COVID-19: The Immediate, Intermediate and New Normal

Leaders must plan, act and adapt to ever-widening repercussions due to COVID-19 on a near-real time basis.  Containment programs require decisive intervention to flatten the curve, keep front-line employees safe while continuing to serve customers, and align with vendors, suppliers and third parties.

Second line risk management, information technology, human resource, compliance and crisis management teams across the organization need to focus on hot spots, make decisions on high priority remediations and be able to pivot on a dime – all while working from home in a new digital, cloud-based eco-system.

The MetricStream Solution for COVID-19 helps manage risk at a multi-layered level across functions, geographies, regulations and organizational sizes..

MetricStream’s view is that organizations will go through three phases of COVID-19 Response and Planning:

  • The Immediate - Business Impact and Incident Response in the shortest term 
  • The Intermediate - A re-look at the Governance, Risk and Compliance priorities 
  • The New Normal - As the new normal settles in, organizations will make COVID-19 responses part of their overall GRC process and infrastructure management with a strong bias towards real-time risk assessments, analytics on data and operational resilience to deal with a constantly evolving and interconnected risk universe.  

MetricStream COVID-19 Solution

The MetricStream Solution for COVID-19 is presented below in the context of our PLAN-ACT-ADAPT framework, to help you understand and consider how to better leverage MetricStream Apps during the Immediate, Intermediate and New Normal phases of the crisis.

Capabilities

+ Expand All
PLAN
What’s essential? You need a pulse on hot spots, impacts and potential shifts

Risks - Where are the hot spots? See new COVID-19 risks in terms of geographies, customers, suppliers, business lines, high value processes, policies, assets and technologies with feeds from appropriate agencies, regulatory bodies, WHO and other information providers

To provide visibility and status updates to the Board, Leadership, Partners and other stakeholders into COVID-19 connected risks, in the context of geographies, offices, customers, lines of business, products, suppliers…

  • Leverage Scorecards and Heat Maps with rollup and drill down of risks

  • Get visibility into risk categories: Financial, Reputation, Strategic, Health and Safety, Resilience …

  • Identify and correlate Issues, and build Action Plans to manage remediations and close gaps

 

Third Parties - What’s the current and potential impact? Measure the scope of impact to predict workforce changes, delays or alternative supply chains - Conduct rapid assessments of impact to employees, systems, 3rd and 4th parties

To get visibility into risk by product or country, from vendors

  • Gain Visibility into supply chain risks and alternatives to impacted locations

  • Leverage Scorecards and quick assessments of Third parties affected by the event

  • Leverage streaming content on adversely rated vendors

  • Identify and correlate Issues, and build Action Plans to manage remediations and close gaps

 

Business Resilience -  Who needs to know? Get the right information, simply stated, to key stakeholders  - while staying agile with an ‘information tree’ and workflow hierarchy. Understand who needs to know what information: employees, customers, the Board and Senior Management, Stakeholders, 1st responders, partners and others.

When will this shift? Understand when you could/should expect a change – is an office, critical supplier or region rising to a peak or recovering with increasing containment?  

To make decisions on impacted offices/regions/businesses

  • Conduct Business Impact Assessments and actions on potentially impacted locations, facilities and products

  • Communication with Emergency Mass Notification to suppliers, internal and external stakeholders

  • Identify and Correlate Issues, and build Action Plans to manage remediations and close gaps

  • Project the trajectory to determine the timing of shifting much needed resources.

ACT
What’s Required? Leadership means acting, and leveraging what works tactically

Policies - Communicate Response Strategies tied to tiered, clear action plans; distribute revised policies, procedures and controls around COVID-19 impacted realities: Work from Home, Customer meetings, or alternate locations, new Health and Safety procedures - and map to useful content and recommendations from WHO, CDC and other authoritative sources. 

To revise and publish new Policies and Procedures

  • Revise Policies (leave for health workers, new travel policies, procedures for high risk areas) by location, groups and functions

  • Distribute and gain fast attestation on revised policies and procedures

 

Compliance - Ensure compliance with changing regulations and new procedures which may vary by country - put playbooks of the right actions in the hands of those who can take action – continuously improve rather than re-invent the wheel; implement renewed/stronger controls

To assess and manage stronger controls

  • Deploy and test new or stronger controls - Cyber, Workplace health, technology….

  • See the organizations’ Compliance profile by regulation, best practice and geography

  • Build and correlate Action Plans to manage remediations and close gaps

 

Information Technology Risks - Tighten existing or deploy stronger controls in Cyber, Workplace health, technology access control, ensure your IT/Security teams are vigilant and block bad actors that take advantage of new vulnerabilities that may arise

To assess and manage stronger controls due to cyber risks from Work from Home

  • Test Resilience of networks, for example, VPN vs Home networks

  • Limit New Bad Actor attacks that take advantage of fast-moving changes in the digital world

  • Conduct IT Risk Assessments on facilities, assets, and IT/Cyber Controls

  • Build and correlate Action Plans to manage remediations and close gaps

ADAPT
How to Best Align? In Tactical warfare no plan survives contact with the enemy

Case and Incident Management - Gather and correlate Incidents – Health and Safety, Cyber, Home office.  When a region needs to shut down, when the supply chain breaks….Understand risk to affected business units, disruption from suppliers and incidents from the front-line.  Gain visibility into impacted locations, facilities, customers and products.

To Gain visibility into impacted locations, facilities, customers and products

  • Clearly communicate plans of how to respond to reported cases and incidents

  • Ensure speedy investigations and resolution to legal and compliance cases

  • Prioritize your efforts for response and remediation with proactive reporting and monitoring Incidents by employees and your extended enterprise

  • Ensure for governance, accountability and transparency around cases and incidents

 

Observations From the Front Line - When an office/region needs to shut down, when the supply chain breaks…. Get observations, risk to affected business units, disruption from suppliers and incidents from the ‘front-line’ 

To identify and address critical risks at the front line

  • Crowdsource 1st line information including observations, health impact, risk to affected business units, disruption from suppliers and incidents

  • Identify high impact risks with mappings to content from WHO, CDC and other authoritative sources

  • Leverage artificial intelligence and natural language processing (NLP) to identify patterns and Issue clusters, and recommendations on actions

  • Proactively monitor issues reported on by employees and your extended enterprise vendors and partners.

Cloud Access for All 

  • Make access to the front line and all stakeholders easy.

  • Deploy in minutes to distributed employees and those Working From Home

  • Be secure: MetricStream GRC Cloud offers high availability and scalability, as well as advanced security and access controls

Learn How MetricStream Can Help Streamline Your Business

Contact Us
Request a demo Download RFP Template Pricing Contact