Business Continuity planning        CP3052        Group D


Contents

Potential risks        

Electrical/IT/Security        

Physical threats        

Evaluation of Risk        

Electrical/IT/Security        

Electrical/IT/Security        

Recommendations        

Electrical/IT/Security        

Human threats        

Business Continuity Plan (Fire)        

Damage and Situation Assessment        

Group work breakdown        


Introduction

This assignment has asked us to form a group of students then to identify, analyse and evaluate any visible risks to the business continuity of the organisation and the IS and IT. Once the risks have been evaluated we then need to produce a set of countermeasures for each one to return the business to full productivity and then finally produce a disaster recovery plan for the described incident in the case study.

Potential risks

All businesses faces risks regardless of the size, nature, location or type of business, this is a fact of industry. It is impossible to foresee all the possible risks for one given business as there are too many and the main thing about disasters is they are normally unexpected. When you plan for risks/disasters it is impossible to correctly predict the impact, duration and costs to the business if it occurs.

Electrical/IT/Security

Threat 1 - viruses

Due to some data being stored on computers there is an added risk of hackers and viruses which can affect this data and possibly compromise the companies’ security and privacy. This can affect the continuity of the company because they will need this data for tests or to send the results to customers who have sent items to test.

This risk may occur due to inadequate data security on the computers which will leave the data vulnerable to attack. Also this would be a breach of laws, the data protection act 1998, that make companies’ protect all their data within their systems as a result the company can be legally viable for any data breaches which can effect continuity and cost the company a lot of money.

Threat 2 – IT developed in house

If the business software programmers were to leave “seek employment elsewhere” the business will be in trouble because there will be a problem with the support and maintenance of the new software.

Threat 3 – CCTV

Due to the fact that there is only one security location at CosmoLabs, this presents a huge risk because the animal rights activists could easily gain entry into CosmoLabs without being detected, by avoiding direct face to face contact with the security cameras, which then means that the animal rights activists, depending on their motives, could mount an attack that will be out of range for CCTV detection.

Threat 4 - Reliant on one system

CosmoLabs is currently running one computerised system which is used to handle information on the workers and tests needed to be carried out on which samples. It also stores the test results and has employee information in it. If CosmoLabs do not have access to this information they would to unable to test the samples accurately and also be unable to run the business.

Threat 5 - Hackers 

Hackers are people who get access to computer systems without access privileges in the case of CosmoLabs if this happened it may be the downfall of the business as they only have one system in place and without that they can’t operate.


Threat 6 - Internet failure 

Businesses use many different types of communications internally and externally such as post, email, telephone, fax etc. The most efficient way to communicate is by email as it is instantaneous and can also send documents, without these processes they would be long time delays.

Physical threats

Threat 1 - Natural Disasters

  1. Earthquakes
  2. Landslides
  3. Hurricanes
  4. Tornados
  5. Hailstorms
  6. Heat waves

Environmental disruption this is known as natural disasters which can range from a variety of things. Disasters can be seen as an “Act of God” and related to manmade environmental problems, Floods caused by plumbing or natural means can destroy infrastructure assets and data. Another disaster is an Epidemic which can affect the test samples or the tests them self. The natural disasters mentioned above cannot realistically be stopped. All that can be done is to prepare for the day when a disaster strikes.  

Threat 2 -Theft & Vandalism

Theft of computer equipment, for example, could be very detrimental. Similarly, vandalism of machinery or vehicles could not only be costly but also pose health and safety issue.

Threat 3 - Fires

External fires can have a huge effect on the business and its continuity. Either way these will have to be dealt with because they will affect the business continuity. This will result in the company having to delay or even cancel scheduled tests. It will also affect other companies because they depend on these tests being carried out by this company. It will also result in increased costs to repair any damaged facilities or equipment or even buildings. Also it will harm staff members if they are not adequately aware of proper fire procedures or kept away from fires.

External fires can be caused by natural disasters or by humans. Naturally fires can be caused by dry trees surrounding the base and set alight by a very hot day or another natural event. Humans can cause fire as an act of protest against the base because some tests will have to be carried out on animals. Also they could send devices into the company in an effort to damage the company from within.

As well as external fires there are internal fires, which can be just as damaging on the business continuity or even more damaging because it is closer to important data or test material. These will have to be dealt with as well because it can seriously effect tests and harm staff members. Also it can damage the buildings, which will cost the company money and time to fix.

Internal fires can be caused by various things like the kitchen in the guard’s office or by an employee’s negligence when carrying out tests. In addition due to staff negligence fires can be caused within the company labs and will also need to be dealt with. Activists could send devices to the company that may cause damage to the company and affect continuity. In addition any machinery that creates any amount of heat can also be a fire hazard and will possibly harm staff members or effect business continuity.

Threat 4 - single access to site

Due to there being only one access to the company this poses a risk because, there can be a natural disaster that can block the access. In addition, protesters could block the one access as well. This will affect the business because they will not be able to gain access to the company or they will not receive deliveries or receive them late and as some are refrigerated this can cause some damages to test samples. In addition, the gate can malfunction since it is an automated gate and will result in blocking access or allowing access to the company.

This risk can occur because trees from the forest surround the one access road and these trees can fall down due to natural disasters or by protesters and block the one access to the company. Protesters may block the access because they are against some of the tests carried out on animals. Also due to a power failure, the gate would not work resulting in stopping all access in and out of the company.

Threat 5 - no backup power supply

Due to the importance of the business processes and tests, the power used is also a risk because it can be lost at any time for any reason therefore it needs to be anticipated and dealt with when it happens. The risk of a loss of power is great because it can result in many tests not being completed in time or being delayed thus reducing customer satisfaction. This also poses a risk of losing test material that requires refrigeration.

This may happen because of a grid failure or due to a protest cutting off the power. A grid failure could be caused by human error or a natural disaster and in either case it will stop the company until it is fixed which results in a loss of profits and test material that is kept refrigerated.

Threat 6 - Collapsed trees/overgrown foliage 

The testing facility is surrounded by trees along with a lengthy driveway, which is the only access to the facility. Trees and bushes can grow quickly so the single access could easily become overgrown or in accessible. Without access to the business it cannot operate, staff cannot get in or out and nor can test samples.

Threat 7 - Postal strikes 

Samples are brought into the business via private couriers or the post; you can pretty much guarantee that the private deliveries will make it on time however the post office has been known to suffer from long delays and strikes, which means deliveries can be delayed for a long time. Without the test samples CosmoLabs can’t operate.

Human threats

Threat 1 - Labelling

With any business humans are the backbone of all operations, however there is always the risk of humans being overworked and errors being made within the business process. The process of labelling needs full concentration at any one time so staff working shifts can often be tired due to working on a rota basis. There is a high probability that errors can occur when samples are split and correct labels need to be applied to two different samples requiring different tests. The correct label is crucial for the laboratory to carry out the correct tests on the samples. There is also the risk of contamination of the samples when the samples are split to be labelled.

Threat 2 - Data Entry Error

All received samples need to be correctly entered into the computer system as wrong data entry could be very costly and time consuming for the business. Incorrect data entry could also have a cascading effect down to the consumer with incorrect results being entered or results being entered under the wrong name. The probability of the threat occurring is high if staff are not trained appropriately or are inexperienced in data entry. It is vital that the labelling process is correct to minimise the chances of incorrect data entry.

Threat 3 – Misuse of Data

The risk of misusing data could set the company up for a breach in confidentiality from consumers if data had a detrimental effect to another person or company causing them harm in any way. The business could lose revenue if the information was being sold to a third party. The reputation of the company could also suffer resulting in a reduction in business.

Threat 4 - Pandemic 

Due to the location of the business a pandemic could cripple this business resulting in closure if the business was the primary source. With the farm land near by a pandemic could also result in the spread of the infection to the animals which are used as produce to other businesses. This would end up with legal implications to the business, with very high costs which could also lead to closure. Staff could also be affected if procedures are not in place to deal with a pandemic, they could become ill resulting in the business unable to run effectively. The spread of infection could also be spread nationally by long distance lorry drivers who have contact with staff when picking up samples.

Threat 5 – Contamination of Samples

The contamination of samples could have a costly outcome not only in monetary terms but could also lose its reputation for being inefficient, unreliable and incompetent which could lead to the loss of business. The recall of samples is very time consuming and customers may not want to carry out the process of supplying the samples again and go to another company. Staff could also be at risk for being exposed to the samples which could lead to long and short-term sickness, which has an effect on the running of the business and other members of staff get tired due to increased workload.

Threat 6 – animal rights activist

These are people who don’t believe in the methods in which some labs get to their results, via animal testing. This is not just a risk to CosmoLabs but to every laboratory in the world.

Evaluation of Risk

Electrical/IT/Security

Threat 1 - Viruses

Since large amounts of data are stored on computers then the computers will need to be protected as well to reduce a risk of data breaches or viruses which can affect business continuity.

Threat 2 – IT developed in house

It is very important to have someone or some company that will always be there if help is needed with your business software.

Threat 3 - CCTV

This is very important because having multiple security locations can help CosmoLabs to monitor the activites within and outside the laboratories surroundings so that if there are any imminent attacks they will be able to neutralise before it escalates to other areas of the laboratories, to add they will be able to sue those responsible due to the level of evidence that was gathered due to the extreme use of the various security locations, in doing preventing further attacks from happening.  

Threat 4 – Reliant on one system

The potential loss for CosmoLabs if they system failed is catastrophic, as they have no back up the data would be completely lost or inaccessible for a period of time. If it was inaccessible it would have a bad effect on the business but if it return they could get back to normal running of the business pretty quickly. However if they system failed as a whole and was not restorable they would lose all their customer information, all the test results and all employee information. This is a high level risk with a low probability but if it occurred it would properly be the death of the business.

Threat 5 - Hackers

This risk has a medium probability of occurrence and can have a high impact on the business.  Hackers can gain entry to businesses computer systems through many different methods and with many different goals. Hackers are people who get access to computer systems without access privileges in the case of CosmoLabs if this happened it may be the downfall of the business as they only have one system in place and without that they can’t operate. If a hacker dose get access to the system there is no guarantee that they will do anything to you system but just hacked it for the challenge. However the more likely scenario is that if they take the time to crack your system they will both want to delete your data or copy it and use it for other purposes. If this happens it may just slow down your business for the day or it may result in the company having to fully restore the lost data and systems. If CosmoLabs systems did get hacked into and the worst case scenario happened, deleted all data, test results, scheduled tests, edited staff detail and supplier details etc. they would be able to fall back on to the new parallel system as stated above or download the most recent data saved with external company, this way they only loss data entered that day.

Join now!

Threat 6 – Internet failure

Businesses use many different types of communications internally and externally such as post, email, telephone, fax etc. The most efficient way to communicate is by email as it is instantaneous and can also send documents.  If the Internet connection at CosmoLabs was to fail they would be unable to send emails to clients with test results in, unable to send internal emails and reports to upper management and wouldn’t be able to reply to any queries or comments sent in by email regarding tests, facilities or prices. The affect this would ...

This is a preview of the whole essay