Disaster Preparedness and Mitigation at Webflights
Natural risks such as earthquakes occupy the top of the list in every organization’s risk assessment profiles. In the Fylde, the Fracking activities that take place consistently make the area vulnerable to natural disasters. Consequently, Webflights has to carry out a detailed risk assessment, particularly with regards to external risk sources such as natural happenings. Fracking makes the Fylde area prone to earthquakes, civil unrest and air pollution. While the risks of civil unrest and air pollution may not have direct impacts on the company, the degree of risk associated with vulnerability to earthquakes at Webflights may not be high. Earthquakes can result in property destruction especially of the office facility, prevention of workers from attending work, disruption of power supply, and telecommunications failures. On the other hand, air pollution may result in destruction of essential IT equipment. This however can be controlled through frequent blowing of equipment hence does not offer a major concern to the organizational operation and cannot result in significant system down time. It is therefore imperative that the company should assess the risk levels in the company by first determining the frequency of earthquakes and thus laying down structures for risk mitigation and/ or prevention.
Elimination of system downtime
Although it is difficult to prevent natural disasters and their subsequent impacts, it is possible to eliminate system downtime that may result from the exposure to natural disasters. However, this depends on the degree of destruction experienced post disaster. For example, following a low magnitude earthquake that results in the disruption of telecommunication lines only, the company may invest in mobile devices with high frequencies that are not easy to disrupt (Citizen Corps 21). On the other hand, in case of a high magnitude earth quake which destroys the office building, it is impossible to entirely eliminate system downtime. In order to effectively address the risks associated with the disasters, it is necessary that the organization puts in place some controls for the mitigation of the risk impacts. In order to decide upon the specific type of controls that are applicable to Webflights, it is necessary to consider factors such as system compatibility, legislation, organizational policy, operational impact and reliability of the system (Karim 186).
In laying down controls, the company needs to invest in both technical and management controls for the elimination of system downtime. Preventive controls may not be relevant to a natural disaster vulnerable business since natural disasters cannot be controlled (Sutton and Kathleen 16). The only option is therefore to deal with the impacts of the disasters once they occur. In planning for technical controls, Webflights should focus on detective control to detect damages particularly to data systems. An example of detective control would function by determining whether the systems are wholly operational post shock. In this way, areas with defects can be identified and corrected immediately. For internet related operations, data security is also one of the risks against which controls must be put in place. During a natural disaster, interferences with the IT infrastructure may lead to a breach of protective controls. It is therefore necessary that Webflights should put in place structures for the maintenance of information security. Such structures may include: data encryption systems, access controls and data download and copying restrictions`(Karim`186). Encryption controls can help prevent unauthorized access to information during information transfer via IT infrastructures. Restricting access to IT systems also helps to ensure that only those authorized to handle any given information access that information. Data download and copying restrictions can also assist in protection of data from unauthorized distribution`(Karim`188).
Apart from this, managerial controls may also be put in place to help in the elimination of system downtime (MAS 20). In setting down managerial control, the controls can be either preventive, recovery or operational. The preventive managerial controls may include assignment of duties in order to perform periodic risk assessment activities. In the recovery controls, the management should provide directives post disaster, supervision of duty performance according to previous assignments, and establishing response capabilities for the recognition, report and response to incidents. Detection operational controls may also be used to determine the environmental safety conditions such as through smoke detection (Karim 186).
Planning for business continuation
In planning for business continuation after a disaster, Webflights should take into consideration various factors. The following factors play an important role in planning for recovery strategies for the elimination of system down time after disasters (Swanson and others 832).
Cost of deployment – the cost of applying a particular method in the maintenance of operations has to be considered prior to deciding on the strategic plan for recovery (Sutton and Kathleen 34). The costs of the alternative restoration processes determine the decision that the organization will take regarding the plans for recovery. Apart from this, the company should seek an alternative that addresses the needs of the system down time at affordable costs without compromising on the quality of the final system. In considering the costs of deployment of corrective systems, the company should also take into consideration the potential daily losses that the company has to incur as a result of system down time.
Another factor that should be considered is the recovery time. The aim of any plans prepared after a system down time is to obtain a method of fixing any system problems in a timely manner so as to reduce the system down time (Swanson and others 810). The most time saving strategy should be applied in minimizing the impacts of disasters. By finding the most time saving ways of dealing with escalated risks, the company places itself in a position of advantage in that any damage that might occur can be dealt with immediately to avoid adverse effects on the system.
Apart from this, the organization should also consider the ease with which recovery can be achieved (Light and Wheeler-Smith 120). Easy to recover system interferences translate into lower recovery costs as well as lower recovery times. For destruction of the office building for instance, it may be preferable to have an alternative office in a separate location for carrying out duties during system down times to avoid wastage of excess time during reconstruction.
After considering these factors the planning process takes several stages. First, the company needs to identify and assess the degree of risks associated with their operation at their current office location. When planning for continuous operation of the company the various planning activities that should take place include planning for minimization of damage to systems and infrastructure during a disaster; planning for recovery of system operation when disrupted and planning for compensation of the involved personnel (MAS 21).
In each of these planning activities, the plan should include implementation strategies for each proposed action as well as the individuals assigned to implement the plans and the costs for the implementation of each plan. For instance, in planning for the minimization of potential destruction to systems, it is necessary to highlight the risks to each system component, the degree of risk associated with the highlighted risks, the possible ways of protecting the system against potential damage of that particular component, the individuals responsible for carrying out each activity and the potential impacts of any disaster on the system in question (MAS 20). The plan should also include an allocation of funds for the process. When planning for the recovery of the system after the disaster, the company should first decide on the best option to be taken in recovery and the roles of each of the team members during recovery (Gallagher 75). In the case of the risk of an earth quake for instance, it would be necessary for the company to plan for evacuation in case of a disaster and to assign duties to various members towards the effectiveness of the evacuation process. It may also be necessary to plan for the reconstruction of disrupted telecommunication lines and office buildings. The plan must include the funds allocation for the same as well as the time allocation. It may also be important to plan for recovery of profit losses after the disaster (Stone burner and others 806).
In planning for the recovery procedure, it is important to plan for recovery from damage to the office facility. In this case, the company has to consider the possibility of having another office building at a remote location to help in the reduction of system down time due to disasters (Swanson and others 803). In planning for this, the costs to be incurred must also be taken into consideration.
Another plan that would assist in the reduction or prevention of downtime is the decentralization of operations` (Light`and`Wheeler-`Smith`120). With regards to this, instead of having all bookers, IT infrastructure, the finance and administrative functions in a single location, the functions may be separated. For instance, he may allocate the bookers a separate building to avoid destruction of all departments in case of a disaster. In this way, in case an earth quake occurs and one of the buildings is destroyed, the recovery costs would be lower. In addition to this, the bookers should be located at a position farthest from the potential earthquake epicenters since they use the most costly equipment i.e. the IT equipment and destruction may be costlier to recover than the other functions.
Options for recovery after Disaster
Since natural risks cannot be averted wholly, it is essential that the company should have options to aid in recovery after a disaster. In the case of any disaster, the options available to the company depend on the potential impacts of the disaster (Tunji 110). For instance, in the case of destruction to the office building, it may be necessary to work from a remote building for some time to avoid profit losses due to system down time. While this option may be suitable for resolving system breakdown issues too, it is only cost effective when the disaster results in the destruction of the office building and other properties (Swanson and others 802). On the other hand, when the destruction is of a minimal scale, this option may not be economical. The costs incurred in this option are highest as they include the cost of acquisition for the new office premises and possibly for the destroyed equipment, costs for transportation of quality equipment to the alternative office location, costs for the installation of data systems and recovery of lost data and the costs for employee retention.
Another option would be to allow workers to operate from their home offices. This option may be suitable when the impacts of an earthquake prevent workers from attending the office and also when office buildings are destroyed during the process. In this case, the costs that will be incurred include setting up internet based data sharing connections amongst workers in their various locations. However, it may also lead to a reduction in the transportation costs for workers to and from work.
A final option would be to invest in alternative communication media. For instance, instead of using the telephones, it may be necessary to use mobile phones for communication. While this option is the cheapest, it also solves the least complex of the potential impacts of disasters associated with fracking in the Flyde.
Options for the Manufacturing Industry
For an online business, the information systems are as essential as the physical infrastructures in the operation process. Consequently, the options that can be used to recover from disasters all aim at finding cheap ways of operating without incurring losses. This can be achieved either at home or in the work place as long as there is data sharing between workers and internet connectivity (Stone burner and others 811). Communication is also essential during work. Consequently, working from home or in an alternative location may be effective options for recovering from destruction. On the other hand, the manufacturing industry is characterized by intensive grounded operations which cannot be transferred to other locations unless the company is moving completely. Although this option might be costly, it may be the only option available in the case of a company located in an area that experiences earthquakes of relatively high magnitudes where the destruction of physical structures is predominant. The option of replacing communication modes is however open to the manufacturing sector as well.
In the manufacturing business, a destruction of information systems may be result in extensive system down time due to the interconnectivity of process controls. It may therefore be necessary for a manufacturing company desiring to recover from a disaster like an earth quake to reset all variables in all process control systems due to the destruction of one of the systems. Failure to align the process control variables to the desired product output may result in products of undesirable quality. In a manufacturing company therefore, recovery options are more costly and intensive than in an online business.
The risk of an earth quake is the most potentially damaging at Webflights due to the location of the company. However, the degrees of damage that can be experienced in the event of an earthquake depend on the magnitude of the earth quake (Moss and Shelhamer 16). Since no single plan can be appropriate for the elimination of system down time in case of a disaster or even for system recovery after a disaster, it is essential that the company should consider the potential risks seriously through an intensive risk assessment procedure and create plans for handling the impacts of any risk should it escalate. The options available for an online business such as Webflights may not be suitable for a manufacturing company.
Citizen Corps. Business Continuity and Disaster Preparedness Planning. FEMA, Winter 2011.
Gallagher, Michael. Business Continuity Management: How to protect your company from danger. PrenticeHall, 2003.
Karim, Akram. Business Disaster Preparedness: An empirical study for measuring the factors of business continuity to face Business disaster. International Journal of Business and Social Science. 2,18 (2011): 183-192
Light, P. and Wheeler-Smith. Predicting organizational crisis readiness: Perspectives and practices toward a pathway to preparedness. Prepared with the support of the Center for Catastrophe Preparedness and Response. New York: New York University. 2008
MAS. Technology Risk Management Guidelines. Monetary Authority of Singapore. 2013
Moss, M. L., and Shelhamer C. The Stafford Act: Priorities for reform. Center for Catastrophe preparedness and Response. 2008. Retrieved from http://www.nyu.edu/ccpr/pubs/Report_StaffordActReform_MitchellMoss_10.03.07.pdf
Stone burner, Gary, Allce Goguen, and Alexis Feringa. Risk Management Guide for Information Technology Systems. NIST Special Publication 800-30, 2002
Sutton, Jeannette and Kathleen Tierney. Disaster Preparedness: Concepts, Guidance and Research. 2006.
Swanson, Marianne, Amy Wohl, Lucinda Pope, Tim Grance, Joan Hash, and Ray Thomas. Contingency Planning Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-34, 2002
Tunji, Siyanbola. Effective internal control system as antidote for distress in the banking industry in Nigeria. Journal of Economics and International Business Research. 1, 5(2013): 106-121.