Pandemic management event: Practical tips and legal guidance for preparing for a possible second wave

Pandemic management event: Practical tips and legal guidance for preparing for a possible second wave

With COVID-19 cases on the rise again and winter on the horizon, what learnings can we take from earlier in the year? How can you protect your organisation? What should you consider prepare your legal team,  employees, supply chain, contracts and customers?

There is a lot to consider. Our next senior counsel event is on the 14th October and will focus on the Commercial and Employment law impacts.  Iain Larkins, Founder and CEO and Sandra Martins, Head of Employment at Radius Law  will present some of the key priorities for legal departments.  They will also reflect on recent government and regulatory guidance and suggest some practical next steps. Register here. 

Preparing your business will need a holistic approach.  Emma Dickin, Head of In-house at LexisNexis suggests a few areas to consider :

•  auditing the best practices since the pandemic started

•  updating your pandemic management strategy and plan and aligning this seamlessly to your business continuity arrangements

•  revisiting your risk register and ensuring you have carried out (and are addressing issues raised by) relevant risk assessments

•  reviewing your policies and procedures—ensuring they reflect ways of working and consistently updated

•  refreshing staff communications and training on key topics, such as health and safety, information security and confidentiality

Take time to reflect

When the coronavirus pandemic first hit, organisations had to move quickly and react to almost daily changes in the situation and government guidance. New working practices and technologies were implemented in far shorter time frames than usual and business continuity plans received thorough testing in real time, rather than as a desktop testing exercise. Naturally, not every measure put in place to manage the situation will have worked and indeed many will already have been modified or replaced. Now, however, is a good time to formally reflect on what did and did not work well. Where measures did not work, has a better solution been found? If not, why not?

You may have carried out a pandemic management audit at the start of the coronavirus outbreak. If you did, you may want to revisit and update it. If you didn’t, it may be worth carrying one out now. Carrying out a structured audit will help you assess whether your business has adequate processes in place to respond to a second wave of the pandemic.

See Precedent: Pandemic management—self audit.

Draw up plans

As mentioned above, your business continuity plan will have received a thorough workout in recent months, although it may not have been written with a global pandemic in mind. Your organisation may also have a separate pandemic management strategy and a more detailed action plan sitting alongside your business continuity plan and other policies.

Your pandemic management strategy and action plan should align with and link seamlessly to your business continuity arrangements. The reality is more likely that actions taken on the ground during the first wave of the pandemic mean all of your business continuity and pandemic management plans will need a review and update to ensure they reflect the current situation and needs of your organisation.

If you have workplaces open, you should also have a plan for what to do in the event of an outbreak of coronavirus or local lockdown measures affecting your staff or workplaces. This should include your plans for notifying the relevant public health authorities and providing assistance with contact tracing, if requested to do so.

See Precedents:

•             Pandemic management strategy

•             Pandemic action plan

•             Business continuity plan—BCP

•             Coronavirus (COVID-19) workplace outbreak management plan—offices

•             Coronavirus (COVID-19)—safe working in an office environment—checklist

Document and assess risks

Risk register

Your organisation’s risk register is a tool for collating and managing all your risk information in one place. To be effective your risk register should list all the risks your organisation faces. It should be a living document which is regularly updated and reviewed. As the risks arising from the pandemic evolve, you should ensure you have documented and assessed all relevant risks and are keeping them under review. These need to be reflected in your risk register with mitigations, controls and action points identified and being dealt with. You may even find that some risks you identified earlier in the pandemic can now be removed from the register.

As a starting point, our Pandemic risk management guide identifies five key priorities for in-house lawyers in the event of a pandemic, to support the necessary business decisions to ensure your organisation’s survival, including supply chain risk, supporting your staff and business decision-making and leadership. It explains why you need to pay close attention to these areas to assist in maintaining the smooth operation of the business and links out to relevant checklists and precedents, such as: Pandemic management—contract review checklist.

For more information on risk registers, see subtopic: Risk register, which includes a host of guidance and precedents to help you identify and evaluate risks to your business—including a Precedent: Risk register.

Required risk assessments

As well as ad hoc risk assessments of items on your risk register, you should consider any specific risk assessments you are required to carry out by law or as part of your regulatory requirements and review and update them as necessary. These might include:

•      your organisation’s Health and safety risk assessment

•      a Coronavirus (COVID-19) workplace risk assessment and plan if your workplaces are open

•      a Money laundering and terrorist financing organisation-wide risk assessment, if your organisation is in the regulated sector

Update policies and procedures

The coronavirus pandemic is likely to have generated lots of updates to your policies and procedures already, as well as prompting you to develop new policies to address specific issues arising from the pandemic. This is likely to have taken place on an ad hoc basis as issues were identified, or to reflect new guidance as it was published. As part of your preparations for a possible second wave you should review and update all your policies and procedures together ensuring they still reflect the way you do things and are internally consistent with each other.

If temporary arrangements were put in place earlier in the pandemic, are these still valid? Have they now become permanent, rather than temporary, arrangements? Do your policies and procedures reflect your current arrangements?

Check also whether your internal procedures are practical in the ‘new normal’ working environment. For example, if physical sign-off is required for anything, how do you achieve this if some or all of the affected staff are working remotely?

Policy areas that are likely to have been affected by the pandemic to date, and which will need to work effectively in the event of a second wave, will include:

•             health and safety

•             homeworking

•             information security and confidentiality

•             supervision

Health and safety

Consider reviewing your policies on key affected health and safety topics, such as general workplace health and safety, coronavirus workplace safety and lone working. See Precedents:

•             Policy—health and safety

•             Policy—Coronavirus (COVID-19) workplace safety

•             Coronavirus (COVID-19) safety—policy schedule—offices and contact centres

•             Policy—lone working


Assuming your organisation still has a number of staff working from home, now is a good time to review your policies and procedures around home working, including workstation assessments and display screen equipment. See Precedents:

•             Policy—homeworking

•             Homeworking guidelines

•             Emergency homeworking risk evaluation

•             Emergency homeworking questionnaire for staff

•             Workstation health and safety checklist for staff

Information security and confidentiality

Office closures and social distancing required during the pandemic have created increased risks around information security and confidentiality. Many workers have found themselves working from home in less than ideal circumstances, often on personal, rather than company-issued equipment, and often in a home that is shared with others working for different organisations, potentially competitors. At the same time, cyber criminals have leveraged the uncertainty of the situation to their own ends.

Practice Note: Pandemic management—information and cybersecurity—challenges and practical responses sets out key information and cybersecurity risks arising through the difficult business conditions and challenging environment common in a pandemic, and suggests practical steps you can take to mitigate them.

For staff who are solicitors, Practice Note: Coronavirus (COVID-19)—professional conduct for in-house lawyers reflects advice issued by the SRA and Law Society on the impact of the coronavirus on a range of commercial and professional conduct issues that might be relevant to in-house lawyers, including confidentiality.

You may also want to review your information security and related policies to ensure they still reflect the way staff in your organisation are now working. See, eg Precedents:

•             Policy—GDPR information security

•             Policy—internet, email and communications

•             Clear desk and clear screen policy

•             Password policy


Remote working means staff will inevitably be supervising, or being supervised, remotely. This brings with it a variety of challenges, particularly in the context of employees who are working in an apprentice or trainee capacity.

Precedent: Remote supervision guidelines for supervisors is mainly aimed at supervision of lawyers, but provides useful guidelines on the remote supervision of staff generally, in particular junior staff. It includes a checklist of issues to consider that can be completed following discussion with each person being supervised remotely.

Communicate with staff

A key part of your preparations for a second wave will be to ensure that everyone in your organisation knows what they are expected to do.

If you have not done so recently, now might be a good time to run refresher health and safety training and workstation (self-)assessments. See, eg Precedent: Workstation health and safety checklist for staff.

Given the importance of information security, we also have a variety of communications and awareness raising materials you can use, including:

•             Information security awareness campaign—confidential calls

•             Information security awareness campaign—information on the move

•             Information security awareness campaign—using wi-fi

•             Cybercrime awareness campaign

•             How to spot a phishing email in under 15 seconds

•             Message to staff on the importance of cybersecurity in a pandemic situation (eg coronavirus (COVID-19))

•             Remote supervision guidelines for supervisors

Further reading

We have published an extensive collection of Q&As covering risk and compliance during the pandemic, which may also help your preparations. See, eg:

•             Should I review my workplace first aid arrangements in the light of the coronavirus (COVID-19) pandemic?

•             How can I ensure my organisation and staff stay safe while using video-conferencing during the coronavirus (COVID-19) pandemic?

•             What are the key financial crime-related risk areas for compliance during the coronavirus (COVID-19) pandemic, and what are the pitfalls to avoid when dealing with those risks?

•             What cybercrime risks do I need to consider during a pandemic (eg coronavirus (COVID-19))?

•             What technology risks are associated with temporary homeworking?


We look forward to seeing you on the 14th October for the Commercial and Employment law update. Register here. 


Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.