Monday, March 2, 2020

Pandemic Planning - CIO Style

Technology leadership is never easy. During times of crisis planning and mobilization, it is even harder. Expectations have never been higher for CIOs to enable the business to deliver services. So take a deep breath, relax, and read on.  

The largest responsibilities of a municipal government during a pandemic is to continue to provide existing services and to provide for emerging citizen needs related to the pandemic. So for CIOs the question is how best to support the organization during this unusual time.  

"Social Distancing" will influence your plans to a large degree. At scale, and in a worst case scenario, employees may refuse to come to work. Citizens may refuse to come to city hall. Air travel may have to be suspended to certain areas of the country. These are all areas you can prepare for.  

No magic bullets exist, but there are some things the CIO can do to make the situation better. My focus is on local government technology leadership, but regardless of your industry I hope you find this helpful!  

Get Plugged In & Start Early 
No municipal planning for a pandemic response can be complete without the technology and risk management folks at the table. Find out who is organizing your locality response, and invite yourself to the meetings. Be a pest if you have to. Don't assume they will call you when they need you. You can begin by getting your IT staff together for a discussion. There is a good chance that whatever you plan for won't come to pass. Even if you don't need it, the planning exercise is productive. Make sure you document, document, document so that the next time this comes up you are that much better prepared. Remember that disasters have a way of happening more than once.

Vendors - Better Together
Think about the vendors that might help you the most, your suppliers for PCs, internet bandwidth, server equipment, telephony and cloud facilities. Ask them what they are hearing. Tell them if you may have purchase orders on the way to them. If you have a small staff find vendors to help you with implementing strategies. 

Dusty COOP Plans
Most COOP plans are not up to date. Face it, COOP isn't something most of  us do well. But, the COOP plans do hold some value. So don't just disregard them if they are old. Make notes along the way about what needs to be improved. Review the COOP plans for the impacted business units too, not just your IT function. 

The Money Game
I can tell you after one planning meeting with my folks, a pandemic technology response is not cheap. Get in front of the money people early, and often, even if you don't have solid numbers. Guess, estimate and use your judgement. Be aware if your locality enacts "emergency procurement" rules. Get purchase orders entered/approved/signed before you need them. Your CFO or budget director should be high on your list of people to coordinate with. 

Can We Talk
Don't forget about voice communications. Conference calls, bridge lines, cell phones, call forwarding and other services will be in high demand when employees start staying home to work. Think about where your largest call centers are, and how they might be managed. When citizens stop coming to city hall, how do you bring city hall to them? Unless you have all your services on-line, the solution will involve voice technology.  

Now is not a time to introduce risks into your organization. Don't throw your security policies out the window, you need them now more than ever! There will be scams and crooks that will take advantage of the emergency. Make sure people who are new to working remotely know the basics of how to stay secure and how to treat confidential information. Boil it down into a simple document for them and make them read it. People are always the weakest link in the cyber chain, and you cannot afford to have that chain broken during an emergency. Unless you have weeks and weeks to plan a response, don't try for a moon-shot with what you are trying to implement. Converting 2,000 employees to Office 365 as part of an emergency response is not a good idea. 

Set Expectations
Tell your municipal leadership what they can expect from you and your department. Be clear about what you need. In many cases it may just be to have someone make a decision! Meet internally first and let your folks weigh in. In my first meeting the desktop manager was able to tell me how many employees already had laptops, that was really helpful. Another employee brought up concerns I would not have thought of. 

The Whole Pie
Think about all the parts of the puzzle. If it is a mass-telework event, then consider the endpoints and how you will use your tools to manage them. Do you have a policy that will help with employees using personal equipment? Is your WAN link to the internet sized for this? Can your firewall/IDS/IPS support more bandwidth? If you need to run an information campaign, who can you get to make quick changes to the website, do you have the web masters that you need? What about remote clinics, do you have the ability to connect them? Make sure you attend and stay active during the municipal planning meetings, always asking yourself "what technology do they need to do that ..." 

If you have processes for on-boarding employees for VPN access, multi-factor authentication, loaner laptops, web site changes, MIFIs, etc. make sure they are easy to follow. Put documents that need to be signed where people can easily find them online. Poorly written procedures and service descriptions become a nightmare when scaled to lots of people using them at the same time.

Rearrange Staff
Unusual events like a pandemic may put pressure on certain parts of your organization. If the event places pressure on your helpdesk, desktop or customer relationship managers, plan to move staff around to fill in the holes. Be up front with people that it is a temporary assignment and that everyone has to abide by "other duties as assigned", assuming there isn't an organized labor restriction on this. 

At some point, you will need to make a plan to "return to normal", which may be harder than it seems. Employees may be burned out and need some time off. Users with new laptops may like having them at home and be reluctant to return them. Contact the vendors and thank them for their response, or castigate them for the lack of one. By all means, make sure you do an after-action and learn from the experience! 

1 comment:

Unknown said...

Some other thoughts:

COOP plans and VPN access are mentioned, but are enough VPN licenses in place to cover who will need access to it in case of a pandemic or another emergency? Can the VPN handle the load of that many people accessing it at the same time?