March 12, 2020

Diligent Customer FAQs Regarding COVID-19

Last Updated: March 31, 2020

As a steward of modern governance, the Diligent team is taking comprehensive measures to ensure our employees, products, and services continue to operate at the highest levels of performance and support as the COVID-19 epidemic continues to evolve. Governance is critical in times of uncertainty, and we want to make sure our customers and partners know that they can confidently rely on Diligent during this time.

Read more about our COVID-19 response in the letter from our CEO, Brian Stafford and please reference the FAQs below as a starting point for your inquiries.

If you have additional questions, we welcome you to contact your Customer Success Manager at any time.

What is Diligent doing to ensure continuity in relation to COVID-19?

All Diligent systems and products remain fully available to all customers globally.

The procedures set forth in our various Business Continuity & Disaster Recovery Plans ensure continual operation for products* across geographies and outline our approach to command, control, and coordination during crisis, including COVID-19. Our primary BCDR is available via Diligent’s legal department and a confidentiality agreement must be in place to access.

At this time, Diligent’s workforce is entirely remote. Prior to making that decision, we implemented a work-from-home exercise for employees across the globe to ensure preparedness.

What are your decision points to tap into and declare your response a major incident?

We have created a level-based response matrix specifically for COVID-19 which includes a timeline for triggering internal responses (like work-from-home procedures) and our Business Continuity and Disaster Recovery Plan. We are executing against that matrix accordingly.

What controls has Diligent put into place to ensure security while employees are working from home?

Diligent’s workforce has been equipped with working-from-home security controls such as data protection via encryption, strong authentication (2FA), device authorization via Public Key Infrastructure and privileged access management etc.

All remote workers are using company-managed computer equipment for conducting business. Diligent’s client data is stored in our secure data centers and is never stored on any individual user’s computer.

Have you ensured continuity of third parties that are critical to supporting the service(s) you provide?

Based on direct contact or published strategies, we do not have concerns about third party support at this time. We anticipate all systems and products to remain fully available to all customers globally.  We have plans in place to ensure continual operation for all products in all geographies.

What concerns do you have in regard to providing any contracted service if the virus infection rate increases in a specific region?

We do not have concerns about providing contracted services as we have support mechanisms across the globe – specifically in New York, DC, London, Munich, Sydney and Christchurch, along with disbursed remote employees.

What people strategy arrangements have you put in place to brief staff?

We are sending multiple communications to our global employee base from our CEO and other C-Suite individuals every week, if not more frequently. We have set up a site on our intranet to house all information on COVID-19. We have also implemented and tested an emergency alert service to communicate in real time with all of our employees simultaneously, if needed.

What arrangements have you put in place for a staff member being diagnosed as infected with the virus?

As our entire team is now working remotely, this question no longer applies. However, before that policy was put into place, if a staff member was diagnosed as infected with COVID-19 and had physically visited one of our offices during the period of contagion, we would have invoked a full-office work from home policy for at least 14 days, coordinated a deep cleaning service and monitored the health of our staff for any additional indicators of risk.

Additionally, if any of the staff at that location had been in contact with our customers, we would have informed them accordingly.

Have you reviewed your media strategy in light of COVID-19?

Diligent has an established Crisis Communications Plan and will communicate according to the processes outlined within.

Could you confirm that your coordination arrangements include a fast escalation and notification to customers where appropriate?

Due to our preparations, we do not anticipate any service disruptions for our customers.

As part of our Crisis Response Plan, the Crisis Response Team will communicate closely with our commercial leadership. The current client director or client success manager will reach out with the appropriate sense of urgency to primary client contacts with any information that affects service or availability.

What contingency measures have you implemented to deal with a worst case scenario that leads to the loss of an office? Can functions be operated remotely?

We have a Business Continuity and Disaster Recovery Plan that is reviewed and tested. Technical and Business Operations can be run remotely and are distributed globally.

We have pro-actively moved to a remote work scenario for all of our office locations at this time to minimize close proximity, and hopefully the spread of COVID-19.

What contingency measures have you implemented to deal with a worst case scenario that leads to a significant loss of staff? Have you identified the minimum level of staff required to provide services?

Our staff is located across the globe with larger offices in the US, UK, and NZ and we have developed and tested the capability to work remotely. We are confident that we will have the requisite number of team members to run operations. Services can also be moved to secondary data centers.

What contingency measures have you implemented to deal with a worst case scenario that leads to a significant degradation of service? Please give due consideration to all support functions required to deliver the services.

Diligent will use the existing procedures in the Business Continuity & Disaster Recovery Plan for data center operations, but we do not anticipate that being required in any scenarios unique to this situation. In addition, our operations and support teams have run through preparedness exercises to ensure remote work can be implemented seamlessly with no client impact.

How would inquiries work in the event of a loss of office or key contact center staff? What mitigation measures could be implemented?

Diligent will use the existing procedures outlined in the Business Continuity & Disaster Recovery Plan which includes shifting customer contacts to other office locations or allowing them to be handled by remote staff.

Do IT systems support homeworking for onshore/offshore staff? Is there an assumption that staff in isolation will be able/expected to work?

Yes, our IT systems support homeworking and there is an expectation that all staff in isolation will be expected to work, based on their physical condition at the time.

*Note: Manzama and Solisma customers should inquire further regarding Business Continuity and Disaster Recovery Plans with their respective customer representative.