Like Y2K, IT Needs to Prepare for H5N1

To date, the threat of the pandemic flu (a.k.a., avian flu or H5N1) to global businesses is uncertain, but a consensus has emerged among those concerned. In January 2006, a study was presented at the World Economic Forum citing pandemic flu as the “global threat that most preoccupies the world’s business leaders.”

With this in mind, preparation may be the best defense against the threat of a pandemic flu in the IT industry. The focus of such preparation is to ensure the availability of emergency services during a pandemic flu outbreak, and the rapid recovery of the economy in the post-pandemic phase.

The preconceptions about what services might be considered essential in a pandemic flu outbreak include law enforcement, healthcare and military, which are all critical to sustaining lives and ensuring safety in emergencies.

Today, these emergency services heavily rely on IT solutions to operate effectively. Without IT, responders cannot be contacted, ambulances can’t be dispatched, patient records won’t be available, emergency supplies can’t be managed, criminals may go free, and order can-not be maintained.

Therefore, IT is an essential service upon which other essential resources must rely. Loss of IT in a pandemic flu results in failure of other essential services.

The Y2K Analogy

IT is young and has never lived through a world-changing event (e.g., WWII or the pandemic flues of 1918, 1957 or 1968) therefore, there are no historical lessons available. However, the Y2K challenge to IT is an appropriate analogy.

Preparations specific to the IT industry must occur for three distinct phases: pre-outbreak, outbreak and post-outbreak. The purpose of these phases is to ensure that critical IT services are provided during an outbreak, and the organization is capable of recovering after an outbreak.

In the Y2K scenario, defective subroutines would have caused application failures, leading to failure of systems, and subsequently the failure of services and adverse economic impacts. A pandemic flu outbreak can reach the same outcome, although with a different trigger, where employee absenteeism leads to system failures, compromised services and adverse economic impacts.

On the surface, the risks posed by Y2K failures appeared to have been grossly exaggerated, and many concluded that Y2K was media hype and industry profiteering. In fact, nothing could be farther from the truth. It was the level of commitment made by the IT industry addressing the problem that rendered the threat mostly moot.

To remain effective before, during and after a pandemic, the IT industry can demonstrate this same commitment to preparation. Y2K’s reduction to a “non-event” was the result of substantial preparation by the industry, and it raises confidence that this industry is capable of pulling through a pandemic flu.

IT Preparedness

Any IT organization must first ensure business continuity with support from its executive leadership. The Centers for Disease Control (CDC) have published a thorough checklist for businesses on the U.S. Web site,

The guidelines provided by CDC can help contain the spread of an infection and ensure that business offices can continue to operate in a hygienic manner during

Pre-Outbreak: The activities associated with planning and taking steps that would minimize the adverse effects of a future outbreak.

These activities include but are not limited to:

  • Negotiations with clients, to identify the critical products and services that must be delivered during an outbreak, along with any necessary contractual modifications.
  • Negotiations with partners and vendors, to identify the critical products and services required during an outbreak to maintain the supply chain integrity.
  • Develop prioritized work list for staff, including the elimination of non-critical tasks.
  • Financial preparations, to accommodate reduced or interrupted revenues during an outbreak, and costs associated with an outbreak.

    Outbreak: The activities associated with the delivery of products and services during an outbreak. These activities comprise:

  • Setting crisis management procedures in motion.
  • Providing critical products and services only, according to work prioritization.
  • Isolating, securing, and locking down data centers—with staff volunteers willing to isolate themselves inside the data center along with provisions.
  • Requiring mandatory time off for employees not assigned to critical products or services. These employees’ primary task is to isolate themselves and remain healthy.

    Post-Outbreak: The activities associated with recovering from an outbreak. These include:

  • Preparing for a possible next wave of outbreak.
  • Analyzing damage reports and status of IT resources.
  • Deploying financial recovery processes.
  • Sequence and orderly resumption of work projects to normal service levels.

    Kas Kasravi is an EDS Fellow in Michigan and helps to develop enterprise-wide initiatives that shape the future of EDS.

    Bill Sheridan is the director of the EDS Fellows Program Office.