• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
NASCIO represents state chief infor-mation officers and informationtechnology executives and man-agers from state governments acrossthe United States. For more informa-tion visitwww.nascio.org.
Copyright © 2007 NASCIO All rights reserved 
201 East Main Street, Suite 1405Lexington, KY 40507Phone: (859) 514-9153Fax: (859) 514-9166Email: NASCIO@AMRms.com
1Pandemic Planning and Response for State IT: Where’s My Staff?NASCIO: Representing Chief Information Officers of the States
Without the flow of electronic informa-tion, government comes to a standstill.When a state’s data systems and commu-nication networks are disrupted, the prob-lem can be serious and the impact far-reaching. The consequences can be muchmore than an inconvenience. Serious dis-ruptions to a state’s IT systemscan lead topublic distrust, chaos,fear and potentialloss of life. Traditionally, IT disruptions areplanned for based on anticipated disastersboth natural and manmade that can phys-ically damage facilities and equipment.
However, we live in a time that holdsthe potential for a pandemic outbreak in your city, state or possibly the nation.What would you do as statechief infor-mation officer (CIO)if one day yourstaff did not come to the office becauseof a pandemic outbreak?
Physical disasters that shut down missioncritical applications are typically coveredunder a state’s disaster recovery and busi-ness continuity (DR/BC) plan. Under theseplans, physical assets can be replaced, andinformation protected,using various back-up and business resumption practices.However, if one day you find your officesempty– your systems running unattendeddue to a pandemic scare– are you pre-pared to act?
CIOs have an obligation toensure that IT services continue in theevent of a pandemic outbreak, andplanning for such a scenario hasbecome essential.
It’s not a matter of if apandemic is going to strike, it’s just a mat-ter of when, and how far-reaching theproblem will be.
The good news is thatthere are simple steps that state CIOscan follow to prepare for such a disaster.
Pandemic Planning 101
 The primary focus of this brief is on howto maintain critical operations during apandemic outbreak. Pandemics are uniquein that they affect an organization’s work-force as opposed to its physical infrastruc-ture,and therefore require a radically differ-ent approach for recovery efforts.Planningin response to a pandemic event shouldinclude an incident management compo-nent involving an incident commandresponse and identifying those key mem-bers and players necessary for a compre-hensive solution to the plans that aredeveloped. The impact of a pandemic onthe state IT organization goes beyond just
Pandemic Planning and Response for StateIT: Where’s My Staff?
NASCIO Staff Contact:
Drew Leatherby
Issues Coordinatordleatherby@AMRms.com
 
the people, process and technologyaspects. On a larger scale, the CIO mustunderstand the impact to the logistics of suppliers outside of the state IT organiza-tion who may also be experiencinga highrate of employee absenteeism.Experts agree that a pandemic event willlikely occur in the next ten years andundoubtedlywill result in a high rate of employee absenteeism.Most states’ITorganizations are simply not prepared toaddress the infrastructureand proceduralissuesthat will emerge as a result.Whether caused by pan-flu,plague,smallpox, anthrax, West Nile Virus, TB orother epidemic, state IT leaders need tomake sure their DR/BC plans are designedto deal with such a contingency.Consciousness is being raised on severalfronts, but state IT– for the most parthasn’t taken the necessary steps to imple-mentand test plans and processes tocope with such an outbreak.
The Role of the State CIO inPandemic Preparedness andResponse
In many states there is a dependency onIT to “figure it out,” if a problem is technol-ogy related. The state CIO is generallyexpected to introduce innovation withinthe state enterprise and prepare for allcontingencies. When systems are downand every aspect of state business isaffected, the buck may stop at the CIO’sdesk. However, there are simple steps thatCIOs can follow to ensure that theirITinfrastructure is protected under any sce-nario.One major difference in a pandemiccrisis versus an unforeseen disaster is thatthere is an element of nature that mayprovide the luxury of time. The CIO canstart to respond and escalate a response,but identifying the critical triggers andexecuting successfully on those must bein the state’s overall DR/BC plan.CIOs needto identify critical staff and business func-tions that their state enterprises cannotfunction without. The critical businessfunctions and critical staff tiering for a
Pandemic Planning and Response for State IT: Where’s My Staff?2NASCIO: Representing Chief Information Officers of the States
pandemic may be completely differentfrom that for a physical disaster. Unlikeother DR/BC situations, in the case of apandemic, the critical staff list shouldinclude for example, those operating thefacility’s chiller rooms and other generalmaintenance functions.Finally, prepare formak ing decisions in an environment of uncertainty.
During a crisis the CIO may not have all the information necessary,but will be required to make immediatedecisions.
Communication
Educate state IT staff on basic pre-paredness for themselves and theirfamilies
– Prepare and distribute pan-demic preparation resources to everymember of the IT staff, with informationon what individual employees and theirfamilies can do to avoid or minimize expo-sure. Work with state public health agen-cies for basic survival information, andbuild a packet of information tailored tostate IT staff.
Educate state IT staff, lawmakers,appointed officials, human resourcesand budget officials
– Craft an educationand awareness program for state IT staff,lawmakers and budget officials to ensureall parties are on the same page withregards to thepandemic preparednessplan and the need for such a plan. Preparekey talking points that outline the ration-ale for pandemic planning.
Establish met-rics for costs of not having a plan:
Howmuch will it cost the state if certain criticalbusiness functions go down? Costs couldstem from ERP issues on the paymentside; citizen service issues (what it woulddo to the DMV for license renewals); andimpacts on eligibility verifications forsocial services.How long can the stateafford to be down? How much will thiscost the state? How long can the state bewithout a core business function?
Communication and cross-boundarycollaboration
– A CIO can build a portfo-lio of remote access solutions to meetbusiness needs from ultra-secure systems
 
NASCIO: Representing Chief Information Officers of the StatesPandemic Planning and Response for State IT: Where’s My Staff?3
to fairly simplistic,low bandwidth con-strained systems. Yet that will not be use-ful if the state’s workers aren’t properlytrained to use the technology.Also, CIOsneed to build critical partnerships withother agencies and branches of govern-ment.
Think outside the box:
CIOs canpartner with anyone to share IT resources;including universities, local government,lottery corporations, local companies andleased facilities with redundant capabilities.
Classify and cross-train workers
– StateIT organizationsoften struggle with get-ting other business units to classify work-ers in terms of criticality, and furtherbreaking down their assigned roles andproviding cross-training so,in the event oa crisis, critical employees are equipped tochange roles or function in multiple roles.In most other events, the CIO isable to des-ignatewho responds. Yet,with pandemics,the CIO has no control over who is sick.
Intergovernmental communicationsand coordination plan
Develop a planto communicate and coordinate effortswith state, local and federal governmentofficials. Systems critical for other state,local and federal programs and servicesmay need to be temporarily shut downduring a pandemic event to safeguard thestate’s IT enterprise. Local jurisdictions arethe point-of-service for many state trans-actions, including benefits distributionand child support payments, and alternatechannels of service delivery may need tobe identified and temporarily established.
Make sure jurisdictional authority isclearly established and articulated toavoid internal conflicts during a crisis.
Identify indirect factors and implica-tions
– CIOs should also identify indirectfactors and implications related to a pan-demic disaster (e.g. loss of staff to publicutilities and other infrastructure). The CIOshould take leadership on this, and beginpressing other state entities to make surethat they’re addressing these indirectissues.
Pandemic preparedness coordinatingcommittees
– Gather representativesfrom all applicable lines of business andcritical service industries necessary forcontinuity of IT operations.Keep the dia-logue open with state business partnersand periodically convene briefings forthem on the state’s DR/BC plans.
Communicate to rank and file employ-ees
Explain there is a pandemic planand the reasons behind its establishment.Clearly articulate employee roles during apandemic incident and identify membersof a possible crisis management team.Also, compile a list of employee office,home and mobile phone numbers, andother relevant contact information.
Establish a media crisis communica-tions protocol
A crisis communicationsprotocol should be part of a state’s ITDR/BC plan.Designate a primary mediaspokesperson with additional,singlepoint-of-contact communications officersas back-ups.
 Articulate who can speak towhom under different conditions, as well as who should not speak with the press
.
State summits
– Several states havedeveloped educational state-wide sum-mits as part of their pandemic influenzapreparation. Typically U.S.Department of Health and Human Servicesand other fed-eral, state, local, tribal, not-for-profit, andprivate sector officials convene to discusscurrent and future pandemic readinessplans. These summits are statewide oppor-tunities to share planning efforts amongthe various partners as states continuetheir work to prepare for this threat.Summits may include elements such asWebcasts.
Planning
CIOs must have a DR/BC planthataddresses the unique problemassociated with a pandemic event
 Thisplan should include:
(1)
A focus on capa-bilities that are needed in any crisis situa-tion;
(2)
Identification of functionalrequirements;
(3)
Planningbased on thedifferent severity levels of a pandemiceventseeCenters for Disease Control
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...