Once you get top management to buy into the concept, you have to make sure that you include the right elements in your pandemic preparedness program. Your goals are those just stated in the ASIS guidelines, but it’s useful to look at some key specifics with regard to achieving those objectives.
Personnel concerns. One characteristic that makes pandemics different from other critical incidents, such as fires and floods, is that physical assets are not at primary risk, people are. In a fire, earthquake, or hurricane, it is the damage to facilities and infrastructure that prevents the company from operating. A pandemic will degrade operational capabilities by causing severe illness and death and through disruptions resulting from containment efforts, such as travel and transportation restrictions.
A pandemic plan needs, therefore, to consider how the company will address these personnel issues. One way is to include policies and programs for allowing people to work from home, known as telecommuting. Only 12 percent of respondents to the ASIS pandemic survey said that their companies had policies for telecommuting and flexible work hours.
Encourage cooperation. Another aspect of the human factor is to look for ways to encourage employee cooperation in avoiding or containing the threat of infection. One way to do this is through awareness. Companies should consider establishing policies and programs for preventing influenza spread at the work site by promoting respiratory hygiene and etiquette.
The company should also have clear procedures for prompt exclusion of people with influenza symptoms. In the ASIS member survey, only 12 percent of respondents said they had policies for preventing influenza spread at work sites.
Another way that companies can encourage employee cooperation is to have provisions in their pandemic plan for supporting or compensating staff who suffer an unfair burden of personal cost for cooperating in public-health measures like a quarantine. In the ASIS member survey, only 3 percent of respondents said that they had policies for employee compensation and sick leave absences unique to a pandemic.
Stockpiles. The plan should also address how the company will help staff deal with special needs that arise in an outbreak. Stockpiling supplies is one way to address this issue. In the ASIS pandemic survey, two-thirds of respondents said that their companies stockpiled protective equipment for employees, such as protective gear or antiviral medicines but only about 30 percent said that their stockpiles were intended to last more than one week. (There is no right time period for stockpiling to prepare for a crisis that potentially unfolds in waves over a period of time. It’s up to each corporation to make its own best guess as to how much to stockpile.)
Succession. The pandemic plan, as with other contingency plans, should also address succession in case executives are affected. About 62 percent of the ASIS survey respondents have this in their plans.
Training. Staff must be properly trained with regard to their responsibilities under the plan. As the ASIS Business Continuity Guideline has noted, a response plan is “only as valuable as the knowledge that others have of it.”
There should also be a strong testing program to evaluate effectiveness, help responders to clarify their roles and responsibilities, and reveal areas for improvement. Testing should involve both simulation and tabletop exercises. As noted, however, the survey of ASIS members, found a major weakness with regards to testing. Only a third of respondents had tested their pandemic plans since 2007, and nearly half had never tested them.
“You should test frequently to keep it in people’s minds,” says Dr. Robin McFee, an ASIS member who is also one of the nation’s top bioterrorism response experts. “I’m a big believer that, at least once a year, you do a surprise drill.”
Collaboration. Since no company will be going through a pandemic in a vacuum, it’s important for every organization to reach out to federal, state, and local public-health agencies and emergency responders to make sure that internal plans are coordinated with those of the public sector. If possible, the company should participate in the planning processes of these public bodies and share their own plans with the appropriate counterparts.
“If you are in communities where pandemic planning is being paid attention to, you need to become part of that process and part of the solution,” says Marathon Oil’s McCabe.
Dr. Clete DiGiovanni, a retired physician who was a speaker at the ASIS Annual Global Terrorism Conference, seconds this, noting, “I would encourage the people who develop pandemic plans to figure out how all their plans would mesh with their community’s plans.”
That’s one point that ASIS members understand and have acted on. In the ASIS pandemic survey, 88 percent of respondents said that their companies collaborated with other government agencies.
Supply chain. Pandemic plans should include contingency arrangements with suppliers, which 85 percent of respondents said their companies had.
As a part of the planning process, you should identify dependencies and weak links, make sure that there are sufficient redundancies and alternate sources of supply, and make sure that your pandemic plans align with those of your company’s key vendors and customers.
Reasonable action. Unlike single-event emergencies, such as fires and plane crashes that unfold over a distinct time frame, a pandemic lasts one to two years and comes in waves of six to eight weeks. Each wave is expected to cause large numbers of hospitalizations and deaths, high rates of absenteeism, and serious economic and social disruption.
A pandemic offers neither a clear-cut perimeter nor a simple way to monitor its status. Any assessment of its extent at a given point in time has to be largely based on conjecture.
Tracking its progress depends on identifying the number of people affected (those who have died or who are showing symptoms) at that point in time and knowing the incubation period, which is the time between infection and when symptoms appear. If the pandemic strain has an incubation period of 10 days, for example, the number of symptomatic patients at the time the tally is taken shows how many people were infected as recently as 10 days prior. But anyone infected less than 10 days before that assessment likely won’t show symptoms.
The theory in tracking and controlling a pandemic or a forest fire are the same, said Dr. James Young, who led the fight to contain SARS in Toronto. But with a pandemic, unlike a fire, “the difficulty and the problem is, I have no idea where it is. I only know where it was 10 days ago [the most recent incubation period], and I have to not only catch up that 10 days, I must get further ahead.”
This means that during a pandemic, your facility may have employees and visitors who are infectious but don’t exhibit any symptoms. As a result, your containment measures should err on the side of caution, relying on what the SARS Commission called the precautionary principle: “Reasonable action to reduce risk should not await scientific certainty.”
In a 1957 speech to the National Defense Executive Reserve, Dwight Eisenhower famously said: “In preparing for battle, I have always found that plans are useless but planning is indispensable.”
Richard E. Widup, senior director, corporate security, Purdue Pharma in Stamford, Connecticut, and a member of the ASIS Board of Directors, says, “If you are doing pandemic flu planning, you are engaging in one of the better business continuity planning processes.”
Department of Homeland Security Secretary Michael Chertoff echoed both sentiments in a recent speech on the topic, saying, “And what I’m concerned about is that if we push this off, push the planning, training, exercising, stockpiling, and everything else off until we actually have efficient human-to-human transmission of pandemic flu, if it should happen, I guarantee you there is not going to be enough time to deal with the issue…. [P]lanning well in advance is the only way to deal with a massive threat.”
Some of those plans have to be developed by government. Meanwhile, it’s up to the security professionals, working with others in the public and private sectors, to make sure that their companies will be ready when the time comes.
Mario Possamai, CPP, CFE (Certified Fraud Examiner), CAMS (Certified Anti-Money Laundering Specialist), was senior advisor on the SARS Commission, the inquiry into the outbreak in Canada. He is also a member of the ASIS Global Terrorism, Political Instability and International Crime Council. He co-chaired the ASIS International 26th Annual Government/Industry Conference on Global Terrorism in March.