Key strategies that organisations can implement to help transition back to 'business as usual' are outlined below.
- Embed Contract Management
- Avoid the temptation to put key supply contracts back on the
shelf now they have been assessed for the immediate impacts of
COVID-19. Now is the time to embed the lessons of contract
management that COVID-19 forced on us. For example, check whether
these contracts are still fit for purpose or whether the terms need
to be reassessed in a post COVID-19 world (such as service levels
and credits, performance requirements, termination events,
flexibility to address ongoing supply-chain issues). Have you
place? Now is the time to check these things and kick off any
change processes or start broadening your supply options to build
further resilience for your organisation.
- If you haven't pulled any contracts off the shelf, it's not too late to do it. In particular, check whether any contracts have been left to expire or non-performance has otherwise been left unchecked. If you don't, there is a real risk of waiving hard won rights you thought you had (and paid for). On the flipside, if you have made concessions on performance, assess the current status of the impact on performance and get written clarification, if you haven't already, on an appropriate time frame for those concessions to be lifted.
- Business Continuity Arrangements
- Are your own business continuity arrangements sufficient? Have
you updated them to reflect COVID-19? Should you conduct further
testing given the current environment may help detect further
- Related to the contract management points outlined above, check if you should update your business continuity and disaster recovery requirements in your services agreements. Also, consider exercising any testing / audit rights with key suppliers.
- Check Your Technology Requirements
- Are your policies around use of technology robust enough for
the new remote working norm? Make sure your cybersecurity and
privacy policies have been updated to help deal with the increased
cyber-risk profile of employees working from home.
- Do your software licensing arrangements allow for the use currently being made / which you expect to be made going forward (e.g. are they linked to use at a certain site / on a specified number of devices, etc.) Do a self-audit before your software suppliers do. Also, do you need to conduct additional testing of your security systems (e.g. penetration testing)? Now is a good opportunity while people are in a range of home environments.
- Related to the technology requirements outlined above, check
your data breach response plans. Do they need to be updated to
cover off risk associated with working from home? For example, does
it deal with how to handle data breaches that may have occurred due
to cyber-attacks on employees personal devices (which those
employees may be using to work from home)?
- In relation to collecting health information of staff and visitors, have you relied on the 'employee records exception' and 'permitted general situation' exceptions to collect and disclose COVID-19 related health data of your staff and visitors (see our related article on that point here)? Consider whether you can continue to rely on these exceptions when returning to BAU. The Office of the Australian Information Commissioner has indicated that APP entities should limit the use of these exceptions to what is necessary to prevent and manage the spread of COVID-19.
Many thanks to Meena Muthuraman for her assistance in putting this article together.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.