Planning for Pandemic

Former CIO Ed Carubis on what CSOs should be doing in light of the looming threat of an avian flu pandemic

Companies need to know which employees and facilities are in an affected area, and they need contingency plans to redirect services to other facilities outside that area. For large companies, it becomes complex rather quickly. Think about multiple communities that have different levels of restrictions placed on them, and decisions that the company has to make in order to keep their business running.

CSOs should look at their current telecommuting policies, because strategically that can be a really important way to retain a high level of functionality, letting folks work from home wherever possible. CSOs should think about that up front. Do we have the capacity to have 80 percent of our employees working from home? Do they have access to all of the information assets they would need?

The other piece they may want to think about is the current travel policies. Travel introduces a risk, particularly to influenza source countries in Eurasia. [CSOs should] begin to develop a travel profile for their company so that when an outbreak occurs the company knows who travels where, and why they go there. And they should also have contingency plans if they were not able to travel to Asia for six months, or if certain goods from Asia weren't available.

The private sector's role in helping detect outbreaks: Public health could ask companies: "Let us know the locations where employees are calling in sick, and capture the reasons why." By tapping into the large employers and the attendance systems of public schools, public health officials would be able to use that data for detecting at the earliest possible stage when an outbreak might be unfolding. Extended collaboration and participation from large employers would certainly help in understanding the directionality and extent of the outbreak.

CSOs have to be thinking about how to do that securely, without compromising employee information. This really calls for establishing those relationships up front with public health people. Our conversations with the [Centers for Disease Control] shows they haven't thought about proactively forming partnerships with CSOs, or relying on industry associations or what have you, to create data-sharing agreements ahead of time. The last time to try to figure this stuff out is when something is unfolding. [CSOs should] say, "We want to be a partner, to do this securely. We don't want to do it in any way that compromises our intellectual property or our employees, but we do want to participate." In return, they can get from public health the latest information about outbreaks so they can make decisions about business continuity.