Global CrowdStrike IT Outage Illustrates Need for Payroll Continuity Plan


A major global IT outage occurred on July 19, 2024, affecting numerous industries worldwide. The incident was attributed to a software update from cybersecurity firm CrowdStrike, which resulted in widespread system issues.

Outage range and time to recover

The outage had far-reaching consequences, affecting airlines, banks, healthcare providers, and other critical services. Major U.S. airlines grounded flights, while financial institutions and broadcasters also reported significant disruptions. The incident highlighted the interconnected nature of global IT infrastructure and the potential risks associated with widespread reliance on a handful of technology providers.

The company quickly deployed a fix, but warned that some systems might take time to recover fully. Microsoft also reported that it had addressed the underlying cause for the outage of its 365 apps and services.

Potential impact on employers and payroll

The outage could have significant implications for employers and payroll professionals. The Global Payroll Association confirmed that the IT disruption impacted numerous clients and affected businesses’ ability to pay their employees. Melanie Pizzey, CEO of the Global Payroll Association, said that the outage “could have very serious implications for businesses…particularly those who process payroll on a weekly basis.” She also noted that the outage may result in a “backlog with regard to processing payroll for the coming month end…”

Importance of continuity plan

The incident underscores the critical importance of having robust payroll continuity plans in place. A payroll continuity plan is a strategy that outlines steps to manage payroll objectives during unforeseen emergencies or disasters. Such plans help ensure timely payment of employees, even in the face of significant disruptions.

Curtis E. Tatum, Esq., In-House Counsel and Senior Director of Federal Payroll Compliance at PayrollOrg, stressed the importance of the Crowdstrike outage “as further evidence of a need to create” a continuity or disaster recovery plan if an employer does not currently have such a plan in place. He stressed that a payroll recovery plan should expand beyond the incident itself to “incorporate options for the entire pay cycle” and “account for quarter closes and year-end reporting.”

More than a plan

Tatum added that “having a plan isn’t enough” when it comes to a disaster response and expressed the need for regular testing and updates. “In a widespread outage, similar to the one we are experiencing with CrowdStrike, your organization may not be directly affected, but your payroll service provider or financial institution might be.” He emphasized having “strong lines of communication with organizations so you know what options may be available to work around any IT issues.”

Plan and strategy

An effective payroll continuity plan should include several key elements. These may comprise backup copies of payroll files, web-based technology for remote payroll processing, online time and attendance systems, and manual payroll processing tools in case of internet or computer failures. It is also crucial to have replacement personnel available to fill in for payroll employees who cannot come to work.

Additionally, it is important to implement specific strategies to maintain payroll operations when facing an extended system failure. Tatum noted that the cost for such strategies “have become more affordable in recent years” and said that the “electronic vaulting of data is one element of a disaster recovery plan that can help with a quicker recovery,” explaining that this practice involves a company storing “a duplicate of its data off-site.”

Tatum added that “if the problem is more widespread, then the company will need to work with its service providers and financial institutions to work around any problems,” stressing that the goal is the same but “the issues are more complex when…dealing with international employees, laws and regulations.”

He then turned to the importance of compliance as part of a successful strategy, especially when an organization has a global presence, for continuity plans due to varying notification requirements based on country.

Creative communication

Tatum circled back to the importance of communication by noting that an early response to the CrowdStrike outage from a chief executive was via social media on X (formerly Twitter). He also said that Metrobank, one of the banks in the United Kingdom that experienced service issues due to the IT outage, put out a client advisory with a hotline number for clients to call. “So, if you have problems getting through on the phone, you may want to use social media and check the websites of your financial institutions.”

A balancing act

As far as ways for employers to balance the need to automate payroll systems with the importance of having manual backup processes, especially in light of the CrowdStrike outage, Tatum advises starting “with a business continuity plan” or “to review it in light of the ” recent outage if the employer already has such a plan in place. He referenced the many issues faced in 2023 when there were several major bank failures. “You need to know what to do if your financial institution is affected,” he said.

He suggested employers build a relationship with their payroll service provider if they use one, “so you know what options may be available if the provider is affected by an IT outage.” Further, Tatum said to “…be familiar with the laws and regulations where you are paying your employees” because “it may mean that various jurisdictions will grant waivers from penalties because you were not able to pay your employees timely due to an incident…”

He stressed that “a backup feature should be a key component of either system” when it comes to balancing an automated payroll system against more manual processes.



Source link