@dcontesti   So what do we need to do to remind them of their responsibilities or legislation i.e. in New Zealand it is the Companies Act.   Do you have similar legislation elsewhere?

Regards

Caute_ cautim

---

@Caute_cautim wrote:

What lessons do you think you or your organisation has learnt coping with it?

---

If you were prepared for employees to work from a coffee-shop (including awareness training, device hardening and remote access), the I.T. aspects of Covid were reasonably easy.  Much tougher are the employee safety implications, especially on the manufacturing floor.

To me, the primary I.T. lessons learned center around BCP:

1. Multiple failures happen.  Who would have thought that while fighting a global pandemic, police reform protests would become a global thing too?  Be prepared to divide-and-conquer. In DR exercises, strategically pick a person or two who has been hospitalized with only the room phone to "answer critical questions".
2. Prepare for big failures.  I don't think I will be getting quite the strange look next time I ask "what if the whole primary data center fails?"  Having one "hero" is not enough. Recovery needs scale.  Scale needs automation, or at least simple procedures that can be handed to a room full of neophytes.
3. Be prepared to scale anything. When you are gifted with money to scale remote access 10x, how would you implement it within 3 days?   If you double the customer-service staff overnight can you supply prepared answers/procedures/resolutions for the top 20 questions? Triage instructions for the top 100?
4. Understand business priorities. Almost everywhere, making money to meet this weeks payroll is at the top.  And "security" is more about protecting the income for next month's payroll.
5. Hire talented people that tend to "run towards fire" and "lend a hand", especially across disciplines.