Background of the Study
Due to rapid technological advancement, technology is changing the conventional way of human existence. Information had become available and accessible for anyone, information gathering and sharing had become easy and fast. The invention of the World Wide Web opened up a new door for everyone to venture. The Internet had become a big library of information that is accessible and abundant. This is the main reason why education is now incorporated to the internet. The Internet has evolved from a library to a classroom. Different educational institutions are now offering online education. Online students are enrolled in the same courseware; the difference is they are not required to personally come to class. Online education is basically a self study based education. This kind of education is widely accepted because of the convenience and portability it offers. Online business is no longer an option for companies, but an absolute necessity for the company’s success.
Brisbane City College (BCC) provides education for students from 5 to 12 years old. The school is planning to implement a new wireless educational network project, by providing online and internet based education contents and communication services for students of all grades. This new service will be delivered through laptops and handheld devices, via Internet service. The school decided to implement online education in order to remain competitiveness in this new education industry where technology is the key to remain an d gain competitive advantage.
Problem overview
Purpose
The purpose of this paper is to help the company in identifying the product /service and the competition accompanied in eCommerce operation. The company is starting a new online business and requires a competitive business plan and business case, the purpose of this paper is to provide the company with such needs by using a Business Continuity Plan (BCP). BCP will help the company in organizing a long-term business plan by carefully examining and identifying potential risk involve in eCommerce operation.
Scope
The scope of this report includes a business plan in starting online business; using Business continuity plan in determining the possible risk and response to such risk by Brisbane City College. The roles and responsibilities of the different stakeholders and other parties involved are specified. The report also includes testing, maintenance, and audit plan for the proposed online system.
Limitations and assumptions
The report does not include implementation, integration and testing, installation, and maintenance plan. The report aims to help BCC in formulating a business continuity plan that will help the organization in preventing system downtime to remain operational even in disaster occurrence.
Stakeholders
The proposed E-learning system involves major stakeholders in the project. These stakeholders are the different party involved in project development (from designing, approving, implementing, and maintaining the proposed system) and the end-users or beneficiaries once the proposed system id implemented. The stakeholders are:
Ø BCC management and faculty (instructors)
BCC management is the major stakeholders of the proposed system. This group of stakeholders are the one who decides to implement online education for the school. BCC as an organization will gain new technology; in return, the instructors of BCC will gain new skills and understanding in using technology as a medium in learning (particularly open source and interoperable tools) to improve quality the education offered by the school.
Ø System analyst/developers
This team will be responsible in making the initial design of the proposed online education system. They will be the in-charge of the whole technical production of the system.
Ø Students and Future Enrolees
The major beneficiaries of the online education system once it is implemented are the students and the future students/enrolees of the school. This group of stake holders will be the end-users of the proposed system, together with the instructors of BCC.
Acronyms and definitions
Some acronyms used in the paper and there definition:
Brisbane City College (BCC) – company that serves as the background of the study.
Business Continuity Plan (BCP) – a plan that describes how an organization will deal with potential disasters. It is consists of precautions that will minimized the effects of a disaster in the organization, and the organization will be able to uphold or quickly resume mission-critical functions. BCP typically involves a critical analysis of business processes and continuity needs; it also includes disaster prevention measures. BCP is sometimes referred to as Disaster Recovery Plan (DRP) or Business Process Contingency Plan (BPCP).
Business Impact Analysis (BIA) – is a vital component of an organization’s BCP. BIA includes an exploratory component that reveals any vulnerability, and a planning component to develop strategies that will minimize organizational risk. The result of BIA is a business impact analysis report; this report describes possible risk to the organization.
Business Process Contingency Plan (BPCP) – see BCP
Disaster Recovery Plan (DRP) – see BCP
Business Plan and Business Case
Refer to the handout given in the class (I need you to please provide me with the said handout given to you)
Risk Assessment and Business Impact Assessment
It is important for BCC to properly manage the risk involved in ecommerce; this will give complete balance between operational and economic cost with protective measures and allowing BCC to achieve gains in mission capability by protecting the IT system and data that supports the mission of the organization. E-learning in E-commerce applies the principles of accountability and learning effectiveness. (2005) defines that risk can result to “loss resulting from inadequate or failed internal process, people, and system, or from external events”. Major types of risk involved in E-learning operation includes: Content risk (courseware preparation), Technological risk (Internet speed), People risk (facilitating instructors), and Process risk (E-learning course administration).For example, errors done by employees, reporting errors, and programming errors are part internal risks that results from the people, process, and system. On the other hand, External risks are, for instance, regulatory changes, political upheavals, and, simply, a theft (, 2005).
Risk assessment determines potential threats and risk associated with an IT system and helps identify suitable solutions to reduce or possibly eliminate risk. Risk assessment encompasses nine primary steps:
Ø Step 1 – System Characterization
Ø Step 2 – Threat Identification
Ø Step 3 – Vulnerability Identification
Ø Step 4 – Control Analysis
Ø Step 5 – Likelihood Determination
Ø Step 6 – Impact Analysis
Ø Step 7 – Risk Determination
Ø Step 8 – Control Recommendations
Ø Step 9 – Results Documentation
Risk Assessment
Content Risk
Preparing the courseware for E-learning is a major risk that BCC needs to assess. BCC management needs to invite experts in the field of IT to help prepare the courseware content for the online education system. BCC’s proposed online education system incurs risk of insufficient academic and business contents in the courseware.
Technological Risk
BCC’s proposed online education system critically relies on the speed of the Internet. Unexpected system downtime is cause by heavy traffic over the Internet and the availability of broadband and Internet service in some geographical areas can cause the school monetary loss and can damage the reputation of the school and the proposed system. The technologies to be used for the proposed system may not always meet the expectation. Some technologies may eventually turn out to be incapable of providing the required solution. Technological risk can include the following: hardware, software, the network connection, data, information, etc.
People Risk
People is always a major factor in every project, this risk involves the end-users of the proposed system once it is implemented. These end-users are the instructors and the students. BCC management employs facilitating instructors to administer the proposed online education system at a ratio of 1 instructor per 40 students (1:40). Some of the instructors are comfortable with the idea of online education, while some are not. This can risk the quality of education BCC provides. Certain instructors may be up to the learning speed of students, and vice versa. Online education system provides 24/7 service, this may be difficult for an instructor to correspond to 40 students in a timely manner.
Process Risk
Online education system will be a totally new system for BCC. In order to design an appropriate framework for BCC’s online education, the management together with the program developers sets the program director and administrative staff to oversee the E-learning operations. Even though the existing administrative system is considered to be sufficient for the new system, it is still not satisfactory due to limited experience of their task and in E-learning infrastructure.
Risk identification
The following are the potential risk identified.
Ø The courses may be pulled for lack of registrations
Lack of students who registered for an online course can cause the course to be pulled out by the school. If the minimum or required number of students in a course is not reach, the school can decide to pull out the course in order to conserve resources.
Ø The courses may be cancelled due to poor participation
If the instructors deem that student participation in a course is poor, such course can be cancelled.
Ø The available e-learning tools may not be customizable and suitable to meet the needs of specific courses
Some of the available E-learning tools in the market may be unsuitable to meet specific demand of a specific course and some E-learning tools are fixed and may be customizable to meet the demand of a certain course. For example: a course demands videoconferencing for better lesson deliberation, the tool to be used must be capable to provide the needed preference.
Ø The students may lack technical resources to use the e-learning tools
Online education system relies on personal computer or laptops with fast internet connection. This means that the server and the users must both comply with the required hardware, software, and Internet connection to communicate. A student must ensure that he has the technical capability to communicate with the server. For example: a student computer must have enough hard drive space to download a course module, which also requires fast internet connection,
Ø The unwillingness of students and instructors to use e-learning tools
Some students or instructors at BCC may be unwilling to accept the new system due to their technological incapacity to adapt to the new system. This may be due to a person’s technical knowledge and capability of a user to acquire the necessary technology required by the new system.
Ø Staff turnover may cause set-backs
BCC can not immediately implement the new system once it is complete, because the end users need to undergo comprehensive training in order to gain proper knowledge of how to properly use the new system. Some of the instructors of BCC are not well equipped with the proper knowledge and skills in conducting online education. BCC should provide sufficient time for instructors to train and learn, since online education takes place during work settings which makes learning easily interrupted by daily task and workplace interaction.
Ø The learning venues may not have suitable resources to use the e-learning tools
Different regions have different technological capacity and capability. BCC is based in Australia, and therefore has different technology from other region. Because BCC’s proposed online education system is technological based, some region may not be capable to avail of the online education system due to technological capability of a region. For example: online education can cater to online students around the globe, but a certain region must be capable to adapt to the needed technology to avail of the service of BCC.
Impact of interruptions (major and minor) will have on the organisation
BCC’s proposed E-learning system will be successful if planning, design, development, evaluation, and implementation process were done in a systematic procedure. Even though E-learning has been successfully implemented, it can still encounter some interruptions, due to the main reason that E-learning system is technology-based. Unexpected system downtime or interruptions are caused by heavy traffic over the Internet and the availability of broadband and Internet service in some geographical areas; such interruptions can cause the school monetary loss and can damage the reputation of the school and the proposed system. System interruptions or downtime is divided into three categories: people, process, and product category (, 1999). People category includes skills and training of staff to maintain and operate the system. The process category includes the steps to ensure system interruption and recovery. And the product category includes the system component, which is the hardware and software, including the network in which the system operates. System interruption can cause major and minor impact to BCC and any organizations if such interruptions are not handled and accessed properly. All three categories need continuos improvement. System interrupt may be cause by:
Ø Software defects/failures
Ø Planned administrative downtime
o Operating system or application upgrades
o Database administration
o System or Network Reconfiguration
Ø Operator Error
Ø Hardware Error/Maintenance
Ø Building or Site Disaster
o (Fire, explosion, etc.)
Ø Metropolitan area or Regional Disaster
o (Earthquake, Flood, Tornado, Blizzard, etc.)
Causes of system downtime (source: IEEE)
No matter what the causes a system downtime/interrupt it will have an after effect to the organization. System downtime can have a minor and major impact to the organization. Downtime on an online education system can greatly cause BCC. Some of the impacts of system downtime on BCC are:
Ø Minor Impact
o Lost productivity and revenue
o Customer complaints regarding the service
Ø Major Impact
o Lost of customers due to unreliable service
o Great financial lost for the organization
o The organization’s reputation may be damage
o Diminishes the organization’s competitiveness in the market due to reputation damage.
Tolerance on system downtime
The best way in preventing system downtime or system interruption is to prevent it from occurring on the first place in order to minimize and contain the damage that it can cause to business. Users of an online education system demands availability of the system at all times, that is why the system either planned (due to maintenance) or unplanned (due to system downfall) can never go down. System availability depends on database reliability and tolerance when system downtime occurs; the FIVE T’s are: fault tolerance, recovery tolerance, management tolerance, people tolerance, and geo-disaster tolerance:
Fault Tolerance
Fault tolerance is the ability of a system to respond from unexpected hardware or software failure. Fault tolerance allows a user to continue operation in the event of power failure. It is technologically feasible to reduce system down time, although it is quite expansive. A more practical approach requires that the end-user of the system never notice that a failure occurred. It is always important for any system that the level of service remains satisfactory. Many of today’s fault tolerance computer system mirrors all system operation (which means that every operation done by the system is executed on two or more duplicate system, so if one fails the other can take over). Such technique requires thorough planning in order to insure success. Fault tolerance is a three-step process: First, operation execution must at least have two resources. Second, each of these resources must be capable to handle the full peak load. Third, all the resources must be kept synchronized. Fault tolerance works best in system where ease of operation or hands-off operation is required. Fault tolerance is best for organization that conducts business outside major metropolitan areas.
Recovery Tolerance
System downtime can greatly cause an organization. The real issue in recovery tolerance is the speed it will take the system to recover (such as database and performance recovery). One commonly used recovery tolerance solution is by deploying system backup, where important data are stored. This solution however does not protect the system application, and may leave gaps in data between the times the last backup and when the system is restored, and therefore has no data integrity.
Management Tolerance
A planned maintenance is one of the leading causes of system downtime in off peak period; which can consume 90% of off-peak system downtime. In an environment that constantly demands system availability, the ability to maintain and to manage the system is very important. A simple task such as inserting a new table can cause system downtime to a certain period. Online system maintenance and management task (such as load and data distribution, index creation and rebuilding, and inserting and moving tables in the database) are done online. Management tolerance is the ability of an organization to perform ongoing assessment of the performance of the network by using combination of both in-house and remote management software tools.
People Tolerance
People inevitably commit errors, and errors cause downtime. Operator errors are accounted for system downtime. BCC should ensure that end-users of the system are well-trained in managing the system to reduce and as much as possible avoid system downtime. Proper training will provide BCC system user with concrete knowledge on the system’s proper usage.
Geo-disaster tolerance
One of the most inevitable reasons of system downtime is site (such as fire or explosion) and regional disasters (such as earthquakes, typhoons, etc.). The occurrences of such disasters can be threatening for any organization, system downtime and lost productivity means lost revenue. Occurrences of natural disasters are unpredictable and can affect business operation; it is best to deploy continuous computing technology in order to reduce and prevent system downtime. Continuos computing technology will allow a user of BCC online education to continuously use the system even though the server is in an area affected by a disaster. Users are transferred to another server outside the disaster area, allowing them to gain continuos access to the system. The highest level of geo-disaster tolerance can be achieved with a fault tolerant solution in two different locations. If a disaster destroys one system, the other continues to operate with no loss of data and no loss of transactions (, 2001).
Prioritisation in case of interruptions and downtimes
It is of great importance for any organization to have a well-planned solution to system interrupts and downtimes to provide non-stop service to clients in the event that system downtime occurred. In today’s market trends, any organization without a highly available IT infrastructure has the potential to fall behind its competitors and eventually be driven out of business. Natural disasters are unavoidable, that is why it is necessary for an organization to formulate a fault-tolerance in formation systems – A series of best practices guidelines for implementing true information-system fault tolerance comes from research, user interviews, and widely accepted concepts of systems and information theory (, 2001). This concept will help BCC in reducing downtime effects.
(2001) states that downtime can be prevented by using real-world guidance. Redundancy is fundamental to a system, because system reliability requires redundancy. A reliable system makes the system expands either time or resources. This is to the reason that redundancy can test the system of its reliability. Minimize single points of failure; some of the options for an organization are to use alternative power source and disk to protect the system from downtime cause by failure of power supply or disk drives. It is also important to choose the right server for the job. The server to provide BCC with the service should be capable to meet the needs of the organization and the end-users.
Resource requirements
BCC should use capacity planning in choosing the right server to provide the online education system with network and database needs. Capacity planning includes network loading, peak and average bandwidths capacity, disk and memory size. This plan also address the system interaction particularly the hardware and the application software under the system. These requirements are important especially for BCC that is considering high availability fail-over configuration. It is important to eliminate serial path in an online system, because serial elements are prone to bug attacks. Application softwares are considered to be the most critical of serial elements. Application software cannot be fixed while the system operates, although it can be rebooted or restart. Rebooting and restarting causes system interruption. A well written application plan can minimize data loss. Select and manage software in order to minimize the probability of crashing a critical application. It is important for BCC to test the system before full implementation to en sure that the system won’t encounter any problems once it is fully implemented.
It is a necessity to deploy the right solution to system downtime, in order to minimize the greater effects it can cause the organization. The first step is to fully analyse the network which includes the systems that will collect, store, and process data. Also, the analysis should determine system security performance that can cause system failures. The system and data backup and failover systems should be included in the analysis, because failure in the systems database, hardware devices, and operating system can be of threat to the organizations business.
Business Continuity Plan (BCP)
A business continuity plan (sometimes referred to as Business continuance) describes the essential processes and procedures of an organization to continue conducting business during and after the occurrence of disaster. BCP prevents interruption of mission-critical services due to disaster and helps an organization to re-establish full functioning as fast and smoothly as possible. Although BCP is important for any organization, it may not be practical.
The first step in business continuity plan is to decide which of the organization’s functions are most essential, and apportion available budget accordingly. Once the crucial components are identified, the organization can then develop failover mechanism. Business continuance has become an increasingly common area of concern since the September 2001 World Trade Center disaster, in which an unforeseen incident created a sudden and severe threat to crucial functions for a number of companies (, 2006).
BCP is essential for any organization to profitability and competitiveness. A few seconds of system downtime can have financial impact to an organization. BCP will help to maintain long-term stability and competitiveness for BCC. It is important to determine the roles and responsibilities of those involve in project development. Knowing the possible risk and disasters that can cause system downtime is as important, as well as, disaster response and recovery plans when disaster occurs.
Roles and responsibilities
Ø BCC management and mission owners – responsible in decision making and managing all the decisions for mission accomplishment. Ensures that the necessary resources are applied effectively in order to develop the capabilities needed in accomplishing the mission. They are also responsible in assessing and incorporating risk assessment results in decision making.
Ø Chief Information Officer – responsible in ensuring that risk management are implemented and manages the organization’s IT plan, project budget, and performance.
Ø IT systems owners of system hardware and/or software to support the system – responsible in providing the required hardware and/or software of the proposed system. The systems and in formation owners are also responsible in ensuring proper control are implemented to address the integrity, confidentiality, and availability of the system.
Ø Business or functional managers – responsible in managing IT procurement process and managing business operation.
Ø Technical support personnel (such network administrator, computer specialist, data security analyst, etc) – responsible in managing and administering network and system security for the system.
Ø IT system and applications programmers – responsible in developing the system and maintaining code that could affect the system and data integrity.
Ø IT quality assurance personnel – responsible in testing the system to ensure system and data integrity.
Ø Information system auditors – responsible in auditing the system and making report about system performance.
Ø IT consultants – responsible in supporting the end clients in terms of usage and queries regarding the system.
Disaster preparation
Disaster can happen any day at any time. Potential disaster can be natural or man-man disasters. Disaster can cause system downtime for an organization. E-learning depends on technology, and information and communication infrastructure to be operational. Disasters pose a great threat to such infrastructure and therefore can cause system downtime and lost for any organization.
BCC should be aware of the possible disaster that can cause system downtime in online education system, and formulate the best possible solution to solve risk that disaster can bring the organization.
Natural Disasters Ø Earthquake Earthquakes are natural disaster that occurs due to shifting of the earth’s seismic plates. This natural disaster can occur almost without warning. Earthquakes can cause system downtime, especially if earthquake occurrence is at high intensity. Infrastructure can be ruin and can cause Internet failure to affected areas. If such incident happens, BCC should have an alternate service provider that will provide temporary Internet connection to affected areas. Ø Floods Flooding can occur almost anywhere. Floods occur due to gradual accumulation of rainwater in rivers, and lakes. According to government statistics, over billion of damage to business and property every year is cause by flooding. BCC should have sufficient insurance coverage that will cover the organization from financial impact caused by floods. Ø Storms Storms, as well as hurricanes and tornadoes pose high risk to business. This natural disaster can threaten various infrastructures. Ø Fires Fires can start from natural or man-made cause. Fires can cause system downtime; proper measures against such disaster will help BCC in early recovery. Man-Made Disasters Ø Bombing/Explosions
Explosions may be the result of man-made actions (such as gas leaks that can ignite and cause great damage to infrastructure).
Ø Acts of Terrorism
The September 11 attack on United States bought many organizations to consciousness, that small businesses can easily diminished and large businesses can suffer long-term damage from acts of terrorism.
Ø Power Outages
Businesses need electric power in order to operate; this is a necessity that will greatly affect business due to electric outages. In order to address such risk BCC may install Uninterrupted Power Supply (UPS) to take over in case of power outages to avoid system downtime.
Ø Hardware/Software Failures
Computers systems have the tendency to fail without warning; this applies to hardware and software. System software may crash cause by internal errors or due to hardware and software conflicts. To solve such issue, BCC should address how repair and replacement parts can be obtained and install as early as possible.
Ø Theft
Equipments can be stolen and client information crucial to business continuity can be loss due to database leakage.
Disaster response
Any organization should quickly react to solve disasters once it occurs. Disaster should be solved as early as possible because every second is a loss for the organization. BCC should deploy a team that will respond to the disaster, a plan how to properly handle the disaster, with proper measures and arrangements. BCC should response to disasters by deploying disaster managers that will manage and handle the disaster using the organized plan.
Communication management is also important once a disaster occur. Communication management will help BCC in formulating early solutions to areas affected by the disaster.
Business continuity
BCP technically refers to the means used by businesses to avoid loss. A BCP defines the business requirements for continuity of business operation. BCP defines the business requirements of a “Disaster Recovery Plan”. On the other hand, a Disaster recovery plan deals with restoration of computer system after a disaster occurs, and restoring software and network connection to full functionality due to disaster.
Business continuity in every business implies higher availability rather than higher recovery. For example: a disaster happens, the system diskdrive and its data crashed. A new diskdrive is purchased, offsite tapes are bought onsite. Data from offsite tapes are transferred to the new diskdrive. Business is running in 24 hours; this is high recovery. Another example: the same disaster happened. Redundant data is on a redundant diskdrive. The system is designed such that immediately when a device is unavailable, the redundant device is accessed automatically. The user might see a 0.5 second increase in response time but is not aware, and not made aware, that a disaster even occurred; this is high availability.
Business recovery
Disaster occurrence can interrupt businesses; disaster recovery plan should be automatically done, it is necessary to start business recovery after a disaster. This will help an organization to minimize loss due to system downtime.
Ø Business Unit Priorities
In order for BCC to quickly recover from system downtime, all business operations of the company have to be priorities; the operation with the highest priority should be recovered first and so forth. Recovering 40 percent of the highest prioritized operation would be sufficient enough for short period of time and then to move on to a lower prioritized operation in order to gain minimal business operation.
Ø Crisis Management
BCC should train business recovery team, organized and prepared at all times when disasters occur in the organization.
Ø Emergency Communications Even when disaster strikes, businesses should still be capable to communicate to the outside world and internally. Online education system requires continuous connection in order to communicate with all the remote users of the system. Ø Alternate Processing Sites
An alternate processing site provides alternate service when the main site is not function due to disaster. BCC’s alternate processing site will help in business continuity when disaster strikes the main processing site.
Ø Backups and Offsite Storage Backups and offsite storage are key components of BCP. Backups will help BCC in early full recovery. Offsite storage is a location that stores BCC backup media. Ø Logistics and Supplies
Disaster occurrence may require sudden moving of employees, equipments and supplies to BCC prepared alternate site.
BCP testing, maintenance and auditing plan
Testing
The purpose of BCP testing is to ensure organizational acceptance of the BCP and to guarantee that the BCP satisfies the organizations recovery requirements. BCP may fail to meet organizational expectations because of insufficient or inaccurate recovery requirements, flaws in solution design, or error in solution implementation. BCP are tested on a biannual or annual schedule. The problems identified in testing process are considered in the maintenance process and then retested during the proceeding process. BCC testing may include:
Ø Crisis command team call-out testing
Crisis team to handle BCC business recovery should be trained to handle disaster and perform business recovery effectively.
Ø Technical swing test from primary to secondary work locations
Testing BCC’s online education system on compatibility from primary to secondary work location will ensure complete compatibility from various transfers.
Ø Technical swing test from secondary to primary work locations
The system should be test from primary to secondary, and vice versa, from secondary to primary.
Ø Application test
The system should be properly and thoroughly test in order to ensure usability and detect errors as early as possible.
Ø Business process test
Maintenance
Develop Plan Maintenance Procedures
Plan maintenance procedure is categorized in two: scheduled and unscheduled. Schedule maintenance is time-driven, while, unscheduled maintenance is event-driven.
Ø Scheduled Maintenance
Scheduled maintenance results from scheduled review of the organization’s BCP. Reviews are predictable (which are based on established requirements) and scheduled at decided time intervals (can either be weekly, monthly, quarterly, etc). The purpose of reviewing BCP is to determine the necessary changes needed by an organization for improvement. Scheduled plan ensures that the necessary updates are made.
Ø Unscheduled Maintenance
Certain maintenance requirements are mostly unpredictable and therefore unscheduled. Majority of unscheduled maintenance occurs as the result of a major change in the organization, business operations, processes, functions, sudden hardware configurations, network, etc. Unscheduled maintenance may include changes in personnel, responsibilities, processing and communications equipment and the like are common.
Auditing
It is essential to audit BCP in order to determine the functionality of BCC online education system. BCP auditing will be of help in monitoring the performance of the online education system of BCC. This will help the organization in reviewing the system short-term and long-term IT plan. BCP auditing also reviews the IT standards, procedures, and security policy. Auditing the BCP determines it’s effectiveness for BCC.
References
Credit:ivythesis.typepad.com
0 comments:
Post a Comment