There have been several health pandemic breakouts in recent history. Some of the more notable ones include the SARS outbreak which made world news in 2002, the Ebola outbreak of 2019, and more recently, the coronavirus, also known as COVID-19, which is making world news in 2020. When outbreaks like these occur, banks, credit unions, and other critical consumer service businesses should ensure their biological pandemic plans are reviewed, updated, and tested. In this article, we will walk through four questions to ask as you evaluate and update your pandemic plan.

1. Do we have a biological pandemic plan?

According to an interagency statement on pandemic planning published by the FFIEC, financial institutions' "business continuity plan should address pandemics." The statement goes on to suggest the plan should have a prevention program designed to reduce the likelihood your operations would be significantly affected by an event. A strong biological pandemic plan includes processes and procedures specific to various stages of a pandemic outbreak, a testing program to ensure the plan will function as expected, and an oversight program to ensure the plan is reviewed and updated periodically.

2. Do we have a way to recognize the stages of a pandemic?

Organizations who identify pandemic stages are able to more quickly assess risk and initiate appropriate planning activities. The Centers for Disease Control and Prevention (CDC) created a Pandemic Intervals Framework (PIF). This framework can guide planning, risk assessment recommendations, decision-making, and action. The six intervals (or stages) in the PIF include investigation, recognition, initiation, acceleration, deceleration, and preparation.

3. Has our biological pandemic plan been tested in the last 12 months?

As part of the overall business continuity exercise and testing program, financial institutions are expected to have exercises to verify the effectiveness of their biological pandemic plans. Here are a few ideas for tests and exercises:

  • Verify employees are cross-trained (limited-scale exercise)
  • Test technologies needed for employees to work-from-home (limited-scale exercise)
  • Randomly select X employees to not work while you test your cross-training effectiveness (full-scale exercise)
  • Randomly select X employees to pretend to stay home while you test your cross-training effectiveness (controlled full-scale exercise)
4. Are our vendors adequately prepared for a biological pandemic?

Financial institutions rely heavily on vendors for products and services. If our critical third-party providers have a strong plan in place, by extension, we too are further insulated from the negative results of a biological pandemic. In order to appropriately manage our vendors, we need to understand the significance of the service provided by the vendor, how a biological pandemic might affect the vendor, and what evidence we need from the vendor to properly evaluate their preparedness. For details on how to manage third-party risk associated with pandemic planning, see Are Your Vendors Ready for a Pandemic.


Let Tandem help you create, manage, and test your business continuity plan. With Tandem Business Continuity Planning Software as a Service (SaaS), you can document customize our expert-designed biological pandemic resources including controls, checklists, and testing scenarios.

Additional resources include the following: