Fears of an outbreak prompt continuity planning by some; others see no needAPRIL 17, 2006
(COMPUTERWORLD) - The answer to the question of whether corporate IT departments would be ready to respond if an avian flu pandemic hit the U.S. is: Maybe.
Based on interviews last week with 13 CIOs, business continuity directors and IT management consultants, U.S. companies continue to hold widely divergent views on the risk that a flu outbreak could force school closings or broad quarantines in hard-hit areas.
Some IT leaders, mainly at large companies, said they are preparing for the worst in an effort to avoid being left short-staffed or unable to support vastly increased numbers of telecommuters on their networks if a pandemic strikes.
For example, Beneficial Financial Group in Salt Lake City "is seriously looking into the pandemic issue," said CIO Steve Terry. "Since we are a life insurance company, [being prepared] makes sense for us. We have to have the capability to continue doing business if there is a pandemic."
In contrast, several other CIOs said the possibility of a major flu outbreak isn't that big of concern for them, despite warnings dating back to early last year from the federal government, international groups and consulting firms such as Gartner Inc.
"I don't view [pandemic preparations] as that important," said Amy Fowler, president of the Colorado chapter of the Society for Information Management and an IT management consultant to large companies. "What are the odds of [a long quarantine] happening? We have bigger issues in IT than that one."
Dave Berg, CIO at O.C. Tanner Co., a provider of employee-recognition products and services in Salt Lake City, also hasn't made planning for a possible flu outbreak an action item. Berg noted that most of his employees have secure, high-speed computer access at home and that most operations can be done remotely. "I do not think we would have a serious problem here with keeping our computers and applications services available," he said.
Gartner has issued several advisories about a possible pandemic, urging IT shops to prepare for the need to upgrade broadband and virtual private network connections to the homes of key workers and beef up their online ordering capabilities for customers.
In a 31-page report issued March 7, the consulting firm listed in stark detail three scenarios for a global spread of the avian flu or another virus, from mild to severe. In the most severe scenario, several million people would die and the pandemic could last for a year or longer, despite strict quarantines. Many businesses would cease to operate, travel would be restricted, and workplace communications would often be done via phone, videoconferencing and e-mail.
But Gartner analyst Ken McGee last week rated overall corporate preparation levels at only a 2 or 3 on a scale from 1 to 10. "Maybe pandemic planning isn't the most important thing facing a company, but it should be in the top two," McGee said, suggesting that tight IT budgets might be keeping some companies from moving more quickly to prepare.
The biggest mistake companies are making is assuming that their existing continuity plans will work in the event of a pandemic, McGee added. "Unlike earthquakes and hurricanes and bombs, which are geographically confined, a pandemic is not," he said. "At Gartner, we can't comprehend what IT is thinking on this, because a pandemic is the gift that keeps on giving."
Kevin Desouza, an assistant professor at the University of Washington's Information School in Seattle, said he knows of "only a very few companies" that have systematic plans for monitoring whether a crisis is coming and for responding before a pandemic hits. "The chief complaint of CIOs is that they walk a fine line between saying, 'The sky is falling' and educating people [about] the inherent risks associated with a pandemic crisis," he said.
Small and midsize businesses in particular are "way down the list" in terms of preparedness, Desouza added.
Some IT managers said they're working to adapt their companies' business continuity plans to a potentially widespread and long-duration pandemic.
"In a pandemic, people would have to stay at home to prevent the spread of whatever the virus is, so we need to find ways to [support] that," said Ellen Barry, CIO at the Metropolitan Pier and Exposition Authority in Chicago and president of that city's local SIM chapter.
For example, to limit the amount of data traffic that moves across network pipes, Barry is considering putting the bulk of the authority's applications on centralized servers, following the concept behind WAN optimization products from vendors such as Citrix Systems Inc.
Barry said she has been planning for a pandemic for six months and recently attended two conferences where the topic was addressed.
Another potential problem, Barry said, is that even if workers have appropriate broadband connectivity and good PCs to use at home, they probably won't be as productive as usual if they are sick or involved in caring for someone who is ill.
Just in CaseLawrence Robert, director of business continuity at a large financial services firm based in New England, said his company, which he asked not be named, has begun expanding its planning processes to include a possible pandemic.
The company is brainstorming disaster scenarios internally and sending detailed questionnaires to its telecommunications carriers seeking assurances that they will be able to handle network loads in residential areas efficiently and securely if a pandemic occurs, said Robert, who is a director of the 1,200-member New England Disaster Recovery Information X-change.
Some carriers have said that if broadband customers who need to work from home sign up in advance of a pandemic, there should be enough network capacity in the event of quarantines.
But "that's not necessarily true," Robert said. His company is taking into consideration the distances between the homes of critical workers and the central offices of their broadband providers. One goal of the ongoing research is to help company officials decide how many more laptops and VPNs need to be deployed.
Robert doesn't care whether the odds of a pandemic occurring are low or high. "Business continuity planners don't look at cause so much as effect," he said. "So whether there's a fire or a bomb or a pandemic, [if] the building is out, the workforce has to be disseminated." The biggest difference might be that the period of disruption could last longer during a pandemic than it would during another event, he added.
However, Desouza noted that a pandemic could produce "things that we did not predict, which can combine to cause problems we didn't imagine."
What IT managers should do to prepare for a possible avian flu pandemic:· Make your workforce aware of the threat and what you’re doing to prepare for it.
· Establish or broaden work-at-home policies that include the use of broadband services,
appropriate security and network access to applications.
· Expand online transaction-processing and self-service options for customers and business
partners.
· Invest in videoconferencing technology to use if travel restrictions are imposed.Work with
customers and partners to minimize disruptions by coordinating crisis-response
capabilities.
