iPremier’s IT Crisis

Every business, from well-established organizations such as Microsoft to the small home based business that operates out of a basement is bound to experience operational setbacks from time to time. These setbacks can be both positive and negative interruptions of normal business flow. For example, an organization might experience a demand for a product at a rate not originally anticipated, generating more revenue than expected, but leaving the organization struggling to avoid back order. Organizations might find themselves victims of theft, or sabotage, and of course no organization is impervious to the consequences of operating in the natural world. Fires, floods, storms, power outages, and other variables beyond the control of the organization have the ability to bring an entire company to a halt.

[Give the mission of the organization; describe the purpose for the plan; explain under what circumstances it would be activated; explain how the plan will be used by the organization; depict the expected outcome of the plan activation; give the assumptions used in the development of the plan; and give an overview of the structure that will implement it.

IT governance incorporates ideas and information about the way you execute your business strategy. It is about how you operationalize and capitalize on market opportunity. It is only at the lowest levels of division that IT governance is about decision rights, compliance, regulations, standards, and policies. And while not to minimize the extreme importance of these elements for IT governance, I do declare that if your IT governance solution is primarily about being compliant, etc., and secondarily about business execution, then neither your IT organization nor your business is likely to benefit from your implementation. You will have missed the opportunity that IT governance offers.

There is a multitude of reasons for an organization to have a business continuity plan in place. The incident does not really matter whether it is natural or manmade disaster/incident but if an incident occurs, it can have a disastrous effect causing the company operation to become unstable and having the inability to contain or control its impact can halt the business routine (Vacca, 2013).

“Business continuity planning is the process of ensuring that your organization can continue doing business even when its normal facilities or place of business is unavailable” (Peltier, 2014). This statement should hold true for any business wishing to compete in today’s market and apply to more than just natural disasters. Although natural disasters should remain an integral part of any continuity plan and recovery model, other man-made disasters, such as computer viruses and physical security should be considered.

An important aspect I want to review is the disaster recovery plan. This plan is different from business continuity but some features do overlap. A disaster recovery plan prepares the business to recover their IT systems and assets after a disaster. Beginning with Wilma Stone, Margie Nelson, and Gary Thomas as management they need to meet with their IT department heads and perform a risk assessment to identify IT equipment and services that are critical to business operations. Identifying these critical components will give an initial point to recovery. As these are essential to business operations, the chosen IT systems should be priority in prevention, response, and during recovery. Charts and documents will help organize this and inform staff on the involved areas.

Key factors of the business continuity/disaster recovery plans are designed to ensure that the three principles of information security remain intact even if there is some kind of a disaster or service interruption. Perhaps the greatest of there is the area of “availability”. This is especially true when one considers what the VPN means to being able to communicate electronically in the midst of a crisis. One must remember that in normal operations information security is important and in times of distress it is that more imperative. This at times will prove to be challenging to say the least. However, the business continuity plan as well as the disaster recovery plan must spell out how the services of the affected area(s) will

The mini-case starts with “IT is a pain in the neck,” which is a wrong notion that most of the business managers have in an organization. The history of IT-business relationships in most of the organizations shows that there is a huge gap between both sides which is getting better over a period of time. Today, managers know the fact that it is the people, technology and information that realizes the value of a company and everytime IT cannot be blamed for everything. The days have gone when IT was looked at as the sole responsibility for a company’s growth or downfall. IT processes along with the

That seems to be the first time the iPremier was attacked due to their desperate situation. They did not know how to handle it, which explains the lack of training and emergency procedures. The company was more focused on profit than protecting their customer's information. If I were Bob, I would avoid panic and stay focused; assemble a team and start the incident response plan; start an investigation to define the details on the extent and nature of the attack; analyze and assess the origins of the violation; draw up a plan for the incident in question; disclose the incident to the parties involved and notify the authorities; and review the incident response plan, strategy, and security policies.

Business Continuity Planning Management may have differing guidelines for building a plan, depending on the business sector. However, many are using the National Commission on Terrorist Attacks (NFPA) 1600 as the bases for building a BCP plan. The guideline includes ten essential elements that include: Program Initiation & Management, Risk Evaluation & Control, Business Impact Analysis, Business Continuity Strategies, Emergency Response & Operations, Business Continuity Plan, Awareness & Training, Business Continuity Plan Exercise, Audit & Maintenance, Crisis Communications, and Coordinate with External Agencies. According to Clas (2008), “Going through the emergency preparedness and business continuity planning process is an extensive undertaking for most business. When done correctly, it is a quantifiable, sound investment” (para, 22). Business Continuity Plan falls in middle of these elements and is an integral key to emergency preparedness

Disasters are unavoidable within businesses and organizations alike. Disasters not only affect the business and organizational continuity, it will also result in a major modification of the organization’s operational mechanisms (Awasthy, 2009). Businesses now prepare a business continuity plan and a disaster recovery plan because of these reasons so that they may simplify the disaster management when next one occurs. It is highly important for every business to have an effective disaster recovery plan to go to in the event of a disaster (Thejendra, 2008).

Disasters have become an inevitable part of businesses and organizations as well. They not only have a major effect on business and organizational continuity; they also result to an overhaul in organizational operational mechanisms (Awasthy, 2009). It is for this reason that many organizations and business resort to preparing business continuity plans and disaster recovery plans that will facilitate better disaster management in future. Effective disaster recovery plans are important to every business and organization (Thejendra, 2008).

Disaster Recovery Planning is the critical factor that can prevent headaches or nightmares experienced by an organization in times of disaster. Having a disaster recovery plan marks the difference between organizations that can successfully manage crises with minimal cost, effort and with maximum speed, and those organizations that cannot. By having back-up plans, not only for equipment and network recovery, but also detailed disaster recovery plans that precisely outline what steps each person involved in recovery efforts should undertake, an organization can improve their recovery time and minimize the disrupted time for their normal business functions. Thus it is essential that disaster recovery plans are carefully laid

iPremier’s procedures were absolutely deficient. They had an outdated emergency manual that employees couldn’t find, and almost couldn’t access the data center. Additional measures they could have implemented long before the attack include revising the emergency procedure and making sure all employees know how to follow it. 3. Now the attack has ended, what can the iPremier Company do to prepare for another such attack?

The objective of this study was to develop a strategic contingency planning model to be used to fully incorporate emergency management and business continuity into organization structures. (For the purpose of this study, Emergency Management and Business Continuity were collectively referred to as “contingency planning.”) Presently, contingency planning is mainly done on an operational or tactical level. Current thinking suggests that contingency planning should be an active part of organizations’ overall strategic planning processes as well. Organizations will ultimately be better prepared for future disasters and crises.