Pandemic | 5 Key Aspects for Planning the Unplannable, planning, BC, URM, blog, pandemic, coronavirus, covid, covid-19, planning blog, business continuity management system, disaster recovery blog, urm consulting, consultancy, 5 key

Pandemic – 5 Key Aspects for Planning the Unplannable

Recently, URM delivered a webinar on pandemic planning. This blog will look at the key questions which arose during the webinar.

Once we have considered and addressed any immediate staff welfare issues, our attention needs to turn to how we maximise the operational effectiveness of our business in these unprecedented times.

Stepping back, the majority of disruptions that put an organisation at risk and therefore often trigger Business Continuity (BC) incidents and subsequent BC plan invocations, are short, typically hours, days or maybe one or two weeks. They are also acute in terms of the impact of the incident and its escalation over time. For example, a ransomware attack or a terrorist attack.

For many organisations, business continuity management (BCM) and associated planning does not look at an incident that lasts for longer than one or two weeks. However, with the current coronavirus pandemic and the recent reoccurring floods across Britain, we have examples where organisations are being challenged not just to provide an effective crisis management response (whose main aim is usually to return to a business as usual operating level as quickly as possible), but also to provide the ability to maintain a level of continuity throughout lengthy impactful incidents.

So, how can an organisation adapt its approach to planning?

There are 5 key BCMS elements to consider:

Roles and responsibilities

Any unusual situation requires clear leadership and a pandemic is no exception – successful implementation of any plan relies on this.  In a pandemic situation, it is vital we bear in mind that the roles needed are not just those ‘in charge’ or directing/leading, but also the people who will need to organise the unusual, but crucial things that have to be done   i.e. arranging a deep clean of an office, speaking to other tenants, cancelling/rescheduling clients or staff travel plans, liaising with regulatory bodies for advice and guidance.  We also need to consider resource resilience, if people with key roles become infected, who takes over?

Requirements analysis

Assuming there will, at some point, be a disruption where a threshold is reached and a crisis level response triggered, we need to know in what situations or scenarios this might be and how soon after this disruption business processes need to be resumed.  We also need to consider what resources will be needed.   

To some extent, in the current situation, we can short-circuit both the risk assessment (RA) and business impact analysis (BIA) when looking at COVID-19 (or any disease that disables our human resources), because the risk has materialised and we are addressing how to keep activities/processes running or preventing them from stopping. That said, any existing work an organisation has carried out under an RA or BIA is likely to be important in identifying process criticality/impact and specific human resource sensitivities, or single points of failure.


From a pandemic perspective, we are interested in two things; how do we keep business processes running and how do we prevent more of our resource from being disabled? The latter is one which will require some clear advanced thinking with some prompts to consider when in the ‘thick of it’.


Once we’ve worked out our strategy or strategies (these may differ from one part of the organisation to another), we can document these as ‘plans’ or a ‘plan’. These plans can only support the decision making process as there are a wide range of developments, events, situations and impacts that COVID-19 can produce. The plans must provide the essential information that enables the leaders to make decisions which will most likely to lead to the best outcome.


In an unusual situation, such as now, roles may be taken on by those who don’t usually do them. Clear procedures, though almost certainly limited in number, are essential. Examples might include new client onboarding, quality improvement, change management, IT help desk manual or a software release manual. Documenting normal operating procedures or at least those that might need to be executed by others, makes a lot of sense.