your biggest supply chain vulnerabilities and create redundancy in those areas.

Look at your critical vendors list, determine which are the most critical and most vulnerable, and build up your resiliency in those areas. This might mean finding backup suppliers, building up your inventory, or both.

Don’t assume that just because a supplier is large, they are invulnerable. Often when you follow the chain to the source, you find that even that biggest corporations are completely dependent on a single factory in China for a key component.

Examine your critical vendors’ readiness. How are your key vendors set in terms of readiness for a pandemic? Assess and document this and plan accordingly.

Step 3: Make sure your remote work capability is truly functional.

Many companies have a work-from-home plan. Few such plans are sufficiently comprehensive and road-tested to handle the unique demands of a pandemic. Make sure yours is good enough to do what is required.

This means making sure that everyone is taking their work devices home, has the needed software, and knows how to get on to the network. In some cases, it might mean making sure people’s home computers are adequate and can gain access. Policies might need to be tweaked, both in terms of network access and human resources. 

Make sure your network remote access technologies can support a large number of remote users for an extended period of time. Many cannot. This is different from the standard work from home.

Determine how long your staff could maintain critical operations while working from home. Extend this capability, if necessary. Don’t forget voice capability.

Step 4: Work out your social distancing controls and determine your tripwires.

Keeping people separated from one another can slow the spread of disease. Should you close your office to cut down on sickness? Identify criteria that can be used to address this issue and other such social-distancing controls.

Set your tripwire. Identify when the organization will activate the pandemic plan. This could be tied to World Health Organization levels or certain milestones such as when 25 percent of the staff is absent.

Step 5: Write a checklist-based recovery plan setting out the steps people should take in the event of a pandemic.

Write a recovery plan specifically addressing the steps people at the organization should take in the event of a pandemic. Your pandemic plan should be separate from, or at least be a separate section in, your overall crisis management plan.

The plan should be checklist-based and exclude material on policy, justifications, and so on.

For tips on creating checklist-based recovery plans, see this post from MHA Consulting CEO Michael Herrera at the BCMMETRICS website.

The unique nature of each organization, outbreak, and locality make it difficult to give detailed recommendations.

For more guidance, contact the Centers for Disease Control or your county’s disease control program.


The following are some additional steps you should take to protect against the coronavirus once you have the main five areas under control:

  • Make sure your pandemic plan says more than simply “use staff in other locations.” That’s not good enough.
  • Determine the priority of processes for each department based on the time, day, week, and/or month.
  • Work out what you are going to do if every department has fewer than 50 percent of its people reporting for work. Put this information in your recovery plan.
  • Determine which business processes you are going to do and which you are going to put off in the event you only have 50 percent of your people.
  • Review every business process, identifying what is required to perform it. Within each process, determine which functions, customers, or products and services will be supported.
  • Assess how the community where your facility is located is likely to respond. Is the social structure likely to break down or be resilient? Look at past history (hurricanes, earthquakes, power outages, etc.) for clues. Your pandemic plan should be tailored to your facility’s social environment.
  • Figure out how you will communicate with your stakeholders. Your plan should ensure appropriate levels, methods, and frequency of proactive communication to employees and families. Communication channels might include social media, email, status lines, SMS, and intranet pages.
  • Determine ways you can keep in touch with your suppliers and other third parties to communicate about their status and your needs.
  • Determine how you will keep the lines of communication open to your customers and continue to support them.
  • Identify the areas where data centers or other processing needs require hands-on access. While most IT processing is supported “lights out,” it is likely that some important functions require a degree of hands-on intervention. Find ways to provide the necessary level of hands-on attention.
  • A pandemic with its multiple extended absences can stretch the limits of HR policies. You might consider reviewing and updating these, especially regarding such issues as additional workload and overtime.
  • Train the staff on your pandemic plan and conduct tests of your remote work capability. Consider having the secondary people perform tasks for a day while the primary people monitor them.


It’s strange to think that the transmission of a single case of a virus from an animal to a person faraway in Wuhan, China could in a few short weeks rock businesses in the U.S., but that seems to be the situation.

There’s little that most organizations can do to affect the overall course of the disease, but by taking the steps outlined above you can contain the impact of the outbreak on your organization’s ability to complete its mission.


For more information on the coronavirus, pandemic planning, and other hot topics in business continuity and IT/disaster recovery, check out the following recent posts from MHA Consulting and BCMMETRICS:

Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog