Emerging Business Risks from the Coronavirus Lockdown

The Coronavirus lockdown has rapidly changed the way that many businesses operate.

Although the threat of a pandemic already appeared on many risk registers and business continuity plans, ‘no plan survives contact with the enemy’.

As the lockdown continues there are emerging business risks which you should consider as part of your ISO Management Systems.

The following guidance is in addition to our initial COVID-19, Coronavirus Advice to Clients (Issued 4th March 2020).

Working from Home Risks

The government guidance has been to work from home if you can, which means vast numbers of office workers are working from home. While many businesses already had working-from-home policies, they were not always written with long term working from home in mind.

Things to consider:

Are home workspaces ergonomically suitable? See our DSE Regulations eLearning.
Do people have the right equipment at home?
Has that equipment been accounted for in your Asset Inventory?
Will people start using their own devices?
Are home Internet connections fast/stable enough for the work being done?

Furloughed Employee Risks

Some organisations have quickly taken advantage of the UK Government’s Coronavirus Jobs Projection Scheme and furloughed employees, but in a rush to protect jobs, these risks might become exposed:

Reassigning Roles and Responsibilities
Have you created gaps where emails/telephone/post won’t be answered?
Or where other key activities are not monitored?
Segregation of Duties
An ISO 27001 requirement, but with reduced employee numbers are you able to maintain segregation of duties where they are required?
Skills gaps
Although employees may have been furloughed because of a reduction in workload, have you lost key skills from the business?

Remote Working Tools

There has been much in the news about the privacy and security issues around video conferring tools such as Zoom.

Things to consider:

Check the Privacy Policies of tools you are using, particularly how they use your data, where it is stored, and how long they retain it!
Issue guidance to employees on the use of remote tools, considering what is in the background of the video and who can over-hear your meeting.

Empty Building Risks

Working from home has left many offices and other commercial buildings empty. Don’t let it be ‘out of sight, out of mind’.

Consider these risks:

Water leaks can cause a lot of damage, particularly if they are not found quickly,
Post can build up in a lobby or reception area,
Power outages could prevent remote actress to IT Infrastructure in the premises,
A break-in could go undetected for some time,
Lack of maintenance for building systems (Fire, Intruder, CCTV, Access control) and tooling/machinery could have a knock-on effect when reopening the building.

CCTV, Intruder Detection and other systems can help you monitor buildings remotely. You may also have support from a security or facilities company.

Lapse in Maintenance Records.

Following on from the ‘empty building risks’ points above, many systems require regular maintenance which might lapse during this time.

If the building has been in use, you may need to recommission these before employees return to work in the building.

However, you might find that your suppliers have adapted their working processes to maintain physical distancing and reduce the risks from the Coronavirus, so they are able to continue servicing your building.

Insurance Cover Risks

Check your insurance policy for any clauses related to empty buildings, as often a regular (sometimes weekly) inspection of the site is required.

It is also worth talking directly to your insurers as many have issued updated guidance related to this specific situation.

Changes to Suppliers

As mentioned above, not all businesses have stopped operating. Many have moved to remote working, while others (like security and facility companies) have adapted their ways of working to be able to continue safely.

Managing changes to supplier services is part of both ISO 9001 for Quality Management and ISO 27001 for Information Security Management.

So engaging with suppliers to find out their updated procedures is important.

Conclusion

The Coronavirus lockdown happened very quickly, and there are many lessons we will learn from this experience.

As the lockdown goes on, many more business risks are emerging. However these can largely be managed through your existing ISO Management System risk framework.

If you are ISO Certified already, we can support you remotely to maintain your management system.

See also:

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.