Swine flu puts spotlight on pandemic planning

By Marcia Savage, Features Editor, Information Security 01 May 2009 | SearchFinancialSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The swine flu outbreak has many financial-services firms on alert and preparing to activate their pandemic response plans.

SearchFinancialSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

At CIGNA Corp. an emergency response team of medical and business leaders meet daily to assess the situation and determine what steps need to be taken, said Gloria Barone, a spokeswoman at the Philadelphia-based health insurance company.

CIGNA has developed an action plan to prepare for the consequences of a swine flu pandemic, which includes an existing emergency system that the company said is easily activated to help facilitate care for its members in the event of a pandemic. The company's business continuity plan includes the ability to allow many employees to work from home during a pandemic. Also, CIGNA said it will implement travel guidelines or restrictions as needed to minimize spread of the flu.

The company said it had an internal clinical committee in place for some time to develop policies and procedures in the event of a flu pandemic.

Pandemic resources: Federal Financial Institutions Examination Council guidance on pandemic planning (PDF) Centers for Disease Control and Prevention U.S. government pandemic website managed by the Department of Health and Human Services World Health Organization BITS' pandemic resources list (PDF)

John Carlson, senior vice president of regulatory affairs for BITS, a nonprofit financial-services industry consortium and division of The Financial Services Roundtable, said financial institutions are monitoring the swine flu situation and activating elements of their business continuity plans. The Financial Services Sector Coordinating Council is actively working on the issue with federal officials and regulators, he said.

According to the Centers for Disease Control and Prevention, the U.S. on Thursday had 109 confirmed cases involving the new strain of swine influenza, now referred to as H1NI, and one death. The World Health Organization said 11 countries have officially reported 257 cases of H1N1.

The U.S. has declared a public health emergency and WHO raised its worldwide pandemic alert level to Phase 5, which it said is a "strong signal that a pandemic is imminent."

A security manager at a West Coast-based bank said his company is monitoring the outbreak on multiple official state and federal websites.

"We already had a plan based on the avian flu," he said. "We did an update last August. We're pretty much prepared."

Most companies that have taken the avian flu pandemic threat seriously should be prepared, he said. Experts have warned in recent years about the pandemic potential of a strain of avian influenza, the H5NI virus.

Related information: Preparing for a pandemic: A pandemic readiness assessment exercise conducted by the U.S. Treasury provides insight not only on what it takes for a financial services organization to prepare for a worse case scenario. Swine flu outbreak results in spam pandemic: Spammers are taking advantage of the swine flu outbreak to trick users into giving up their email address, open a malicious PDF file and even buy a cure. Swine flu reveals pandemic planning shortcomings The swine flu highlights flaws in organizations' pandemic plans. Compliance expert David Scheier describes how three clients have no idea if their pandemic plans will work.

Unlike other businesses that can send employees home to work remotely in the event of a pandemic, the bank needs to stay open and deal with the public, said the security manager, who requested anonymity.

Consequently, the bank's pandemic plan involves being able to stay open and reducing the number of employees who are potentially exposed by allowing them to work remotely. With the swine flu outbreak, the bank has been making sure branch hand sanitizers are full. Any disaster plan relies on employees following instructions, he noted, and most bank employees understand they should wait for direction from their supervisor.

The information security officer at an East Coast-based bank said his company updated its pandemic plan last year and currently following guidelines from the WHO and its internal HR process.

"The most important thing is to not only have a plan, but to test the plan," he said. "No company wants to disrupt their operations for planning but it's crucial."

John Copenhaver, president and CEO of DRI International, a Conway, Ark.-based provider of education and certification for business continuity professionals, said the organization is fielding questions about executing pandemic plans, indicating that many companies are in a heightened state of alert if not already activating initial stages of their pandemic response plans.

"Most of the larger financial institutions have some kind of pandemic/influenza plan or at least a pandemic overlay to their existing business continuity plans," he said. "But I don't know if I would say they're all prepared to the extent that they need to be prepared."

Pandemic planning involves dealing with the business impact of potential absenteeism – employees who are sick and can't work or who are afraid to come to work for fear of getting sick, Copenhaver said. Other elements include securing certain facilities from people who are obviously sick, how to help infected employees and their families, and how to help employees who are traveling abroad, he said.

SearchSecurity radio:

Even if the flu doesn't develop into a worst-case scenario, companies are already dealing with effects from the outbreak in terms of some school closures and travel impacts, Copenhaver said.

"The jury's still out on how bad this is going to get," he said. "We don't know what the mortality rate will be. If this is something like ordinary influenza in terms of its mortality rate, it will still have an impact on us, but if it turns out to be something more severe, like the Spanish flu outbreak in 1918, we'll see just how well prepared we are."

Seasonal flu kills approximately 36,000 people in the U.S every year, according to the CDC.

In an advisory issued Monday, Gartner said enterprises shouldn't overreact to media reports about the swine flu, but should take the event as a wake-up call for reviewing and testing their pandemic response plans. The financial services sector is one of the few industries that's performed serious pandemic response planning, according to Gartner.

BITS' Carlson said the financial services industry has taken a number of steps to prepare for a pandemic. Two years ago, the industry in conjunction with the Treasury Department and federal regulators conducted a major pandemic exercise and documented their findings on pandemic-related absenteeism, telecommuting, communications and other issues, he said.

Tags: IT disaster recovery planning and management,  Risk assessment and management in financial institutions,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IT disaster recovery planning and management Security benefits of virtual desktop infrastructures Five mistakes banks make in pandemic planning Swine flu reveals pandemic planning shortcomings Swine flu: Pandemic planning wake-up call Lessons learned: The LendingTree case Lessons learned: The Countrywide Financial breach Investigation management tools ease fraud pains SIM appliance helps credit unions with compliance, incident response Preparing for a pandemic Disaster preparedness: Staying up while everything else is down Risk assessment and management in financial institutions New vendor risk assessment tools address cloud computing Don't forget the cleaning crew in your vendor management program Shifting to a flexible information security framework Threat of insider fraud growing with bad economy Social engineering tests should make sense, not headlines How to combat the insider threat ACH fraud on the rise, experts say Social media: Risk management strategies for financial institutions Podcast: Detecting and investigating insider fraud Download presentations from Financial Information Security Decisions 2009

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary