Most organizations around the world are dealing with new challenges and struggles brought on by COVID-19.

At Galvanize, we build security, risk management, compliance, and audit software, so we’re in a unique position to help businesses to respond effectively to the almost-daily risks emerging from this crisis.

GRC software can help organizations to quantify the scale of impact of the pandemic, giving them the whole picture of diverse risks, and providing broader, qualitative context. This allows leadership to make informed decisions based on quantitative data from a holistic framework, rather than just financials.

As a result, leadership is able to put a plan in place that upholds all aspects of the company, including workplace health and safety, company reputation, security, third-party continuity, culture, communications and financials.

As a team, we’ve had to learn and adjust quickly to the challenges that have been thrust upon us over these past months. And while we’ve never experienced anything like this before, we decided to build on a number of powerful tools, combined with tried-and-tested tactics, to help us navigate this situation.

This resulted in the creation of the COVID-19 Toolkit, which we’ve made available to all of our customers. The toolkit drills into eight core elements that companies should be addressing as they navigate through the pandemic.

Workforce health

The first question you should ask is if your employees are safe and happy. Are your employees well-equipped to work from home, and do they have all of the resources they need? How are they feeling overall? Working from home can create barriers in communication. Do employees have the tools available to report on how they’re doing and feeling?

Workforce productivity

Next, organizations should consider how this shift in the way we work will affect productivity and effectiveness. Are employees working on the things that will move the needle? Does your compensation strategy need reviewing, or do you need to reassess your vacation policy? What previously worked to maintain productivity may not work as well in this new normal.

Customer continuity

Following that, consider your stakeholders, and how customer activity is changing over time. Is new business continuing to flow in, and are new projects being started with the same consistency as before?

Third-party continuity

Another question to ask is how vendors, partners and other third parties are managing. For example, how are supply chains around the globe being impacted? Are vendors still delivering at previous levels? Are partners in different geographical areas facing unflagged risks or challenges? All of these factors could impact your own business operations.

Financial contingency

Ask yourselves whether you are forecasting correctly in light of these new changes. Are revenues trending into negative territory? Are there any places where you can cut back on discretionary spending? How are your competitors faring? Are there any opportunities for mergers and acquisitions during this time?


Make sure you are updating employees, partners, customers, and vendors regularly. If you’ve put together a Pandemic Preparedness Plan, make sure you’re sharing this with employees and stakeholders to assure them of your continuity. Ask yourself, is there a single source where all employees can go for updates, and are there daily management and C-suite stand-ups to review new developments? Asking these questions will help to ensure external communications are open, that you’re being authentic and maintaining credibility.


Are your organization’s assets protected against these new risks? Whether that’s making sure equipment is stored securely in employees’ homes, ensuring your physical workspace is secure, or adjusting your controls to meet the developing cyber risks of remote working.

Reputational monitoring

Finally, ask yourself how you can continue to ensure the organization’s reputation isn’t at risk. Are you monitoring social media for customer sentiment and satisfaction levels, and responding before issues escalate? Are you being agile and responding to customer/client concerns quickly? Are you reacting appropriately? If there’s an existing crisis plan, are you following it, and if not, how are you developing/implementing one?

As we navigate this new normal together, remember to lean on your community for advice and support, so that we all come out of this stronger. To facilitate these discussions among the business community, Galvanize has compiled a number of resources on how to manage the COVID-19 crisis on our website, including links to on-demand and upcoming webinars.

Dan Zitting is Chief Product & Strategy Officer at Galvanize, the global leader in SaaS governance, risk, and compliance (GRC) software.