COVID-19—Mitigating Risks to Critical IT Projects and Services

Bennett Jones LLP

Given the disruptions arising from COVID-19, organizations are well advised to consider how such disruptions will impact their key information technology (IT) projects and services. In particular, starting with those projects and services with the highest priority, we recommend that organizations:

  • review and prioritize their in-flight projects and services (current and in procurement process);
  • review their existing compliance, reporting, governance, risk identification and mitigation processes for the in-flight critical IT projects and services; such as:
    • licensing compliance (especially, given remote work);
    • service levels: specific service levels and related reporting;
    • key personnel;
    • confidentiality and cybersecurity;
    • change management;
    • business continuity and disaster recovery plans and processes; and
    • contractual relief, such as notice of disruption, excusable failure, and force majeure provisions;
  • seek details from the relevant IT vendors and service suppliers as to:
    • how they are currently mitigating COVID-19;
    • how they plan to manage in the coming months, including:
      • supporting remote work;
      • using alternative communication and collaboration solutions;
      • restricting in-person meetings and maintaining social distancing; and
      • restricting travel, especially, international travel; and
      • compliance with any applicable recommended courses of action by the applicable public health authorities;
    • how they plan to prepare and manage the recovery from COVID-19;
    • how these plans will impact the critical projects and services, including their planned approach to resourcing (including key personnel), timelines, deliverables and governance; and
    • how these plans will continue to evolve as the world responds to COVID-19; and
  • review (and, if needed, update) the organization's existing: (i) IT governance processes and resource availability to mitigate the potential COVID-19 disruptions; and (ii) applicable policies.

Organizations are well advised to adopt a pro-active approach to obtaining the information needed from their critical vendors with respect to their response to COVID-19 and to be clear about their expectations around the responsible mitigation, response and recovery activities which may be required.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bennett Jones LLP | Attorney Advertising

Written by:

Bennett Jones LLP
Contact
more
less

Bennett Jones LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.