Many parts of the world are slowly relaxing the lockdown and have asked the businesses to open in a phased manner. From a CISO’s perspective we need to consider the actions that ought to be taken to protect the most vital business resource – it’s people. In other words, how will the CISO transit the BCP into its next phases which are recovery and restoration of business.
Medical fraternity believes the war against this pandemic is far from over and extra vigil is needed after the lockdown is lifted and especially for up to six months from the date the lockdown is lifted as they expect a spike in new cases turning up soon after relaxing the lockdown. They advise us no to relax even after the lockdown has been relaxed. Going with the recommendations of these experts we need to look at how we can bring these to the context of BCP.
At SSD Tech we would recommend extending zero-trust approach here, that is every person entering the business premise is to be considered COVID-19 positive.
Starting with the entry points, install fever detection systems at all entry points to the business and all personnel have to pass through it.
As a redundancy equip security personnel manning these entry points with non-contact infra-red thermometers. Make sure these security personnel wear proper PPE kits.
Make visitor management contact-less, you can use some smartphone apps to do this that uses NFC technology to open barriers for bona fide visitors.
For all employees, make entry access contact-less; do away with fingerprint and retina scanners, you may consider replacing these with facial recognition technology and combine it with a contact-less access card reader for two-factor authentication.
Doors to be pushed to open as pushing doors can be done using elbows and its far safer than pulling them with palms or even safer is to use foot.
Within workspace physical distancing for people to be enforced. Notices to be placed in pantries and other common areas reminding employees about physical distancing. All department heads to coordinate in preparing a roster for employees based on government guidelines on the maximum number to be present physically in the premise. Also, not to forget the roster for meal breaks so physical distancing is maintained in these areas at all times.
Work out a plan to protect all assets during the end of day/start of day sanitation drive with the facilities management team.
Last but not the least, document this as per policy and or update your playbook.
About the author
Sudhakar S Narayan is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified lead auditor in ISO Information Security Management System (ISMS) and ISO Business Continuity Management System (BCMS). He has more than two decades of experience in Information Security, Information Systems Audit, data protection, data privacy, business continuity and disaster recovery.
