The Coronavirus lockdown has rapidly changed the way that many businesses operate.
Although the threat of a pandemic already appeared on many risk registers and business continuity plans, ‘no plan survives contact with the enemy’.
As the lockdown continues there are emerging business risks which you should consider as part of your ISO Management Systems.
The following guidance is in addition to our initial COVID-19, Coronavirus Advice to Clients (Issued 4th March 2020).
Working from Home Risks
The government guidance has been to work from home if you can, which means vast numbers of office workers are working from home. While many businesses already had working-from-home policies, they were not always written with long term working from home in mind.
Things to consider:
- Are home workspaces ergonomically suitable? See our DSE Regulations eLearning.
- Do people have the right equipment at home?
- Has that equipment been accounted for in your Asset Inventory?
- Will people start using their own devices?
- Are home Internet connections fast/stable enough for the work being done?
Furloughed Employee Risks
Some organisations have quickly taken advantage of the UK Government’s Coronavirus Jobs Projection Scheme and furloughed employees, but in a rush to protect jobs, these risks might become exposed:
- Reassigning Roles and Responsibilities
Have you created gaps where emails/telephone/post won’t be answered?
Or where other key activities are not monitored?
- Segregation of Duties
An ISO 27001 requirement, but with reduced employee numbers are you able to maintain segregation of duties where they are required?
- Skills gaps
Although employees may have been furloughed because of a reduction in workload, have you lost key skills from the business?
Remote Working Tools
There has been much in the news about the privacy and security issues around video conferring tools such as Zoom.
Things to consider:
- Check the Privacy Policies of tools you are using, particularly how they use your data, where it is stored, and how long they retain it!
- Issue guidance to employees on the use of remote tools, considering what is in the background of the video and who can over-hear your meeting.
Empty Building Risks
Working from home has left many offices and other commercial buildings empty. Don’t let it be ‘out of sight, out of mind’.
Consider these risks:
- Water leaks can cause a lot of damage, particularly if they are not found quickly,
- Post can build up in a lobby or reception area,
- Power outages could prevent remote actress to IT Infrastructure in the premises,
- A break-in could go undetected for some time,
- Lack of maintenance for building systems (Fire, Intruder, CCTV, Access control) and tooling/machinery could have a knock-on effect when reopening the building.
CCTV, Intruder Detection and other systems can help you monitor buildings remotely. You may also have support from a security or facilities company.
Lapse in Maintenance Records.
Following on from the ‘empty building risks’ points above, many systems require regular maintenance which might lapse during this time.
However, you might find that your suppliers have adapted their working processes to maintain physical distancing and reduce the risks from the Coronavirus, so they are able to continue servicing your building.
Insurance Cover Risks
Check your insurance policy for any clauses related to empty buildings, as often a regular (sometimes weekly) inspection of the site is required.
It is also worth talking directly to your insurers as many have issued updated guidance related to this specific situation.
Changes to Suppliers
As mentioned above, not all businesses have stopped operating. Many have moved to remote working, while others (like security and facility companies) have adapted their ways of working to be able to continue safely.
So engaging with suppliers to find out their updated procedures is important.
The Coronavirus lockdown happened very quickly, and there are many lessons we will learn from this experience.
As the lockdown goes on, many more business risks are emerging. However these can largely be managed through your existing ISO Management System risk framework.
If you are ISO Certified already, we can support you remotely to maintain your management system.
Contact us to find out how we can help remotely.