‘The new normal’ – it’s not about working from home, it’s about working from anywhere

Over the next 12 months, most corporate businesses predict only a portion of their workforce will return to their physical offices. With the move to Alert Level 2, a big focus will be on ensuring that employees can work securely, whether at home or anywhere.

Employees need to be empowered to work flexibly, no matter what the circumstance. The ‘new normal’ throws traditional working hours out the door. Yes, it has meant receiving the unexpected or urgent conference call just when you’re trying to juggle your children’s schoolwork or cleaning a mess in the kitchen (and we’ve all experienced this recently). But the upside to this new life is that it has become normal to log in from your device while doing things like waiting for your car to be serviced – what an exciting new generation of multitaskers we have all become.

The new way of working allows both public and private sector organisations to focus on the blockers and gaps that prevent their company from functioning in a remote-first way. Due to a lack of trust, only 56 per cent of managers let their employees work remotely – even when policy allows it. We need to work to a high trust, low compliance model as opposed to low trust, high compliance.

The remote-first model. Why should we care about the implications it may have on our workforce?

For management, this establishes a whole new set of expectations around how a successful team can function without physically sitting at their desks, including how many hours they work and even how success is defined. In order to build trust in your remote team, a focus on productivity and outcome-based KPIs (key performance indicators) should be applied.

There is also an implication for human resource (HR) and people teams. You’ve given your employees the freedom to work remotely but what about the opportunities it brings for those now seeking jobs internationally? It’s no longer about sourcing the best person for the job who can physically make it to the office; it is about sourcing the best talent from anywhere. In the new digitally connected world, will we see companies source talent from places such as the US and the UK? In which case, will we start to see an increase in contract-based work? Will employers cope with this new layer of complexity or sink back to the traditional ways of employing those who are within driving distance of the office?

With the new opportunities that working from home has given us, perhaps we will start to see a decrease in large office spaces and a focus on modernising our meeting rooms with the latest tech. This means that wherever you are logging in from, you can still collaborate seamlessly and, most importantly, have an equal opportunity to access content and resources to help decision-making. Finally, a remote workforce should be a secure workforce. With many employees connecting via home networks, it is important that business leaders consider the protection of their front-line staff.

Read our ‘Survive to Thrive’ digital recovery framework to find out more about how you can adopt a remote-first model..

Contact Tracing for COVID-19 for businesses in New Zealand

As New Zealand enters an extended period of managing the impact of COVID-19, effective contact tracing will be critical to the success of our efforts to contain the spread. There are two primary goals to contact tracing:

  • Stop the spreading of the disease through timely containment
  • Where spreading has occurred, identify potentially infected people.

As the nation changes alert levels and the protocols that need to be observed, businesses need flexible systems so they can adapt. These systems incorporate people, processes, resources and information systems.

The uncertainty of the situation and the constraints of the alert levels will continue to have a pronounced effect on people. Any contact tracing system needs to be sensitive to these factors if it’s going to achieve optimal compliance.

This discussion paper outlines an approach that businesses can take to strike a balance between robust contact tracing systems and disruption to business activity.

NOTE: This discussion paper is intended for businesses that do not normally operate under high consequence Health and Safety conditions. Businesses such as hospitals, construction sites, forestry, transport, etc., need to incorporate health and safety requirements that extend beyond the scope of this document.

Structure

Businesses are complex organisations. At its simplest level, contact tracing for a business is maintaining records of who was where, and when. The business activity is the ‘why’ they are interacting. This provides a basic structure to frame up the design of contact tracing systems:

A flow diagram to represent the design of a contact tracing system.

Workplace Contact Tracing

By defining zones for workplaces, it is possible to implement different contact tracing procedures appropriate to each zone or location. A circulation zone may have rules that mitigate the need to contact trace because close contact is avoided. A dedicated work zone may only be occupied by named personnel, and meeting zones may require detailed record keeping.

Some system factors to consider are:

  • Sign In/Out/Registration on site – perimeter identity and access management
  • Perimeter procedures – advising new/changed policies and protocols on entry. Consider options such as contactless proximity cards, contactless motion opened doors, voice interfaces, digital signage, and facial recognition to eliminate physical contact with kiosks, pens, doors, lift buttons etc.
  • Location Alert Level Policies – organise policies into alert level descriptions, to simplify communications and understanding
  • Oversight and incident reporting – assign personnel to be responsible for monitoring and handling of incident reporting
  • Onsite Surveillance options:
    • Passive systems such as
      • Wireless Access Point device tracking
      • Security Camera and Video Analytics monitoring (observing occupancy, crowd and individual policy compliance)
      • Access Card log monitoring – Active Directory Security Group activity logging
    • Active systems such as
      • Bluetooth beacon monitoring systems
      • Self-trace mobile applications, SaaS tools, bespoke systems.

Workforce Contact Tracing

Businesses have a duty of care for their staff when they are working for the business. Business activity often occurs in places that are not managed by the business. Contact tracing from this perspective requires a workforce monitoring approach.

Some system options to consider are:

  • Check In/Out: confirm location/destination, wellbeing, receive important notices about the location
  • Notification – mechanisms to report suspected COVID-19 infection, spreading, or risky behaviour
  • Activity tracking – record of meetings and locations. Record of location changes and times
    • Passive monitoring of systems such as calendar schedules, timesheets, job scheduling
    • Active monitoring systems such as self-tracing mobile applications, business specific online registers/forms, SaaS tools.

Public Contact Tracing

Where a business is operating in an area where people movement is typically unmanaged, there are unique challenges to contact tracing. Fundamentally, if a business is responsible for a space and it cannot enforce policy or identify occupants, it is unable to operate at that location under COVID-19 constraints. To overcome this, businesses can erect barriers with perimeter controls to create managed zones, or leverage workforce systems such as location/proximity beacons to enable people tracing.

Some system options to consider are:

  • Self-Trace
    • Bluetooth Beacon logging – capture details of Beacons encountered
    • QR/NFC perimeter registering. Restricting access enables sign in/sign out tracking
  • Location Surveillance
    • camera recording/AI pattern recognitions of social clusters (closer than 2m, for more than 10 minutes)
    • Triangulation/Vector recording: Wifi/cell tower device logs (device ID, router location, time entered, time exited, signal strength spot measures).

Investigation support

High trust approaches can work, even with less than ideal compliance.

The main goal of tracing contacts is to quickly inform the investigation after an infection or cluster has been identified. This enables investigators to identify close contacts as quickly as possible and reduce the time contagious people are circulating. Where compliance to protocols is difficult to enforce, having more than one point of observation (tracing people, monitoring locations) can yield a high coverage level.

A square diagram to compare workforce compliance and workplace coverage.

Approach

Contact tracing systems and practises can serve a few purposes:

  1. Identify potential spreading and contain within a workforce, workplace, or public place
  2. Support investigation efforts by authorities
  3. Enforce and observe compliance with protocols
  4. Reduce business impact

The approach is to establish the systems necessary to enact contact tracing, rather than just taking the actions that need to be performed. Systems can be adapted as requirements change, whereas an actions-oriented approach will require constant allocating of resources and reinvention to adapt.

Principles first – save lives first, then save livelihoods. Save profits last.

Systems can be performed manually or automated. Some guiding principles to urgent systems design:

  • Assign authority to make decisions
  • Start with a low maturity model and rapidly evolve. Only automate systems that have low errors/exceptions
  • Experiment to resolve uncertainty. Consensus takes too long.

Notes

People will typically encounter others in one of four places:

  • In their home
  • In a managed workplace
    • Workplaces will have physical separation, hygiene protocols and require some level of contact tracing in place that will enable them to operate under different Alert Levels
  • In an unmanaged space (e.g. public place).
    • These spaces present real challenges to contact tracing, as they are designed to serve social gathering in an open way. Spaces that are unable to meet contact tracing will likely remain closed if contact tracing is required
  • In Transit from one place to another.
    • Travelling typically happens as pedestrians, in private vehicles or public transport. For public transport providers with contactless payment systems have a level of record keeping that can support Contact Tracing
    • Pedestrians are unlikely to encounter close contact clusters (close together for more than 10 minutes)
    • Public Transport providers may be able to achieve a level of contact tracing through existing contactless payment systems.

To perform adequate contact identification, an investigator needs to be able to qualify the following risks:

  • Transmission risks
    • Time and place of potential spreading: when and where have probable or confirmed infected people been
  • Infection Risks
    • If there are times and places where transmission was possible, what was the risk of others getting infected?
      • Close contact: e.g. closer than 2m for more than 10 minutes
      • Casual contact: at the same place and time, but not identified as a close contact
      • Surface contact: identify surfaces that may have been contaminated (door handles, food service, shared equipment, etc).

Rapid deployment

In a crisis, rapid response is crucial to the outcome. A system is only useful if its operational and being used. To enact changes to a business that involves everyone requires special attention to communications to get the message out as fast possible. Another key factor is decision making. It can be impractical to use traditional business decision making and communication approaches to implementing contact tracing systems. They are typically oriented to other needs, such as de-risking investment or optimising operations.

One way to leverage the existing organisation and resources is to overlay COVID-19 specific roles and responsibilities, with a simple three step process:

  1. Organise
    • Define roles and responsibilities, identify support system requirements, define workforce and workplace controls
  2. Activate
    • Stand up systems, communicate changes to workforce, experiment to resolve any uncertainties
  3. Operate
    • Ensure some level of oversight is in place to make sure contact tracing is operating and being used.

Start

This discussion paper is intended to provide some structure and process to forming, implementing, and operating a successful contact tracing system for a business. This is only useful if a business makes a start and moves quickly.

The nature of situation means mistakes are inevitable. Unlike business as usual, these are not failures. These mistakes are learning opportunities – a partially effective contact tracing system today that can be improved tomorrow will become a fully effective system.

There has never been a time like this in our living memory, so everyone is learning as we go. Share ideas and thoughts with staff, customers, and suppliers. We share a common goal.

An artistic representation of a COVID-19 framework.

Deciphering Disaster Recovery from Business Continuity Planning

Disaster recovery and business continuity planning are two related terms that organisations often confuse. And this confusion isn’t something to be taken lightly. Muddling disaster recovery and business continuity planning can, at the very least, inhibit organisations from staying competitive and, in the worst-case scenario, force organisations out of business. Talking with an IT provider experienced at developing and implementing both disaster recovery and business continuity planning will help you determine the best approach to protect your organisation from potential data loss and business risk.

Keeping technology covered with disaster recovery

Disaster recovery is basically what it sounds like — it allows your business to continue operating from a technical standpoint after a disruptive occurrence. This includes backup activities and ensuring systems can start back up offsite. Statistics from 2007 reveal that only 6 per cent of organisations that suffer catastrophic data loss remain in business. A properly followed disaster recovery plan can prevent such dire financial straits, in addition to unacceptable downtime and customer data loss.

A disaster recovery plan will involve a business impact analysis and guide the appropriate approach to systems, data and networks that are critical to the business. Some of the considerations that will go into a disaster recovery plan include how quickly businesses will need systems to be available — one hour or one day, for instance — in the event of a disaster, critical processes that must be included and backup procedures.

Focusing on people with business continuity planning

Disaster recovery covers technology and some processes essential to operations. But what about your organisation’s most valuable resources: your people and critical partners’ employees? Business continuity planning looks at the whole picture of how your enterprise will continue in the face of any minor or major change.

Consider business continuity planning the IT version of strategic succession planning, with the addition of technology and operations to people. Disaster recovery is an important component to a successful business continuity plan, but it’s only one part. You must consider all challenges in your business continuity plan, ranging from how employees communicate during a disaster or small technological hiccup to who will keep things running smoothly if a network administrator takes a sick day. This business continuity planning includes the simplest of components, such as having all employees’ contact information, to more technical aspects involving how they will be able to continue working.

Developing disaster recovery and business continuity planning approaches are, as you’ve already guessed, involved processes that will benefit from expert advice. They are considerations that you can’t afford to ignore when it comes to keeping your business going in the event of an outage or disaster.

4 Steps to Creating a Viable Business Continuity Plan

Your organisation might need a business continuity plan (BCP) to ensure that the right people and processes are in place to allow your business to continue functioning during an outage or disaster. Without a BCP in place, you might have the right disaster recovery technology to be able to access critical systems and data, but not a plan for actually activating the human element needed to see it through.

There’s no substitute for working with BCP experts to devise a comprehensive plan. But you can begin the BCP process with your team and fellow senior managers. Follow these four steps to take the guesswork out of drafting a BCP.

BCP Step 1: Identify the roles and responsibilities personnel will assume. Start your business continuity plan by listing key personnel — those with intimate knowledge of systems and processes and, perhaps most importantly, can-do attitudes. Ensure they’re assigned the most important duties and have proper communications equipment. See who amongst other employees can perform as back-ups in your business continuity plan. Create a list of all processes and functions that must be covered in your business continuity plan, including step-by-step directions to complete tasks. More than likely, you’ll notice how many processes or functions have no back-ups. Create a cross-training schedule for the BCP to mitigate this risk.

BCP Step 2: Establish the main risks and response times. Know where you’re most vulnerable in the event of a disaster or even a key employee stepping down when crafting your business continuity plan. Whether the vulnerabilities lie in technology, processes or job functions, you’ll need to set two very important objectives in your BCP: your recovery point objective (RPO) and recovery time objective (RTO). The former is the amount of data loss you can sustain during a disaster or disruption. The latter is the amount of time required to come back online and resume normal operations. Because your RTO is largely dependent upon data centre and disaster recovery providers, check your service level agreements to ensure they’re up to snuff for your business continuity plan.

BCP Step 3: Lock down all the contingency plans. It may take some time to find alternate locations fully stocked with the computers, network infrastructure, process necessities and communications devices your staff can work from during an event. But as you work towards a fully functioning contingency location for your business continuity plan, you can:

  • Know your current contingency equipment options and what you’ll need to fill the gaps
  • Set an emergency meeting location every employee can report to
  • Place emergency kits in your offices and in the emergency meeting location
  • Establish who can work from home and, in the event of an emergency, how they know to work from home until notified otherwise

BCP Step 4: Ensure the plan is communicated and that people can communicate. A BCP requires many interconnected — and disparate — parts. But they all must reside in one final version that the right people can access. Once you know employees can access the business continuity plan, ensure they also have the communications devices they’ll need as well as a phone-tree list so information is passed quickly and methodically. Be sure to include in your business continuity plan contact information for external contacts so your organisation can communicate with partners and vendors.

Remember: a BCP is never “done.” Think of it as a living document. Because business always changes, so must your business continuity plan to keep your organisation afloat.

The Future of Unified Communications

As more businesses look to increase productivity and mobility, unified communications and collaboration will grow bigger and better to meet these technology needs. Even with individual tools such as video conferencing and presence making a difference for organisations and integration between the different technologies possible, unified communications is popping up in other areas such as personal mobile devices and the cloud.

Making mobile communications possible

Employees are using their own devices for work, which means they will eventually need access to the same unified communications tools on their mobile phones and tablets. Providers such as Cisco will soon let users access their mobile phones like a corporate desk phone, providing features such as unified inbox, call back and conferencing. Employees will be able to work from the road and still reach colleagues as they would in the office.

Cisco will also offer connection to third-party devices by the end of the year as a new feature of Cisco Unified Communications Manager. This means users can use another device as their office phone and have all calls routed to whatever phone they are using on the road.

A move to the cloud

It seems technology trends are folding into each other more and more, and unified communications and the cloud are the latest marriage. What’s so great about the two together? Well, more freedom in how and when you access your communications tools, for one. Ideally, unified communications platforms hosted in the cloud should let you instant message, video chat or call someone from whatever device and (secure) network you want. There might also be fewer infrastructure maintenance costs and tasks involved.

Datacom has seen organisations leverage both public and private cloud to lay the groundwork for their unified communications programmes. Organisations can also use a hybrid cloud approach to unified communications, the latter of which gives organisations even more flexibility to mix and match the technologies and vendors they want while better controlling costs and implementation challenges.

A vendor-neutral solution stack

In the past, organisations have often opted for a unified communications technology stack from one provider. This makes sense to a point — it can simplify licensing and make management easier. But organisations that don’t consider solutions outside a single provider can miss out on technologies that might be better-suited to their business.

The trend in years to come, according to an article from earlier this year on TMCnet, will have organisations instead looking to unify the best-of-breed technologies under an IT integrator. Not only will this help organisations take advantage of an array of technologies from different providers — it will also allow easier integration of these new technologies into existing systems.

Which communication and collaboration capabilities will your organisation look into?

3 Considerations for Finding the Right Disaster Recovery Solution

Now that disaster recovery (DR) is as big a concern among CIOs as it is for potential customers, a piecemeal solution combining in-house servers with several off-site backups will no longer suffice.

Ensuring business continuity for internal and external customers in the midst of a disaster can separate your business — and your leadership — from the pack. And, in a short manner of time, it will be a minimum requirement for even the SME crowd.

According to a study by KPMG, 20 per cent of all organisations will undergo some type of disaster during a five-year period. And 40 per cent of businesses that survive a disaster will go out of business within a two-year timeframe. As businesses become more aware of their vulnerability, the demand for comprehensive disaster recovery will only escalate.

As your organisation considers a disaster recovery plan and begins vetting solution providers, question their ability to meet these DR requirements.

1.  Do they cover the DR gamut? Before diving into the details of each component, make sure you’re dealing with a full-suite DR solution. Verify they offer:

  • Server infrastructure services that cover assessment and reporting to demonstrate the state of your data, optimised server architecture to create the appropriate solution and hosting/management of systems infrastructure to ensure your data isn’t compromised if your location has been compromised.
  • Enterprise storage infrastructure, primarily data security and management, that guarantees the data that supports the processes is unharmed and available.
  • Strategies and solutions for DR as well as business continuity that go beyond hardware and data to prescribe the actions everyone from senior management to the janitor should take in the event of a disaster.


2.  What recovery time does the provider offer? The answer will vary from organisation to organisation and situation to situation. But after providing a glimpse of your services and size, expect fairly concrete answers during the proposal process. Focus on the two key areas of recovery time:

  • Recovery Time Objectives (RTO) – the time necessary for your business systems to return to functionality after a disaster.
  • Recovery Point Objectives (RPO) – the time necessary for the most recently saved data to become available after a disaster.

Of course, the time necessary for recovery goes hand-in-hand with the DR system’s availability. As you negotiate the service-level agreement, look for an extremely high guaranteed server and network availability number, usually 99.9 per cent. During the 2011 floods and cyclone that hit Queensland, Datacom was able to help one metals producer maintain 100 per cent uptime throughout the disaster and offer 24/7 remote support.

3.  What stability and scalability do the company offer? The concept of stability goes far beyond hardware, processes and data recovery for a quality DR provider. You’ll need a service provider that can grow with your organisation and remain in it for the long haul. Be sure to discuss scalability and flexibility. Can the provider adapt to your evolving organisation? Is it at the bleeding-edge of technology, procedures and thought leadership? Is it prepared for your pending expansion?

If the DR provider you’re evaluating meets these criteria, you’ll be well on your way to launching a comprehensive DR solution that ensures business continuity during the unexpected.