[Senate Hearing 116-283]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 116-283
 
                MODERNIZING TELEWORK: REVIEW OF PRIVATE
         SECTOR TELEWORK POLICIES DURING THE COVID-19 PANDEMIC

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
               REGULATORY AFFAIRS AND FEDERAL MANAGEMENT

                                 of the

                              COMMITTEE ON
                         HOMELAND SECURITY AND
                          GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE


                     ONE HUNDRED SIXTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             JULY 28, 2020

                               __________

                  Available via http://www.govinfo.gov

       Printed for the use of the Committee on Homeland Security
                        and Governmental Affairs
                        
                        
                        
                        
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]          
 
 
 
 
 
                           ______                      


              U.S. GOVERNMENT PUBLISHING OFFICE 
 41-324 PDF              WASHINGTON : 2020 
 
 
                        
                        

        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                    RON JOHNSON, Wisconsin, Chairman
ROB PORTMAN, Ohio                    GARY C. PETERS, Michigan
RAND PAUL, Kentucky                  THOMAS R. CARPER, Delaware
JAMES LANKFORD, Oklahoma             MAGGIE HASSAN, New Hampshire
MITT ROMNEY, Utah                    KAMALA D. HARRIS, California
RICK SCOTT, Florida                  KYRSTEN SINEMA, Arizona
MICHAEL B. ENZI, Wyoming             JACKY ROSEN, Nevada
JOSH HAWLEY, Missouri

                Gabrielle D'Adamo Singer, Staff Director
               David M. Weinberg, Minority Staff Director
               Zachary I. Schram, Minority Chief Counsel
                     Laura W. Kilbride, Chief Clerk
                     Thomas J. Spino, Hearing Clerk


       SUBCOMMITTEE ON REGULATORY AFFAIRS AND FEDERAL MANAGEMENT

                   JAMES LANKFORD, Oklahoma, Chairman
ROB PORTMAN, Ohio                    KYRSTEN SINEMA, Arizona
MITT ROMNEY, Utah                    THOMAS R. CARPER, Delaware
RICK SCOTT, Florida                  JACKY ROSEN, Nevada
MICHAEL B. ENZI, Wyoming
                     Chris J. White, Staff Director
                     James D. Mann, Senior Counsel
                Eric A. Bursch, Minority Staff Director
              Jackie A. Maffucci, Minority Policy Advisor
         Mallory B. Nersesian, Subcommittee and Document Clerk
         
                            C O N T E N T S

                                 ------                                
Opening statement:
                                                                   Page
    Senator Lankford.............................................     1
    Senator Sinema...............................................     2
    Senator Carper...............................................    11
    Senator Rosen................................................    14
Prepared statement:
    Senator Lankford.............................................    31
    Senator Sinema...............................................    33

                               WITNESSES
                         Tuesday, July 28, 2020

Sean Morris, Principal, Deloitte Consulting LLP..................     4
Lane Wilson, Senior Vice President and General Counsel, The 
  Williams Companies, Inc........................................     6
Michael Ly, Chief Executive Officer, Reconciled..................     8
John Zanni, Chief Executive Officer, Acronis SCS.................     9

                     Alphabetical List of Witnesses

Ly, Michael:
    Testimony....................................................     8
    Prepared statement...........................................    50
Morris, Sean:
    Testimony....................................................     4
    Prepared statement...........................................    35
Wilson, Lane:
    Testimony....................................................     6
    Prepared statement...........................................    45
Zanni, John:
    Testimony....................................................     9
    Prepared statement...........................................    56

                                APPENDIX

Statement from Cisco.............................................    64
Responses to post-hearing questions for the Record:
    Mr. Morris...................................................    67
    Mr. Wilson...................................................    69
    Mr. Ly.......................................................    72
    Mr. Zanni....................................................    74


                    MODERNIZING TELEWORK: REVIEW OF

     PRIVATE SECTOR TELEWORK POLICIES DURING THE COVID-19 PANDEMIC

                              ----------                              


                         TUESDAY, JULY 28, 2020

                                 U.S. Senate,      
                        Subcommittee on Regulatory,        
                      Affairs and Federal Management,      
                    of the Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 2:30 p.m., via 
video conference, Hon. James Lankford, Chairman of the 
Subcommittee, presiding.
    Present: Senators Lankford, Scott, Sinema, Carper, and 
Rosen.

            OPENING STATEMENT OF SENATOR LANKFORD\1\

    Senator Lankford. Thanks for joining today. This is the 
hearing before the Regulatory Affairs and Federal Management 
(RAFM) Subcommittee, Modernizing Telework: Review of Private 
Sector Telework Practices During Coronavirus disease (COVID-
19). Good afternoon, everyone.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Lankford appears in the 
Appendix on page 31.
---------------------------------------------------------------------------
    In 1990, Congress passed its first piece of legislation 
directly related to an employee's ability to be able to work 
outside of their assigned duty station. The most recent and 
significant legislation affecting the Federal workforce and 
teleworking was the Telework Enhancement Act of 2010, which set 
the current standards for Federal workforce requirements for 
telework.
    With so many changes in the world over the last 10 years, 
or in the case of just 2020, so many changes, period, this 
year, it makes sense to be able to take a look at the current 
telework practices to see what is working, what is not working 
for the Federal workforce, and to be able to learn the lessons 
of what is happening in the private sector. We have a 
responsibility to ensure Federal workforce strategies are 
relevant, cost-effective, and well thought out.
    Even before this pandemic, many private sector companies 
were giving remote work flexibility to their employees. The 
Society for Human Resource (HR) Management reported a threefold 
increase in the number of companies offering remote work 
options between 1996 and 2016. Obviously, that has accelerated 
dramatically since then.
    The Office of Personnel Management (OPM) reported that in 
2018, only 22 percent of the Federal workforce was eligible to 
telework. With the March transition to maximum telework 
impacting many of these positions not traditionally considered 
telework-eligible, we need to reevaluate eligibility and how 
this is determined. Clearly we have more than 22 percent of our 
Federal workforce that is actually teleworking now.
    Since March of this year, both the Federal workforce and 
many in private industry have been forced into a new, remote, 
work-centric reality. Almost overnight, Federal agencies and 
private companies were forced to deal with complex problems 
like cybersecurity, remote performance management, employee 
engagement, hiring all these on a very grand scale. The 
pandemic has been a great disruptor but it also shines a light 
on broken processes and shows an opportunity for real 
improvement.
    There are some very important telework questions that I 
believe we need clarity on in order to trudge a clear path 
forward for the Federal workforce. For example, how do we best 
prepare employees so that during a future disaster or pandemic 
we can seamlessly transition to a Federal workforce posture? 
How do we effectively train managers to stay engaged and to 
monitor performance of a remote workforce? We want to make sure 
cybersecurity threats are seriously considered and telework 
policy conversation are protected.
    Being good stewards of American tax dollars, something I 
talk about often, I believe future cost-savings from reduction 
in needed office space could be a key component to improving 
remote work opportunities for Federal employees.
    I want to reinvent the wheel, so today we will start a 
series of Federal workforce-related telework hearings by first 
reaching out to some individuals in private industry to see 
what they have learned. Those outside Federal service 
understand very clearly that creating efficient, cost-savings 
workforce strategies are less a luxury and more of a necessity.
    I want to thank this panel for taking away from their 
business and their very busy schedules. We really appreciate 
the opportunity to be able to hear about your views on telework 
and the lessons that you have learned.
    With that I would like to recognize Ranking Member Sinema 
for her opening remarks.

             OPENING STATEMENT OF SENATOR SINEMA\1\

    Senator Sinema. Thank you, Mr. Chairman, and thank you for 
holding this very important hearing. I appreciate our witnesses 
joining us today, and I am particularly grateful to have Mr. 
John Zanni here. He is the Chief Executive Officer (CEO) of 
Acronis SCS, a cyber protection and edge data security company 
based in Scottsdale, Arizona. Also welcome to Mr. Michael Ly. 
He is an Arizona native who, unfortunately, left our State and 
now lives in Vermont. I am not quite sure why, but you are 
welcome back any time.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Sinema appears in the 
Appendix on page 33.
---------------------------------------------------------------------------
    From the start of the coronavirus pandemic, it was clear 
that the public and private sectors needed to embrace telework 
wherever it was possible. It is why I co-sponsored the 
Emergency Telework Act of 2020, to ensure that agencies had the 
authority to permit maximum telework during the pandemic.
    The ability of COVID-19 to spread is scary, and the best 
way for us to reduce that spread is to follow the Centers for 
Disease Control (CDC) guidelines, maintain social distance, and 
wear masks. But most office buildings and traditional workplace 
setups are not conducive for social distancing. I know many 
companies in Arizona had to quickly transition their workforces 
to telework models.
    There are inherent challenges to implementing telework. 
Access to broadband, ensuring security in a virtual 
environment, providing the appropriate equipment, and 
supporting employees who feel socially isolated or challenged 
by the lack of person-to-person contact are some of the hurdles 
that Arizona companies have had to overcome.
    I look forward to discussing these topics with our 
witnesses so we can develop a better checklist to help both 
private and public sector entities be more successful with 
telework.
    I also think it is critical that we recognize many jobs 
cannot be done virtually. Many workers do not have telework 
options. From first responders to health care professionals, 
many workers in Arizona and across the Nation put themselves 
and their families at risk to support their communities. I 
applaud their efforts and understand that telework is one part 
of the larger discussion regarding how we keep our communities 
and families safe.
    With that I look forward to hearing from our witnesses and 
I yield back, Mr. Chairman.
    Senator Lankford. Thank you. Let me introduce our witnesses 
for today. Mr. Sean Morris is a member of Deloitte's Government 
and Public Services (GPS) Executive Committee, and the U.S. 
firm's Operating Committee. He is Chief Operating Officer (COO) 
for Deloitte's $4 billion U.S. Government and public services 
executive business. Mr. Morris has day-to-day operational 
responsibility for more than 16,000 U.S. and globally deployed 
personnel. He has responsibility for a comprehensive future of 
work transformation across HR, information technology (IT), 
Facilities, Contracts, Finance, Security, Security Compliance, 
Marketing, and Business Development.
    The second person is Lane Wilson, clearly the most 
important of the four because he is from Oklahoma, so I am glad 
that you have joined us as well. Mr. Lane Wilson is Senior Vice 
President and General Counsel (GC) for The Williams Companies 
based in Tulsa, Oklahoma.
    Prior to joining Williams, Mr. Wilson served as a Federal 
magistrate judge for the Northern District of Oklahoma, and 
served in private practice for Hall, Estill in Tulsa. Mr. 
Wilson received his bachelor's degree in electrical engineering 
from the University of Tulsa, his juris doctorate with honors 
from University of Tulsa College of Law. Lane, thanks for 
joining us today.
    Mr. Michael Ly is a serial entrepreneur and speaker, cloud 
accounting professional. He is founder and CEO of Reconciled, a 
nationally recognized online accounting firm based in 
Burlington, Vermont. Mr. Ly speaks nationally on the topics of 
remote work, company culture, entrepreneurship, cloud 
accounting, and diversity in new leadership.
    Prior to Reconciled, Mr. Ly worked for a variety of 
companies in accounting and consulting roles in Arizona, which 
has already been mentioned, Washington State, and Vermont. 
Thank you, Mr. Ly, for being here as well.
    Mr. John Zanni serves as the CEO of an American cyber 
protection edge data security company, exclusively dedicated to 
meeting the unique needs of the U.S. public sector, including 
Federal, State, and local government, education, health care, 
and nonprofit institutions.
    Prior to leading Acronis SCS, Mr. Zanni held senior 
positions at Acronis AIG. Before joining the Acronis family, 
Mr. Zanni spent 4 years at Parallels and 16 years at Microsoft, 
a tiny little company in the Northwest.
    So I appreciate all of your engagement and for appearing 
today.
    We typically have our witnesses stand and raise their right 
hand. Since all of you are seated at your desks or tables I 
assume I will go ahead and have you seated there, but I would 
like to ask you to raise your right hand because I do need to 
swear all of our witnesses in, as is the custom of this 
Committee.
    Do you swear that the testimony you will give before this 
Subcommittee will be the truth, the whole truth, and nothing 
but the truth, so help you, God?
    Mr. Morris. I do.
    Mr. Wilson. I do.
    Mr. Ly. I do.
    Mr. Zanni. I do.
    Senator Lankford. Let the record reflect both of them 
answered in the affirmative.
    We are using a timing system today. As we go through this 
process you will see the clock up there. If you are in Grid 
view they will show a 5-minute countdown for your testimony 
time. I would like you to be as close as you can to that, to 
save as much time as we can for as many questions for this. But 
we are very grateful for both your written testimony that you 
have already submitted and for your oral testimony as well.
    We will recognize Sean Morris first for your testimony.

TESTIMONY OF SEAN D. MORRIS,\1\ PRINCIPAL, DELOITTE CONSULTING 
                              LLP

    Mr. Morris. Chairman Lankford, Ranking Member Sinema, and 
Members of the Subcommittee, thank you for the opportunity to 
testify today on the lessons the Federal Government can learn 
from the private sector regarding telework. My name is Sean 
Morris. I am a Principal in Deloitte Consulting's Government 
and Public Services business, and I have spent my entire life 
in and around the critical missions of our government, first, 
growing up in a U.S. military family and professionally for 
more than 20 years working with government clients. Currently I 
am the Chief Operating Officer for Deloitte's U.S. Government 
business, with operational responsibility for more than 16,000 
personnel.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Morris appears in the Appendix on 
page 35.
---------------------------------------------------------------------------
    I fundamentally believe that challenges pose opportunities 
to rethink orthodoxies, and so it is my hope that the Federal 
Government, like Deloitte, can use this challenging moment in 
history to rethink how and where its workforce performs their 
important roles for the American people.
    Based on the investments Deloitte has made for the past 
decade in technology, facilities, and our people, for this 
Subcommittee's consideration I offer four recommendations.
    Recommendation one is to continuously invest in IT 
infrastructure and cybersecurity. Now there are a number of 
core aspects of this recommendation. For example, consistent 
investment in the latest cloud-based tools is a game-changer 
for an organization's ability to rapidly pivot to numerous 
scenarios, which means IT infrastructure and technology 
platforms must be a focal point for organizations.
    Next, any workforce requires access to reliable broadband 
to successfully perform their work, which means organizations 
should provision for different forms of broadband connectivity.
    Additionally, critical to operational success in any 
virtual work environment, the workforce must be equipped with 
the correct on-the-go hardware and software, which means 
organizations need to have a secure supply chain to enable the 
provisioning of IT hardware and software.
    And finally, workplaces and supporting IT ecosystems have 
become more diverse and extended, causing an increase in cyber 
risks. Therefore, cybersecurity programs require appropriate 
layers of technical defense. But equally important is the 
nurturing of a cyber culture where employees understand and 
counteract ever-evolving threats.
    For recommendation two, real estate and location footprint, 
we are seeing the evolution of location liberation, the concept 
that the workplace is not limited to any one single physical 
space. At Deloitte, we are working toward supporting four 
unique types of workplaces. First, the traditional office is 
transforming into a community hub where employees come to 
collaborate. Next, the field is where employees are empowered 
to be productive, no matter where their work may take them. 
Then the home, which is where employees can balance work and 
life while maintaining productivity, and finally, a growing set 
of third places which include alternative space types.
    Recommendation three is centered around performance 
management. An effective performance management approach is a 
foundational element for building trust. Deloitte's approach to 
performance management is grounded in frequent, meaningful 
conversations. These conversations, when coupled with reliable 
data, enable us to understand and recognize performance 
throughout the year. The rapid transition to virtual work 
presents government organizations with an opportunity to 
challenge the orthodoxy that physical presence and visibility 
in the office equals a productive and a high-performing 
workforce.
    Further, shifting to measuring accomplishments and outcomes 
over activities and labor hours allows organizations to 
cultivate a work environment of high-performing teams.
    And finally, recommendation four, employee engagement. At 
Deloitte, we invest heavily in an employee's experience, from 
the recruiting phase all the way through to our alumni program. 
This full life cycle investment is widely recognized as 
enabling our ability to attract and retain the most diverse and 
skilled workforce. To reinforce this point, since the onset of 
COVID-19, and so as not to lose momentum around employee 
engagement, we have transitioned many of our learning, social 
impact, and team-building events to virtual platforms.
    In conclusion, the fundamental principle underlying all 
four of these recommendations is that an organization must 
consider its human capital to be its core asset, and build its 
technology and facilities accordingly to achieve a successful 
work environment.
    Thank you again for providing me this opportunity to share 
Deloitte's perspectives, and I look forward to answering your 
questions.
    Senator Lankford. Thank you very much. Lane Wilson.

   TESTIMONY OF T. LANE WILSON,\1\ SENIOR VICE PRESIDENT AND 
         GENERAL COUNSEL, THE WILLIAMS COMPANIES, INC.

    Mr. Wilson. Good afternoon, Chairman Lankford, Ranking 
Member Sinema, and distinguished Members of the Committee. I 
thank you for the opportunity to testify regarding private 
sector telework policies during the COVID-19 pandemic. I will 
focus my remarks on how Williams has pivoted and evolved our 
telework capabilities and policies to maintain operational 
effectiveness, productivity, and efficiency across our 
workforce of 4,800 employees in 26 States.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Wilson appears in the Appendix on 
page 45.
---------------------------------------------------------------------------
    In light of our business, we had to get this issue right. 
Today we handle about a third of the natural gas in the United 
States. It is used every day to reliably and affordably heat 
our homes, cook our food, and generate our electricity. During 
the COVID-19 pandemic, this reliable source of energy has been 
crucial to hospitals and the supportive infrastructure they 
need, and the natural gas liquids we deliver continue to be 
used as feed stock to make the lightweight materials necessary 
for much of the equipment and supplies used by those hospitals.
    None of this would have been possible without our dedicated 
employees, who are doing their part during these unstable 
times, and they are doing it almost entirely by teleworking 
from field locations and from home.
    Williams' success is also due to our commitment to safety, 
reliability, and responsibility. With this in mind, I will 
share some key best practices from our transition to 100 
percent voluntary work from home in March.
    These best practices can generally be categorized into 
three areas: one, the availability of tried and tested systems 
and process; two, cybersecurity; and three, technology 
deployment.
    Going into the pandemic, Williams had the advantage of a 
decade of experience with significant remote work. Williams 
categorizes its employees as field workers and knowledge 
workers. Field workers include field technicians, safety 
specialists, and operations supervisors, and represent 60 
percent of our employee talent. Our knowledge workers, 
representing our remaining employee talent, include our 
corporate support functions like finance, legal, and human 
resources.
    Though we have central offices in Tulsa, Houston, 
Pittsburgh, and Salt Lake City, Williams' preference is for our 
field workers to be in the field, so we have developed 
processes and tools to enable our field workers to telework. 
Leveraging these processes and tools allowed us to smoothly 
transition our knowledge workers to remote work. This 
underscores the first best practice--a tried and tested system 
is key for successful telework.
    The second best practice is around cybersecurity and the 
need for multifactored systems as well as employee 
cybersecurity hygiene training. Because of Williams' critical 
infrastructure status and commitment to safety, our networking 
systems already have a layered suite of cybersecurity 
protection software. Further, our existing infrastructure and 
protocol allow us to remotely push patches to laptops, so we 
have continued to protect our devices from vulnerabilities.
    With the doubling and tripling of virtual private network 
(VPN) activity and collaboration software use, we did 
experience an uptick in malware and phishing, but one that did 
not impact our business. As a best practice, we increased 
internal communication to employees with reminders about good 
cybersecurity hygiene, and made the decision to always have one 
cybersecurity analyst onsite in case we need to invoke our 
cybersecurity instant response plan.
    Third, regarding technology deployment, our rapid 
transition to remote work depended on effective collaboration 
software. We saw the utilization rates of this software 
increase between 100 and 300 percent for online chats, web 
calls, and teleconferences. Our transition also relied upon 
employees taking home their laptops and, in some cases, 
monitors, headphones, and other assets. Also worth mentioning 
when transitioning large numbers of employees, it is key to 
have ample IT support as employees acclimate to the new 
technology and tools.
    Looking forward, we recognize that for some workers 
telework may continue to be an option, but we are also 
cognizant of the value of in-person collaboration and idea 
generation that happens organically in an office environment. 
Balancing these two factors is important, and while we have not 
made any final decisions around a long-term telework policy we 
will continue to track efficiencies and productivity measures 
to help inform our path forward. We will also capitalize on 
lessons learned, particularly around employee engagement, and 
continue to build on these opportunities, even after we are 
free to return to our office environments.
    Thank you again for the opportunity to appear today, and I 
look forward to your questions.
    Senator Lankford. Lane, thank you very much. Michael Ly.

TESTIMONY OF MICHAEL LY,\1\ CHIEF EXECUTIVE OFFICER, RECONCILED

    Mr. Ly. Thank you, Chairman Lankford and Ranking Member 
Sinema and the Members of the Subcommittee for inviting me to 
share about Reconciled's approach to telework, or what we at 
Reconciled refer to as ``remote work.'' My name is Michael Ly 
and I am founder and CEO of Reconciled. I am joining you 
remotely from Burlington, Vermont, where I live with my wife 
and three young children. Vermont is my wife's home State, but 
I still consider Arizona my home State, Senator Sinema, and 
visit every year with my family to see my mother and my 
siblings. I was actually there at the beginning of the 
pandemic.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Ly appears in the Appendix on 
page 50.
---------------------------------------------------------------------------
    Remote work allowed me to continue to run my business, 
Reconciled. We are an online accounting firm, started about 5 
years ago. Today we have about 30 employees, working remotely 
from 8 States, and serving almost 200 small businesses 
throughout the country, handling their in-house accounting 
services, remotely and online. We are recognized nationally in 
the accounting industry by our innovative approach, and we also 
speak regularly on the topic of remote work, how to build a 
strong company culture as a remote work company, and how to 
keep remote employees engaged.
    Since we have been operating as a remote company and 
completely distributed before it was popular because of COVID-
19, our operations have not been greatly impacted as much as 
our customers.
    I want to highlight one primary challenge to remote work 
that will challenge everyone involved in remote work, and then 
highlight a few key recommendations. The challenge primarily 
being children at home, school-aged children at home. This is 
by far the biggest obstruction to our employees' ability to be 
productive and successful with remote work. Most of our 
employees have school-aged children that attend public schools 
in multiple States. Having children now at home requires us to 
be very flexible with our employees and their work schedules so 
that they can both take care of their families' needs, their 
child's education, as well as their work responsibilities.
    In my prepared statement I highlighted six key proposals to 
remote work success. I want to focus on just a few of those, 
mainly defining role expectations and outcomes, regular and 
consistent communication, schedule flexibility, and taking 
breaks.
    Remote workers need to understand what is expected of them 
to accomplish their jobs successfully. Clearly defining the 
expectations an organization has for each employee and the 
outcomes that should result when a job is done well is key for 
the success of the remote employee. Often employers assume that 
their workers know what is clearly expected of them. The 
reality is employees have one expectation communicated to them 
when they initially start with any organization, but then those 
expectations change as their organizations change, as their 
roles change, and when the roles now shift to work from home. 
So clearly communicating those expectations and outcomes are 
important.
    The other recommendation is regular and consistent 
communication. Never underestimate the amount of social 
interaction that we receive outside of our home in a physical 
workplace, and imagine you having to recreate those virtually 
with a remote work team now. Time at the water cooler and 
spontaneous meetings occur 40 to 60 percent of the time at 
work, and the rest of your time is done actually doing work, 
and studies have been done in multiple workplaces across the 
country. So creating those spontaneous interactions needs to be 
intentional in a remote work setting, as well as taking regular 
work meetings, and one-on-one interaction with your supervisors 
and coworkers also need to take place.
    Flexibility is another proposal I have highlighted in my 
prepared statement. Flexibility may be one of the key benefits 
of remote work, especially during a pandemic. Flexibility can 
be seen in multiple ways, including work schedule flexibility, 
how often employees can take breaks, and from what location a 
remote employee is allowed to work or can work. The key is 
articulating a remote work policy that provides standards for 
the majority of your staff while being broad enough to fit 
multiple individual scenarios, and that is especially important 
in light of the fact that school-aged children are now at home.
    And then finally, breaks. Taking short and regular breaks 
throughout the day for remote work employees is the key to 
their long-term success. Remote employees often find themselves 
more productive in the short term, but if they do not take 
regularly scheduled, consistent breaks they find their 
productivity decreasing and their stamina burning out.
    Thank you for letting me come and share, and I am looking 
forward to helping answer questions.
    Senator Lankford. Mr. Ly, thank you very much. Mr. Zanni.

 TESTIMONY OF JOHN ZANNI,\1\ CHIEF EXECUTIVE OFFICER, ACRONIS 
                              SCS

    Mr. Zanni. Chairman Lankford, Ranking Member Sinema, 
Members of the Committee, it is an honor to join you today. 
Ranking Member Sinema, thank you for the invitation to come 
discuss the particular challenges associated with telework. I 
appreciate the opportunity to share my insight informed by more 
than 25 years in the cybersecurity field, and a remote worker 
myself since 2020, including in my current role as CEO of 
Acronis SCS, an Arizona-based company dedicated to meeting the 
unique cyber protection needs of the U.S. public sector.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Zanni appears in the Appendix on 
page 56.
---------------------------------------------------------------------------
    As COVID-19 spread, IT teams had the unenviable job of 
enabling secure telework capabilities at an incredible 
breakneck speed. Today's typical home includes a mix of work 
and personal laptops, smartphones, and network-connected toys 
and appliances, all sharing access to standard Wi-Fi router 
with basic security configurations.
    With telework, the IT help that we all take for granted in 
an office are greatly reduced. With increased dependence on 
applications like Zoom, Teams, and WebEx, that has presented 
new risks as well people tuning into calls from devices on 
unsecured networks. However, adhering to a layered ``defense in 
depth'' approach to cyber hygiene that adopts relatively simple 
processes and tools like ours significantly diminishes the 
dangers of remote work.
    As the CEO of a cyber protection company, when this 
pandemic started I had two priorities. First, ensure the 
physical and digital safety of my employees. That was 
paramount. Then continue providing solutions that help our 
public sector customers stay secure.
    On the tech front, we were well-positioned for telework. 
Similar to how the medical field uses vaccines, diagnosis, 
medication, surgery, and research to treat illness, we 
implemented a cyber hygiene plan underpinned by prevention, 
detection, response, recovery, and post-incident forensics, a 
framework for digital resilience that I would recommend for any 
organization.
    For Acronis SCS, that plan includes zero-trust 
architecture, leveraging next-gen firewalls, segmented 
networks, multi-factor authentication, and certificate-based 
VPN for access to sensitive resources. This posture helped us 
shift to telework without fear that an attack on one device 
would compromise the whole company.
    Beyond technical factors, we have taken a holistic approach 
to ensure the safety and productivity of our workforce. We have 
reimbursed employees for at-home office equipment purchases, 
disbursed monthly Internet stipends, and ensured our health 
insurance supports telemedicine and mental health services. We 
also host virtual town halls and social hours to keep our more 
isolated employees engaged, and have flexible schedules for 
those balancing work with at-home family obligations.
    We doubled down our commitment to provide software that 
meets the U.S. public sector needs, whether keeping mission-
critical assets running with our hard and backup software or 
protecting endpoints with Acronis SCS Cyber Protect Cloud.
    While telework has certainly exposed new risks, it has also 
spurred urgency, and I want to thank the Committee for its work 
on this front. Chairman Lankford, Ranking Member Sinema, you 
have been both instrumental in educating the American people on 
our nation's cybersecurity vulnerabilities and have developed 
bipartisan legislation to address them, bills like your 
Telework for U.S. Innovation Act and the Emergency Telework 
Act. From this legislation to the cybersecurity-focused NDAA 
amendments under consideration to the Defense Department's 
much-needed Cybersecurity Maturation Model Certification, all 
signs point to even more urgency across government and a more 
secure nation and robust economy as a result.
    To facilitate public-private collaboration I ask you to 
consider making the reporting of cyber attacks on Federal, 
State, and local government agencies mandatory. Similar to 
testing for COVID-19, if we do not fully understand the scope 
or the pervasiveness of the problem, we cannot appropriately 
address it.
    Increased telework flexibility is in our nation's long-term 
future. America cannot afford to relegate cybersecurity to the 
back burner. The risks of doing so are simply too high.
    Chairman Lankford, Ranking Member Sinema, Members of the 
Committee, thank you again for the opportunity to be here 
today, and I look forward to hearing your insights and 
addressing your questions.
    Senator Lankford. Thank you very much, and I appreciate 
your testimony. We will have lots of ways to be able to pick 
your brain as we go through this as well. I would tell you, on 
the technology side and the video side, you are taking an 
exceptional risk, Mr. Zanni, of standing in front of a green 
screen. I have already imagined how many different ways people 
could use that green screen and how many places they could put 
you right now.
    Mr. Zanni. Yes. That is a fair point. But I keep my private 
life private and watch what I say, but we will see.
    Senator Lankford. I will defer my questions to the end of 
our hearing. Senator Sinema has also chosen to do the same 
thing as well, to be able to defer her questions to the end. So 
I recognize Senator Carper for his questions now.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. Thank you. Thank you, Mr. Chairman. To all 
of our witnesses, welcome. In fact, you all have some very 
interesting backgrounds. You have made some significant career 
changes and moves that one would not have expected, given your 
early start in life. I am delighted that you are here to share 
your thoughts with us today.
    I am going to start with a question for Mr. Zanni. In your 
testimony, you state that the modern cyber threat landscape is 
more sophisticated and relentless than ever before--I would 
agree--but that many of these threats are not new.
    Ransomware is one example of this, as these attacks have 
continuously posed a threat across different sectors, including 
State and local government. Educational institutions as well.
    More recently, scam emails have been a way bad actors are 
affecting vulnerable systems. Did you hear that? That sound 
says we just began our next vote, and maybe our last vote for 
the day. We will see. It will be over in a second. Maybe. There 
we go.
    More recently, scam emails have been a way bad actors are 
accessing vulnerable systems while folks are teleworking. How 
has your organization, Mr. Zanni, handled cybersecurity 
incidences with employees shifting to telework, and how can 
Federal, State, and local governments learn from those 
incidences in identifying our vulnerabilities?
    Mr. Zanni. Thank you. In the context of our company, we 
took a ``defense in depth'' approach, which means a layered 
approach to protection. No single company can provide 
sufficient protection against ransomware or phishing attacks or 
other malware. Unfortunately, the weakest link is still humans. 
We are taught and trained to trust, and that trust is sometimes 
taken advantage of.
    Also, it is impossible for anybody to keep their systems up 
to date instantly. So by having a multilayer approach in terms 
of VPN, multi-factor authentication, having a good antivirus 
software, having good backup and recovery, good anti-
ransomware, you really minimize the chances of anything bad 
happening. And if it does, you can recover quickly, and if you 
take full advantage of encryption, the likelihood of any data 
being compromised is very low.
    The other part I would like to add here is education. 
Unfortunately, as a society, we do not understand yet the 
seriousness of these threats and the tools that the bad actors 
have. Right? This is not college kids in a dorm room having 
fun. These are nation-states, well-funded organized crime. They 
have the same access to machine learning and quantum computing 
and artificial intelligence (AI) that we have access to. And so 
without bringing in the experts and the professionals and the 
tools and the processes to protect ourselves, we just become 
vulnerable.
    And so education and awareness is an absolute key 
component, and we spend a lot of time, like me here, just 
educating and driving awareness, so that people really protect 
themselves and not make security an afterthought.
    Senator Carper. Thank you very much, and thank you for 
making time to do some of that educating with us, my colleagues 
and me.
    A question, if I could, for Mr. Morris. This deals with 
coordination with an agency we call Cybersecurity 
Infrastructure Security Agency (CISA) at the Department of 
Homeland Security (DHS) Mr. Morris, I understand that you are 
responsible for managing over 16,000 U.S. and globally deployed 
personnel. Is that right?
    Mr. Morris. That is correct, sir.
    Senator Carper. Boy. How long have you been in your current 
leadership position?
    Mr. Morris. Current role, one year.
    Senator Carper. OK. I read in your testimony that Deloitte 
practically shared cyber threat intelligence with the U.S. 
Government agencies, cyber threats before they can cause 
substantial harm. One of those agencies, I presume, includes 
the Cybersecurity Infrastructure Security Agency, which is at 
the Department of Homeland Security. Is that correct?
    Mr. Morris. Yes, sir. We share it governmentwide and 
actually within the industry as well. We find it is a good way 
to collaborate on external threats.
    Senator Carper. OK. Over the years, a number of my 
colleagues and I worked to give DHS the resources necessary to 
carry out its cyber mission. We are especially proud of the 
bipartisanship in Congress that led to the passage of 
Cybersecurity and Infrastructure Security Act in 2018, 2 years 
ago.
    Could you take a minute and talk a little bit more about 
your relationship and that of your colleagues with CISA and the 
other relevant Federal agencies that you work with? Tell us a 
little bit more, if more needs to be done to improve that 
relationship between the Federal Government and the private 
sector in addressing the current threats that we face in light 
of this pandemic.
    Mr. Morris. Yes. Thank you for that great question. I will 
just say that I spent a decade working with the Department of 
Homeland Security, both pre-9/11 and post-9/11, so it is one of 
the agencies that I have had a lot of experience with, and it 
is a fantastic organization.
    What I would say is that our cyber professionals work 
across the Federal Government, State and local governments, 
higher ed, and in commercial organizations, and we share some 
of the best practices that we see with all of those 
organizations, in addition to standard threats that are 
occurring on an almost real-time basis.
    One of the things that I would add about some of the 
uniqueness of the Federal Government and governments in general 
is just the multi layers that are associated with our IT 
systems. And we are noticing a significant amount of success 
utilizing machine learning, both in our own networks and then 
sharing that with other government agencies.
    The reason that that is a game-changer is the volume that 
you have to go out and see on a regular basis, and that must be 
monitored on a regular basis is, quite frankly, too much for a 
human to do, in any realistic manner, and so machine learning 
is starting to transform the way that we can interact with all 
of these layers of network going forward. I think that is a 
game-changer for agencies, in general, to better utilize.
    Senator Carper. All right. Thanks very much. My time has 
expired. Thank you all.
    Mr. Morris. Thank you.
    Senator Lankford. Stick the landing, Senator Carper. I 
appreciate that. I am going to ask a couple of questions and 
then I am going to defer on to Senator Rosen and Senator 
Sinema, because I will have to run and do a second vote, just 
like Senator Carper is going to have to do here in just a 
moment as well. So we will switch back and forth.
    But I do want to ask, Mr. Ly, you mentioned about school-
aged children and flexibility. Obviously that is a unique issue 
right now with COVID-19, with schools being closed. I want to 
ask you, as you are thinking about, let's say, a year from now, 
are there lessons to be learned? And that is a lot of what we 
are trying to be able to pick your brain on for all of you, is 
to pick your brain on what you are doing in the private sector, 
or things we need to implement in the public sector in the days 
ahead.
    For school-aged children, do you anticipate for telework 
you will handle schedules differently for teleworkers, not 
during summertime but during summertime that may be different? 
Do you anticipate something is going to have to change when we 
are not in a COVID-19 world but still doing telework?
    Mr. Ly. Yes. Right now we have been operating pre-COVID-19 
world as a remote work and telework company, and so we first 
set expectations with every employee that the majority of their 
work, the predominant majority of their work has to be 
accomplished and done during the normal business hours of 8 
a.m. to 5 p.m. Eastern time, which is the time zone we 
generally operate in, and what our customers generally operate 
in and want to receive responses from us from.
    We also communicate with our employees that they need to be 
responsive to emails, to communication, to their customers as 
well as other coworkers that have questions related to work.
    I think the really main disruption is the reality of 
school-aged children at home. Besides that, we have been able 
to have fairly efficient operations as a business and also set 
expectations of our employees on their productivity and work 
outcomes. That work would normally be able to be accomplished 
during normal work hours, between 8 and 5 p.m. local.
    Senator Lankford. Right. Before I transition to Senator 
Rosen here for her questions, what I am really trying to drill 
down on is do you anticipate, post-COVID-19 lessons learned 
that you are going to have one type of structure for your 
telework folks that have school-aged children, let's say 
January to May, and another type structure that functions 
during the summer, with those that have school-aged children, 
or do you just, for your managers you are just basically saying 
be more merciful to your folks that are managing when they have 
school-aged children? Do you anticipate there are two different 
structure or just more mercy and flexibility during the summer?
    Mr. Ly. I think there is more flexibility during the 
summer, but as long as you empower your managers and your 
employees to make decisions that work for their families but 
also allows them to accomplish their work outcomes and that 
those are clear for them, then what we find is generally our 
employees are very flexible with their own lives because they 
appreciate the flexibility they are being given.
    So with the responsibility of being able to work from home, 
they take that seriously, and they flex their own personal 
lives to be able to get their jobs done, as well as the needs 
of their families.
    Senator Lankford. OK. Fair enough. I want to recognize 
Senator Rosen for her question time, and then Senator Sinema 
will follow her directly after that.

               OPENING STATEMENT OF SENATOR ROSEN

    Senator Rosen. Thank you, Chairman Lankford, for waiting 
for us to come back from votes. I really appreciate it. Thank 
you, Ranking Member Sinema.
    This hearing today, of course it is such an important 
topic. It is on the minds of every single person I know, 
whether you are a worker, a business owner. This is one of the 
many challenges that we have today. So I am so glad we get to 
come together in a bipartisan way to figure out how we are 
going to support businesses as employees migrate to some form 
or fashion of telework, and what kind of flexibilities do we 
all need to be able to make this happen.
    I want to focus a little bit on cybersecurity, and, of 
course, the pandemic. We have forced many small businesses now 
to transition their workforce to work remotely, and we know the 
challenges it faces is sometimes you do not have the right 
Internet, you cannot get on, the phone signal, whatever those 
things are. Our companies had very little for planning before 
having to shift quickly from in-person work to telework.
    So, of course, we know there is no shortage of hackers out 
there. They see this as a prime opportunity to just pounce on, 
and potentially steal information, get inside someone's place 
of business. They want to exploit those gaps in security, 
targeting individuals on secure devices or networks. Many of 
them are now using things from home that are not secure in the 
same way their space may have been at the office.
    And so, Mr. Zanni, can you talk a little bit about the 
major cybersecurity challenges that small businesses are facing 
when they transition? Are the current programs at DHS and Small 
Business Administration (SBA), do you think they are enough to 
help us get over kind of this hump of having to figure all of 
this out? What can we do to help fill the gaps as everyone 
needs to navigate this?
    Mr. Zanni. So I thank you for the question. Prior to my 
tenure at Microsoft I was actually a small business owner, a 
single restaurant, for over a decade, so I have a particular 
affinity and love for those people who work very hard, day in 
and day out, to support their families.
    The first thing is that, for small businesses, it is still 
way too complex to figure out how to protect yourself against 
cyber attacks. Part of that challenge is, of course, with the 
industry itself, and that includes me. Part of it with the 
government, providing clear and concise guidance on how to 
protect yourself. It is not that hard. It is just very 
confusing today.
    We are fortunate. We follow a lot of the government 
guidelines. But as you know, if you have ever read a National 
Institute of Standards and Technology (NIST) guideline, they 
are not two-pagers, right, and it takes some expertise to 
really go figure that out.
    So I think what the government could do better is first 
awareness and education on how this threat is real. Just like 
none of us would leave our house with our door unlocked, or 
even remove the locks and leave, we need to show people that 
you need to have cybersecurity as top of mind. And even the 
smallest business is not exempt. In Arizona, a small school 
district was attacked, a K-12 school. They said, ``Why did they 
attack us? We are nobody.'' They do not care.
    And then the other one is really providing concise 
guidance, right? It really is just about keeping your system up 
to date, having the right cyber protection tools, and some 
people to make that happen. Just like you have made it very 
easy for me to recycle trash, which I know is more of a 
physical piece, but it is that same concept, and there is some 
work we could do together there.
    Senator Rosen. I appreciate that. I appreciate you being a 
former restaurant owner. I would love to chat with you about 
that because in Nevada we love our restaurant and hospitality 
industry, for sure. But I want to thank you for your answer, 
because 99 percent of businesses in Nevada are actually small 
businesses. My office, we have heard from hundreds of them. We 
have connected with every Chamber of Commerce, our small 
business directors, done over 100 webinars. I have been on many 
of those with them.
    I want to really ask the business owners, the businesses 
represented on the panel, if you did not turn to the SBA or to 
NIST or some of those, where did you turn for information to 
maintain your cybersecurity as you were transitioning? So, Mr. 
Wilson, I guess we will let you go first, and then Mr. Morris 
and then Mr. Ly, please.
    Mr. Wilson. Thank you, Senator. Yes, I mean, we are not a 
very small business so fortunately we have a very robust IT 
department and they were able to transition us in the means 
that we needed to. So probably not the best one to answer that 
question for you.
    Senator Rosen. Mr. Morris.
    [No response.]
    Mr. Ly.
    Mr. Ly. Right. Because we handle accounting work and we 
often have access to financial information related to our 
customers, we, from the beginning, have implemented 
cybersecurity protocols that are very secure. The weakest link 
in most remote organizations is what we call ``endpoints.'' 
Generally they are mobile devices or laptops that are either 
provided by a company or brought in by an employee themselves. 
And it is ensuring that the security protocols are set up as 
well as virus protection, malware protection, and Internet 
security suites are preloaded onto those devices, as well as 
ensuring that employees' homes and the networks that they are 
on are protected and secure, and that they are using VPN 
software when they are entering into areas that are unsecured, 
like public Wi-Fi settings, if they are planning to do work 
from a location that is not their home location.
    Also, the more pure cloud-based technology you can 
leverage, in our opinion, the better, mainly because then 
documentation or confidential documentation is no longer 
sitting on those devices but instead sitting in the cloud, in 
the Internet, and accessed through Internet software, Internet-
based software, and that is primarily the practice we have 
used.
    And so we leverage accounting journals, technology 
journals, and websites that allow us to ensure that we are 
setting the right security protocols for ourselves and 
consulting also our clients on the best practices as well.
    Senator Rosen. Thank you. I appreciate that. I know I am 
just about out of time so I am going to submit this one for the 
record. But I think about the costs associated with migrating 
to telework, and I think about the capital investments that can 
make that may spur our economy. Those are those one-time 
investments that we are going to do to bring all of our systems 
up to speed or create that personal protective space we might 
need, even if people come in or buy laptops, hardware, 
software, and the like, versus the normal operating expenses. 
And perhaps Congress can think about how we help you with the 
one-time capital expense so people's businesses can continue to 
operate, and that can take it off their daily books, if you 
will.
    So we will look forward to seeing those answers. Thank you, 
Mr. Chairman.
    Senator Sinema. [Presiding.] Thank you, Senator Rosen.
    Hi. It is Senator Sinema again, and my first question is 
for Mr. Zanni and Mr. Morris. Successful telework is dependent 
on reliable high-speed Internet and as a member of the Senate 
Commerce Committee I have repeatedly called for future 
coronavirus relief legislation to include a long-term plan to 
invest in broadband infrastructure, ensure we have the 
appropriate regulatory framework, develop better coverage maps, 
and utilize Federal resources effectively.
    My State, in Arizona, ranks 51st for rural fixed broadband 
deployment, and three-fifths of rural residents have no access 
to ground-based broadband. So folks in Arizona frequently tell 
me the service that exists is often unreliable.
    Given that both of you highlighted these types of broadband 
challenges in your testimony, what advice would you give to 
other employers seeking to expand telework, those who face 
similar challenges?
    Mr. Zanni. This is John and I could take the first one, if 
that is OK.
    Senator Sinema. Great.
    Mr. Zanni. OK. Great. Thank you. So first, I do want to 
emphasize that we do need to solve the lack of broadband access 
to rural populations, because that is critical. Today, if you 
do not have access to broadband in most businesses you are at a 
competitive disadvantage.
    Having said that, there are ways around it until it becomes 
available. There are products like ours that are optimized for 
low broadband situations where they are using smaller agents, a 
lighter footprint, combined solutions to not use as much of the 
network. Even the teleconferencing software, you will see a 
very big difference in low broadband situations if you are 
using Zoom, for example, versus Skype.
    And so being able to make sure you identify the tools that 
work best in those situations, you can still be quite 
productive. We need to solve the problem of not having 
broadband access to everybody.
    Mr. Morris. And this is Sean Morris. Ironically, you may 
have noticed my picture went away for a moment there, about a 
minute ago, and actually the power went out in my house, and so 
it re-emphasizes the importance of actually having a backup, 
which I think is incredibly important. Bad things do happen 
sometimes, sometimes on a world stage, I guess, as well.
    But in any event, what I would say is I completely support 
John's comments previously. We have to invest in our broadband 
technology for all aspects of our country, and not just the 
populated cities but the rural areas as well. We put ourselves 
at a competitive disadvantage against other European countries, 
for example, that have made significant investments and are 
leaps and bounds ahead of us, in many instances, and are better 
able to take advantage of things like 5G in the future.
    Backups are important, at the end of the day, as I proved 
just a moment ago. From a Federal employee perspective, one of 
the things that we have done, while it is not perfect, when 
broadband connectivity is down or not available, in particular, 
in one of four locations that I referenced in my opening 
remarks, every one of our employees is issued a smartphone, 
which enables a hotspot to work and provides some levels of 
connectivity. It is actually very good. These days it is 4G and 
moving to 5G.
    Senator Sinema. Thank you so much.
    My next question is for first Mr. Ly--I apologize; I think 
I pronounced your name wrong at the beginning of our hearing--
and then also for Mr. Morris. Whether a company is a small 
startup or a large multinational firm, individual employees are 
its backbone. Social interaction in the workplace is not only 
helpful for professional development but also in cementing the 
relationships inherent in creating a team.
    So what steps have you taken to ensure that your employees 
continue to feel fulfilled and supported while teleworking, and 
have you discovered any tools available to help employers 
enhance and maintain that camaraderie amongst the workforce?
    Mr. Ly. Yes. So thank you, Senator Sinema. The tools we 
use, we leverage technology to allow for that consist 
connection to be recreated virtually, that normally happens in 
an office. It starts on day one, when an employee begins, and 
starts with their experience with onboarding into a company and 
their experience with HR. We leverage video technology such as 
Zoom, and then an internal communication tool such as Slack 
that replace traditional email but allow instant communication 
between employees, and allows us to create spontaneous meetings 
and interactions and collaboration that normally happen within 
an office.
    We also require that every employee has a touchpoint 
throughout the week with either a supervisor or a coworker, so 
that they have regularly scheduled times in which they are 
connecting in with their team virtually. Because again, you are 
trying to compensate for, as you said, in-person times that 
happen throughout the day, and we cannot overestimate the 
amount of social interaction that continues to occur, and the 
health and well-being that helps with that.
    So we are very intentional about that, scheduling that 
throughout people's calendars, and making that a part of an 
employee's work responsibility throughout the day and 
throughout the week.
    Mr. Morris. I would just add, I agree with those comments. 
We have invested significantly in what we call the employee 
experience, throughout the life cycle of an employee's time at 
Deloitte, and we did not want to lose all of that investment 
when we went into this full telework environment. And so we 
have transitioned to almost everything we do for employee 
experience to a technology and online platform. And what that 
has allowed us to do is not lose that culture of heavy 
investment in our employees.
    One of the core aspects of our culture is to give back to 
our communities. We give a significant amount of our time and 
money to pro bono efforts, as an example, across the country. 
And we have moved our pro bono activities, our social impact 
activities to those online platforms that we have, many that 
are very similar to what was previously shared.
    So, at the end of the day the best practice here is do not 
stop investing in the employee experience. Move it, if you can, 
to these platforms, and that culture will continue to thrive 
and adapt.
    Senator Sinema. Thank you. Just a quick follow-up on this 
topic. Are there specific actions you would recommend a company 
take regarding telework during a pandemic when feelings of fear 
and social isolation are often exacerbated?
    Mr. Morris. Yes. I will just add that, what we did was we 
encourage our individuals to take time off. That is a challenge 
that we see at the moment across industries.
    The other thing that we did was recognize that well-being 
is both physical well-being and emotional well-being. And so we 
gave 80 hours of time off in addition to sick leave and 
personal time off. So there is a steady focus on that working 
from home does not equal working all the time.
    Senator Sinema. That is an important point. My next 
question is a follow-up on kind of building off the question 
that Senator Lankford asked earlier, for Mr. Zanni and Mr. 
Morris. I have heard from some Arizona companies that perhaps 
the chief challenge with teleworking right now is the closure 
of most of our schools. Parents are managing their children's 
education needs while also juggling their own work 
responsibilities. And as we have seen, this requires great 
flexibility on the part of companies and families.
    So what specific recommendations might you have for 
companies, or for families, on how to set up or expand a 
telework plan so that people can both manage being a good 
parent, a home-school teacher, and a good employee?
    Mr. Morris. John, do you want to start?
    Mr. Zanni. Sure. Yes, that is an incredibly hard problem to 
solve, especially some of those families live in smaller homes. 
And it is not just about the child or the dog coming in and 
interrupting you during a meeting. It is the worrying even when 
you are in a meeting, are they going to interrupt you? When do 
I get a break?
    The best we can do is first really send the message to 
these families that as an employer we are here to support them 
and support flexible work hours, and take the time off that 
they need. I have one, my head of sales. He came to one day and 
just said, ``John, I need to take 3 days off. I need to give my 
wife a break so that we do not go crazy.'' And of course I 
said, ``Immediately.''
    Longer-term, we have to think about how these workers can 
somehow segregate themselves or separate themselves enough to 
not be as distracted or find the right work-life balance. I 
have seen hotels offering rooms during the day now for 
telework. I am sure there are other options that will come up. 
But we need to think together how to do it.
    But the first thing is really--I have made sure, for me, 
one-on-one calls from my head of HR, that everyone in my 
organization knows family first. If you need a break, take it.
    Senator Sinema. I appreciate that.
    Mr. Morris. Thank you, Senator. I would just add that the 
training does start from the top, and that is absolutely a 
lesson learned that we have had in Deloitte.
    The other thing I would say here is that yes, it is 
families with children. My wife and I are certainly examples of 
that. Yes, it is very challenging. But it is also other 
circumstances, and I think it is important to note that in 
diverse employee networks, that could be an aging parent, that 
could be a pet that is sick. There are a whole bunch of things 
that it could equal.
    One of the things that we have focused on is this concept 
of courageous conversation. So very open, authentic 
conversations with senior leaders in the firm to really get the 
tone and the culture out there that you can actually ask for 
time off. It is not looked down upon. In fact, we would like 
you to share what is going on in your life so that we can adapt 
our processes and our policies. And we use various 
communications techniques as well as surveys as a way to get 
that information and feedback to tailor our programs and our 
processes.
    Senator Sinema. I appreciate that.
    Mr. Chairman, thank you, and I yield back.
    Senator Lankford. [Presiding.] Thank you.
    All right. So going back again to the basic of this whole 
hearing. We are trying to gather ideas from you, lessons you 
have learned, so that when we are writing legislation or 
working through policies for the future for Federal agencies we 
need to learn what you have done. We will gather, obviously, 
what they have experienced in the last couple of months and try 
to apply it to policies.
    So let me ask some very basic questions. All of you have 
been through this in different forms for a while, but this is a 
very different type of year. I have heard quite a few companies 
say, ``Well, you know what? We are finding good success in 
teleworking, more so than we thought we would,'' and then they 
put this caveat in there, ``except when we are hiring new 
workers.''
    Because the people existing and teleworking now that you 
have added so many that are teleworking, they have previous 
relationships, they are used to collaborating. But when you add 
a new person or a new group of people into this, trying to 
learn from each other, figure out how to collaborate, 
integrating into the culture of your business, that is a very 
experience when all of their experience has been telework and 
all the people that physically collaborated now do not know 
what to do with this new person that is teleworking.
    So let me pick your brain on this a little bit. For the 
long term, are there lessons that we can gain from this on 
integrating new people into your culture when all of the 
relationships are telework relationship? Any or all of you can 
answer that. If you have input for that, we need it.
    Mr. Ly. Yes, I can start with that, because we hire the 
majority of our employees in that way, remotely, employees I 
have never physically met or been present in the same room 
with.
    So it first starts with thinking through your onboarding 
experience or your employee, your day one experience. And most 
important for us at Reconciled was what is an employee 
experiencing in the first day, first week, and first 30 days of 
being here, and how do we set them up for success? So we 
leverage technology to do that. We created a dashboard where we 
literally outline all the different steps of what they are 
going to experience in those first 30 days, what their 
different days are going to look like, the training they have 
to go through online. We require every employee to set up video 
meetings with others in the company, even if it is not related 
to their work, just so that they start interacting with other 
co-workers and other team members in the company.
    We also have required meetings with different managers, 
different leaders in the organization, and they do go through a 
pretty thorough video orientation with the head of HR as well 
as their managers, several times that week during the first few 
days.
    So it is important to think through intentionally what is 
an employee experiencing, what is it like, what are things that 
they need to see on video, what do they need to see in physical 
documentation, what can be a quick email, and really trying to 
create what I call, like in a Disney-like experience. How can 
you wow them, even in a virtual setting?
    And we often have employees say they feel more connected in 
that experience virtually than they do with most places they 
have worked physically. So we know the results speak for 
themselves when we get that feedback from an employee. So it is 
really that intentional investment, very similar to what you 
would do to invest in the customer experience, on how do you 
make a customer feel like they really are connected with you 
and can trust you. You have to do the same, if not more, with a 
virtual employee.
    Senator Lankford. OK. Very helpful. Who else?
    Mr. Zanni. This is John. I will just second what Michael Ly 
said. It really is about being intentional. We have onboarded a 
number of employees since COVID. First time in my life I have 
not met them in person, quite disconcerting at the beginning. 
But once they start we have a very robust onboarding session. 
We have teams that keep Zoom sessions on all day, so that 
people can interact, ensure those video meetings.
    I personally will send them a message on Teams to say, ``I 
am right here if you ever need anything.'' So remove those 
layers that I am not the fake, inaccessible guy. And it has 
worked out very well for us.
    Senator Lankford. OK.
    Mr. Morris. I will just add one other point. I agree with 
everything that is being said. We are being very successful in 
some unusual circumstances here.
    But I would add that when we beat this virus and we get to 
our new normal, my personal perspective is that the need for 
some level of in-person interaction is important for continuing 
to cultivate an employee experience and a culture, which is why 
we think about our workplaces facilities in the four quadrants 
that I spoke about earlier. It is this dynamic movement across 
those, where you can have different experiences and different 
interactions.
    Technology is a fantastic game-changer, particularly right 
now in COVID-19. But I am a believer in some level of human 
interaction as well.
    Senator Lankford. So Sean you are saying that you are going 
to keep those four quadrants even after this, that it is your 
expectation that you are going to have, if I remember them 
correctly, collaboration, that you will have home, alternative 
place, and then there is one other, the field was the fourth 
one, if I recall correctly. Do you anticipate you are going to 
still have those four quadrants even after this?
    Mr. Morris. Yes, Senator, and it is recognizing that an 
employee may be doing different things at different stages in 
their careers, so they can move around those quadrants. And 
that we have taken all those into consideration as we are 
building the right platforms, and we are building those 
platforms on that experience, as opposed to the platforms 
first.
    Senator Lankford. All right. Lane, where are you as far as 
trying to be able to onboard people during this time period? 
Any lessons that you have learned that could help us in the 
Federal workforce?
    Mr. Wilson. Yes. We are onboarding people as we speak. I 
think this boils down to leadership, frankly, and intentional 
touchpoints.
    So I lead a team that even before the pandemic was not on 
the same floor as I am here in Tulsa, and the majority of the 
team was not even in Tulsa. They were spread across four 
different States. And being very intentional about getting them 
in front of leadership, through town halls, for example. We are 
now doing monthly town halls as opposed to before we were doing 
quarterly town halls. Making sure that they get a feel of the 
culture from the leadership, and then as a leader, making sure 
that you are having those intentional interactions with your 
team, and also making sure that your team members are having 
intentional interactions with themselves. And then you cascade 
that down through your organization.
    We probably have five, six layers here at Williams. So we 
have to make sure that our supervisors, who might be managing a 
team of eight or nine people, either out in the field or in an 
office, are doing the same thing, that they are talking to and 
visiting with and having collaboration sessions with their 
teams, and also making sure that their team members are doing 
that. And when you bring somebody new on board, that is even 
more critical, that you build in an expectation that, hey, you 
have a new team member. Have you reached out to them? Have you 
had a videoconference with them? Have you talked to them? Do 
you know anything about them? Have you gotten to know them in 
any way?
    And so I think it is really just about very intentional 
leadership.
    Senator Lankford. So let me delve in on this a little bit 
more, for all four of you, if any of you want to be able to 
answer this. Has your perspective changed, or maybe it has not? 
I am interested to be able to know what that might look like, 
that there are certain positions that you will no longer hire 
those within a geographic area, or certain tasks and certain 
jobs you know that they are very capable of teleworking from 
anywhere in the world, for that mindset, but at least anywhere 
in the country. Is there a perspective that you have that in 
the future there will be certain jobs that you will hire 
remotely, find the best person no matter where they live, and 
have them permanently work not in an office space?
    Mr. Ly. Yes. I can speak for the accounting industry. My 
peers who were not previously doing telework or remote work, 
and believed that was impossible and saw what we did, said, ``I 
am not sure how that is possible. I have been forced to.'' And 
they are finding a lot more efficiency, a lot more productivity 
when they implement the best practices around it.
    Senator, I was watching a YouTube video of yours on 
YouTube. I was really inspired by this daily interaction or 
weekly interaction you have with different people from your 
home State that visit D.C., and you have coffee with them. I 
was thinking to myself, wow, imagine being able to have that 
kind of coffee virtually with people all over the world that 
are from your home State, and be able to answer questions and 
connect with them, both formally and informally.
    And that is what we do also--that is what I recommend also 
for most companies who go to remote work, is an example is we 
have a daily virtual lunchroom. Anyone can jump into that 
virtual lunchroom. Everyone has lunch, or has a meal. And so 
they can go in and interact with one another and not even talk 
about work, or we do the same thing with coffees with the CEO. 
I have a weekly coffee where any employees can jump in and have 
an informal time with me.
    As Lane said, all those interactions take leadership, it 
takes modeling, and brings kind of that aspect of the culture 
that you are trying to build that normally happens in an 
office.
    But there are definitely roles we are hearing from clients 
as well as from peers in the accounting industry, which is very 
slow to move in regards to technology, that are surprised at 
how well it is working, and how now they are expanding the 
different locations they are willing to hire from.
    Senator Lankford. OK. That is helpful. Let me ask about 
merit-based affirmation. Some of that is remote working. It is 
harder to be able to stop by their cubicle or stop by their 
office, compliment them on the work that they are doing. That 
has to be a very intentional thing for a leader to manager to 
be able to do in that situation. It is also, when we talk about 
raises, when you talk about promotions, it is difficult to be 
able to do when you are not interacting with that person, when 
you are literally getting data about that person's performance 
rather than interacting with them, to be able to know what they 
are doing.
    How are you handling merit-based affirmation, whether that 
be promotions, raises, whatever that may be?
    Mr. Wilson. Senator, this is Lane again. It is sort of much 
of the same. I insist that all of my performance reviews and 
all of the performance reviews of my team, if the person is not 
there in your office, and obviously they are not now, that has 
to be done by videoconference. It has to be done face to face. 
You need that interaction, and I think even after this pandemic 
is over, if you have people that are working remotely, as Sean 
said, I think you have to get them all in together, on an 
occasion, and it is obviously better to have those discussions 
in person. But if you cannot, adding the face on the video is a 
big benefit.
    Senator Lankford. Yes. Are you adding some sort of metrics 
that you are trying to track performance with, or how are you 
handling that? Is there a piece of software that has been 
useful to you, to be able to evaluate the performance or 
quotas, whatever it is that you are putting on individuals in 
the field, to be able to know customer service responses? How 
do you manage that?
    Mr. Wilson. Yes. So we have used that sort of collaborative 
software for a very long time, in terms of our sales 
representatives, the people in the field who are supposed to be 
interacting with customers. From a high level, in the office 
environment, with, lawyers, HR professionals, accountants, that 
sort of thing, we do not get down to the individual level. 
There may be some privacy issues you have to think about there. 
But we do track that on a very broad level. As I indicated in 
my testimony, we have been able to get a pretty good handle on 
the fact that our employees are utilizing this collaborative--
the teleconferences, the chatting, that sort of thing--on a 
much higher rate than they were before. And that gives us some 
comfort that these interactions are occurring.
    Senator Lankford. OK. Other input from other individuals?
    Mr. Zanni. This is John. I can add that my experience has 
been that employees really like having ownership, and 
measurable goals, right, because it sets expectations 
appropriately. In most cases when you cannot assess whether 
people are doing their job are not, part of the problem, or 
even in some case most of the problem, it is the manager 
themselves who have not really thought what they want them to 
do and how to measure it. It is hard, but once you do that, 
then these questions of, ``I have not heard from James Lankford 
in 2 days. I wonder if he is actually working,'' they come up 
very rarely because you just look at the results or the output. 
And so that is what we have focused on and it has been pretty 
effective.
    Senator Lankford. Good. By the way, I know James. He is 
working.
    Mr. Zanni. OK. Good.
    Senator Lankford. Anyone else?
    Mr. Morris. Senator, I would just add, and I referenced 
this in my opening remarks, that designing a performance 
management system that is built around regular interactions 
between a supervisor and an employee is a builder of trust, at 
the end of the day. I think setting goals and reevaluating 
those goals through that system, where you are having regular 
conversations and using data around it, is incredibly 
important.
    What I would also say is making sure that those goals are 
balanced. We like to think of them in not just quantitative 
terms, which is where it is easy to count, but also in 
qualitative. And concepts like leadership and agility, and 
looking at aspects of 360-degree feedback. All of these are 
important aspects to build that trust between a supervisor and 
an employee, in a sort of modern performance management 
approach.
    Senator Lankford. OK. Let me ask this. Several of you, in 
your written testimony or in your oral testimony, talked about 
increasing need for IT professionals, cybersecurity. John, you 
mentioned specifically the challenge of people working from a 
home system that you have no idea how that router was actually 
set up, the security settings that are there. They are working 
in unsecured networks at a coffee shop at some point. There are 
a lot of cyber challenges there.
    Are there any lessons learned that we should be aware of on 
the Federal side that we could implement?
    Mr. Zanni. I will start. Absolutely. So I am glad you 
brought this up, because one of the biggest challenges is there 
is a lack of cybersecurity experts within the country. Today 
there are over 600,000 open positions, about 50 percent more 
than before COVID. And without the people--you have people, 
processes, and product--without the people you will not be able 
to implement a good, secure solution.
    And so where the Federal Government could help is getting 
those people trained. For example, one of the--I still believe 
in this, but I actually created a charitable foundation called 
Acronis SCS Vets, specifically focused at taking our U.S. 
veterans and military spouses, getting them the nationally 
recognized certificates they need to get self-sustaining jobs 
in cyber. So it is a reskilling effort.
    It has been very successful. Unfortunately, my numbers are 
nowhere near to where they need to be to impact 600,000 people. 
This is an area where I think the government can help a lot in 
providing cyber training to individuals who need to be 
reskilled, or are willing to learn them, to go work for all 
these businesses.
    Senator Lankford. OK. Other input from others? Michael, I 
think you mentioned this as well in your statement.
    Mr. Ly. Yes. I think the one thing is, as much as you 
control the endpoints--the laptops, the mobile device that your 
employees are using--I would be hesitant to allow too many of 
your employees to bring their own devices, because you have 
less control, unless you make them basically sign the device 
over to your company or over to your organization. So as much 
as you can basically protect, secure the endpoints, as well as 
their home networks, is important.
    And then monitor and make it really clear that employees 
need to let you know when they are traveling or when they are 
planning to work at a different location other than their home 
network, because that is where also cybersecurity threats and 
accidents happen, where they are in a public Wi-Fi setting, 
they are in the airport working, they are in a coffee shop 
working, and those networks are not secure, and they forget to 
turn on their VPN, like required.
    So just making sure that you have technology that alerts 
you when employees are in different Internet Protocol (IP) 
settings or locations that are unsecure, and making it really 
clear that there are strict standards that your company is 
going to abide by, as people work and do remote work, and you 
want them to do it securely and correctly.
    And then who, also, they give access to their devices to. 
So often you give them a laptop and then they allow their kids, 
or maybe they allow a partner or a family member to use it for 
web browsing or gaming. You want to make it really clear that 
those devices are for work, and that any other kinds of 
software or activities should be prohibited so that it reduces 
the amount of cybersecurity threats, even for a small business.
    Senator Lankford. So is there lockdown software, anything 
that you have that prohibits someone from getting online 
without using the VPN, or does not allow them to be able to 
download applications without having an administrator log in, 
or setting that you have created on that? I am still interested 
in if they have a company laptop but they are on a home Wi-Fi 
system. Their router may be 4 years old and unsecured. Do you 
require that the company also installs their router at home?
    Mr. Ly. Yes. So you want to make sure that you provide, 
one, a stipend to cover the costs for all those things, or you, 
yourself, as a company, cover those costs, and two, ensure that 
those are installed correctly, with password protection that is 
secure, as well as that the laptops themselves have updated 
virus protection on a regular basis. And there is software that 
we use to be able to do that to the computers that we have 
given to our staff.
    Senator Lankford. OK.
    Mr. Wilson. Yes, Chairman Lankford, a couple of things. So 
when I was with the Judiciary, I do not know if it is worth 
visiting with them or not, but we were already unable to add 
software to the laptops that we were provided by the Judiciary. 
We here at Williams have VPN always on, so there is no choice. 
If you are on a wireless network you are VPN'd into the 
network.
    Then finally I would just say record Michael's last answer, 
transcribe it, and get it out to every Federal employee who is 
working at home.
    Senator Lankford. OK. We will see if we can actually get 
that done. That is very good advice. That is why we are 
gathering things at this point.
    Let me ask a question about personally identifiable 
information (PII). All of you are in businesses that you are 
dealing with some information that individuals obviously, some 
more than others, in accounting and background and such.
    I will give you an example. The State Department, earlier 
this year, in March, April, May, June, just stopped doing 
passports at all. They had no system in place that if someone 
needed a passport, their passport expired, whatever it may be, 
they just could not get it because there was no structure in 
place with the State Department to be able to handle that kind 
of document in a remote setting. And so the alternative was 
just stop doing it. We had about 1.7 million passport requests 
just back up immediately.
    Obviously, State Department is reevaluating that at this 
point, trying to be able to figure out how to do that. Multiple 
other entities, whether it be the Internal Revenue Service 
(IRS), everyone else, multiple agencies in the Federal 
Government deal with very private or proprietary information 
through processes.
    Anything that you would say, in particular, dealing with 
documents, dealing with items that are personally identifiable 
information, that you would teach the Federal Government to 
say, ``Here is something to know about this and how to be able 
to protect that information,'' even if someone is working 
remotely? Or would you say there is just no way to be able to 
do it current technology, we just cannot handle it?
    Mr. Zanni. Well, I will start. I have learned in software 
you can never say that you can do everything perfectly, but 
there are ways to mitigate the risk. First, the Federal 
Government has a great standard called Federal Information 
Processing Standards (FIPS) 140-2--there is a 140-3 coming out 
here shortly--which is about how to use encryption, both at 
rest and in transport, to protect data. We have FIPS-certified 
product. At my company I bought FIPS-certified routers from 
Palo Alto Networks.
    So first just implementing those standards will radically 
reduce the risk that personally identified information leaks. 
And that, to me, is straightforward.
    The other thing is segmenting networks and using that zero 
trust model, where you control who has access to that 
information. I am the CEO of the company. If you are one of my 
customers, I cannot get that information, because I do not need 
it on a day-to-day basis. If I want it I have to actually go 
make a request. So somebody can take these images and my voice 
and pretend they are me, but they still will not have access, 
because I just do not have access.
    So there are a number of things you can do that reduce the 
risk to almost zero.
    Senator Lankford. Other input?
    OK. Let me move on to another question then on this. There 
is a lot of conversation about telework that is in the 
efficiency standard, and most often it goes toward physical 
footprint, leased space, your owned space in a headquarters 
building at some point.
    There are some people who will make their decision based on 
a footprint space and what costs, just depending on the cost of 
real estate in a particular area. In Washington, D.C., 
obviously, real estate is exceptionally high. But if you get 
into Oklahoma City and Tulsa, and other places around the 
country, it is not a high cost. And so companies will make 
different decisions based on telework.
    My question to you is, more than just physical space 
leasing or keeping that space open and paying the utility bills 
for it, are there other areas of efficiency that you look at to 
be able to decide if I am going to have a particular person 
teleworking, they are more efficient, they work better in a 
home setting or in a third location, if I can say it that way, 
at some point than they would in an office setting where they 
are just as efficient, if that, and so we find other 
efficiencies or reasons to be able to have someone telework?
    Mr. Ly. Yes. I can answer this one. Before the pandemic, 
and still even now, unemployment in the accounting industry was 
very low. It was lower than the historic unemployment of the 
country, so it was lower than that. And so one advantage to 
telework--and we actually did not decide telework regarding 
footprint--we chose it because we wanted to access the talent 
nationwide. We wanted to be able to combat against the lowest 
unemployment rate that we were seeing historically in 
accounting and finance.
    And we were able to access a workforce that traditionally 
cannot go into physical office, and that is stay-at-home moms. 
So these are moms that need to be available for their school-
aged children, they are doing drop-offs and pickups, they have 
a 4-to 6-hour window during the day, and then they might have 
some flex time in the evenings or weekends to do the rest of 
their 40-hour week.
    That allowed us to access a workforce that normally would 
not show up on unemployment rolls or not looking actively for 
work, traditionally in the accounting field. And so that is why 
the majority of our workforce actually is made up of stay-at-
home moms and dads who want an alternative to the traditional 
workplace.
    So I would say for sectors that are looking for access to 
larger--access to more, nontraditional workers or access to 
workers that would not normally apply for your job, this is a 
huge advantage for us in the private sector.
    Senator Lankford. OK. So what I have learned so far from 
the hearing today is we desperately need accountants and we 
desperately need IT folks around the country. So if anyone is 
21 years old and listening, we have two good career fields for 
you right now.
    Other ideas or other thoughts about efficiencies or reason 
to do teleworking?
    Mr. Morris. Senator, I would just add that I think 
challenging ourselves to re-architect the job type in the first 
place is an important thing to think about. So, for example, 
thinking about a crowd-based model to solving particular 
challenges that an organization has, as opposed to one 
individual working for 40 hours a week in a more traditional 
setting, I think could have significant efficiencies.
    Somebody referenced earlier the State Department and the 
U.S. military, and if you look at crowds associated with those 
two organizations, think about spouses in those two 
organizations, those are usually underemployed individuals that 
have a lot to offer, that could provide significant 
efficiencies to the U.S. Government, using a different talent 
model.
    Senator Lankford. OK.
    Mr. Zanni. I would also add that the younger generation--
well, my generation, or at least me, think of telework, up 
until COVID, as a privilege, not a right. The younger 
generation just expect it, right? I am always connected. I 
should be able to work wherever I am. So security concerns 
aside, similar to Sean, if you want access to the best talent 
and the fullest employee pool, you are going to have to enable 
telework.
    Senator Lankford. OK. Lane, I want to ask you one more 
quick question and then I am going to try to wrap this hearing 
up and get final input from everyone. Lane, you have to deal in 
the field with issues of rural connectivity. I know we have 
already spoken about broadband before, but other solutions and 
options that you have seen or that have been explored, whether 
it be satellite Internet, whether it be phone hotspots and 
other things? Is there anything else that you want to be able 
to contribute in dealing with areas where it is more difficult 
to be able to get access?
    Mr. Wilson. Yes. I think you kind of hit the nail on the 
head, and somebody else mentioned earlier the hotspots. So when 
we have somebody in the field that cannot get good broadband 
access--and there is no doubt, in rural areas, in Oklahoma and 
really anywhere in the country, the broadband access is not as 
good, it is not as robust as it is in more urban areas--the 
hotspots are the best solution that we have found.
    A not-so-optimal solution is just not use the video, but 
obviously we would prefer to be able to use that. But I think 
that is the best solution right now, until we get the better 
broadband service into rural areas.
    Senator Lankford. Yes. Let me try to wrap this up if I can. 
Any input that anyone has--let me open this up to a very open-
ended question--any input from anyone, that you want to make 
sure that you recommend to the Federal workforce, regardless of 
what agency it is, when they are thinking about telework, to 
consider this in the process, to be able to make sure we get it 
on the record?
    Mr. Ly. The only final thought I had was because this is 
fairly new to many Federal agencies to think about this as 
small teams. So, from large organizations to small companies, 
everyone can look at their workforce as a make-up of small 
teams, with managers, supervisors, and a small set of 
employees. If you are able to apply these practices in small 
teams then it makes the idea or the hill to climb a lot 
smaller, and it seems a lot more doable. So think of small 
teams of half a dozen or less, where there is a supervisor or a 
leader in their small team and you are practicing remote work 
proposals that we have all stated, and the security protocols 
needed in that. It allows for better communication, better 
accountability, and quicker response time, as well as agility 
to move, if you need to make changes during the pandemic.
    Senator Lankford. OK. Good input. Anyone else?
    Mr. Morris. I would add just one thing, and that is that 
human-centered design is so important when we are thinking 
about adapting policies, changing processes and different 
technologies. So really putting the lens on the human as we 
start to think through these changes is a best practice.
    Senator Lankford. OK. That is helpful.
    Mr. Zanni. And this is John. I would add, as a Federal 
Government, thinking about some standards or best practices 
around telework and securing telework. You have heard a lot of 
great antidotes here, but there are a lot of small businesses, 
especially, and other agencies, remote cities, that could use 
that guidance in a way that is easy for them to consume.
    Senator Lankford. OK. Thank you. Lane, any final comments?
    Mr. Wilson. Yes. I mean, look, it is just so easy to fall 
prey to out of sight, out of mind. And I think our biggest 
challenge, especially in a workforce the size of the Federal 
Government's workforce, you have to get your leaders to 
understand that as we move to more of a teleworking environment 
they have to keep up those touchpoints. I know a lot of people 
have said that today, but that cannot be overstated.
    Senator Lankford. Does your management structure have to be 
smaller, Lane, at that point? Do you have fewer people that you 
are managing through telework, or does the same ratio still 
work?
    Mr. Wilson. Yes. I really have not found that to be the 
case. I mean, you gain some efficiencies, like not commuting 
back and forth. You pick up some time here and there. People 
are more motivated oftentimes when they work from home. Some 
people are not. But we have not found that we have had to 
reduce those ratios, as long as our managers and supervisors 
and leaders are being efficient and proactive.
    Senator Lankford. Yes. Quite a few people that I have 
talked to have said they have increased their efficiencies 
dramatically in their workforce because they do not have the 
travel time, they do not have other social distractions at 
work. They were able to just plan their day a little bit 
differently, and, quite frankly, get up, get going. They have 
more time to be able to read the paper, catch up on news, catch 
up with their family, and not commute, and then start on time 
and take off. And less stress, depending on the city that you 
live in and what your commute is normally like back and forth. 
That is a pretty significant change for them.
    Plus it is really nice for parents of small children. They 
are wonderful distractions but you also get a chance to see 
some things that you would have missed just in life with them. 
So there are some built-in rewards there as well, with the 
little ones that are running around.
    Any final comments from anyone? Otherwise I want to be able 
to wrap up and I want to make sure I get anything else on the 
record that we need on the record.
    Mr. Wilson. Thank you for your time. Thanks for having us.
    Mr. Zanni. Thank you.
    Senator Lankford. Gentlemen, thank you very much. I very 
much appreciate, as I mentioned before, your written 
testimonies--a lot of time went into that--as well as your oral 
testimony. I want to tell you that the invitation is open if 
you have additional input to be able to give to our team as we 
are trying to be able to pull together ideas and policy changes 
for the Federal workforce. The last time this was done was 10 
years ago. Obviously there are a lot of lessons that have been 
learned, and we want to make sure we capitalize on those 
lessons, and to be able to implement those as fast as we can 
across the Federal workforce in the days ahead.
    So that does conclude today's hearing. The hearing record 
will remain open for 15 days until the close of business on 
August 12th for submissions, statements, questions on the 
record, whatever individuals may want to be able to add to the 
record as a whole.
    So with that the hearing is concluded, and I thank all of 
you again very much.
    [Whereupon, at 4:06 p.m., the Subcommittee was adjourned.]

                            A P P E N D I X

                              ----------  
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]