developing a crisis management portal
TRANSCRIPT
-
8/3/2019 Developing a Crisis Management Portal
1/4
-
8/3/2019 Developing a Crisis Management Portal
2/4
Approach
A Portal BasedThe Art of Crisis Management:
In our previous issue of Spotlight on Business, John Ho Chi
discussed the issues and needs for crisis management in
The Art of Crisis Management: The Technology Enabled Approach
With new and unexpected crisis situations appearing, there is
definitely more to crisis management now than we had ever
experienced in even the most severe crises of the past. The
dimensions and stakes are now greater than ever.
This issue: John describes the framework for a crisis management
portal
16
A potential crisis or threat is sometimes
never treated with the same degree of care
and trepidation until it strikes home, or near
home. The recent catastrophic events such
the recent blackout in the US and theSoBig.F virus have increased the awareness
of the need for good crisis management.
The need for it is not a question of good to
have or nice to have, as it can make the
difference between bad or worse.
The United States saw its biggest blackout
in the nations history, which affected
its northeastern region. Cities like New
York grinded to a halt as businesses failedto continue and connectivity, wireless and
wired failed.
Early reports indicated that there were
problems prior to the outage, including
strange voltage fluctuations in the Midwest
power grid hours before its transmission
lines failed. Indicators and warnings werealso given to but perhaps, were not taken
seriously on time.
The blackout that affected eight states, which
started on Thursday, 14 August 2003 and
lingered till Saturday, is estimated to have
cost hundreds of millions of dollars.
The explosive growth of the mobile phone
industry had apparently been the cause ofthe situation where wireless signals
interfered with the emergency radio
frequencies used by the police and fire
fighters - according to public safety agencies.
This in turn has affected rescue efforts in
emergencies where the radio of rescuepersonnel went dead due to overcrowding.
On the cyberfront, the SoBig.F virus spread
from unsuspecting computers when users
open email file attachments with familiar
headings such as, Thank You and
Re: Details. Once opened, the SoBig.F
virus used the infected computer to re-send
itself to the next wave of victims, and
signed the email with a random name andaddress using the computers address book.
And Responding To Worms & Viruses Effectively
Spotlight on Business
TECHOLOGY & SECURITYRISK SERVICES
-
8/3/2019 Developing a Crisis Management Portal
3/4
The virus, which originated from a sex-
oriented Internet discussion group, spread to
hundreds and thousands of computers and
sent out millions of virus-infected emails,
causing massive traffic congestion problems
for companies network systems. Computer
administrators scrambled to identify the
source of the problem, and email, which is
depended heavily upon, was suspended for
outbound and inbound traffic.
So what sort of a tragedy and ho w many
wil l i t take , for companies to s ta r t
for a crisis, evaluating the potential
type of crisis, taking into account the
probability, setting up a loss event
sys tem, and the mechanisms for :
anticipation (key risk indicators),
d iagnos i s ( s e l f a s se s sment ) ,
development of plans (strategy and
development), training and awareness
(information database).
! The During Stage, is concerned
with the deployment of plans (plan
repository, database) based on the
the r i s k o f los s r esu l t ing f rom
inadequate or failed internal processes,
people and systems or from external
events.
According to the paper, it is important
to note that this definition is based on
the underlying causes of operational risk.
It seeks to identify why a loss happened
and at the broadest level includes the
breakdown by four causes : people ,
processes, systems and external factors.
17
thinking about how they would respond
to a disruptive event? And what lessons
can we learn from them?
FRAMEWORK FOR A CRISISMANAGEMENT PORTAL
The development of a crisis management
plan can be enabled with the use of
t e chnology; us ing a por ta l ba sed
approach that can support the drafting
and build-up of the knowledge, plans,
a s se s sment and moni tor ing of the
effectiveness of the plans when it needs
to be deployed.
The f ramework can be divided into
three stages:
! The Before Stage, which focuses
on the organisation preparing itself
crisis encountered, command centre
reporting, and resuming to normal as
quickly as possible. This calls for
intensive coordination, communication,
reaction and monitoring.
! The After Stage, will focus on the
assessment of the impact, damage and
future prevention; and if possible withearlier anticipation, analysis, learning
from the mis takes and update of
the los s /nea r mis s in to the los s
event system.
DEVELOPING A LOSS EVENTDATABASE
A definition from a paper prepared by the
Risk Management Group of the Basel
Committee, defines operational risk as:
As such, processes will need to be put
in place for the collection and analysis
of loss data. Depending on the nature
of a companys activities, the industry
and the landscape in which it operates,
there does not exist today an industry
standard for collecting and analysing
ope ra t iona l los s da ta . And i t i s
only when such loss data is collectedand s tored in a manne r tha t w i l l
facilitate analysis, can we than design
the Key Risk Indicators (KRIs) and
Control Self Assessment Program. In this
way, the future and respectively the
future events become less unexpected,
unknown and unpredictable.
Spotlight on Business
-
8/3/2019 Developing a Crisis Management Portal
4/4
DEVELOPING THE PLAN IN THEBEFORE STAGE
The use of t e chnology co l la t ing
information in the development of plans
offers several advantages. For one, it
allows users a single point of access to
submit the information in pre-defined
templates with explanatory notes to
assist them in understanding the required
information to be entered. Depending on
the need, process and dependencies can
also be linked so that the full picture
can be seen.
18
as the steps to be followed based on the
scenarios planned. Multiple tasks from
an occurrence, through response and
recovery, can be guided from the plans
s tored in the por ta l , which can be
accessed via a connected link.
! Standa rd Ope ra t ing Procedure s
(SOPs) integrate with emergency
plans, provide real-time modification
or additions to SOPs as conditions
more effective and efficient channel to
maintain the crisis management plan,
relevant information, and preventive
moni tor ing mechanisms wi th the
ava i lab i l i ty o f a command cen t rereporting when needed.
Regardless of the source of crisis: a
natural phenomenon, human activity or
inactivity. and no matter what type it is:
destructive or not; sudden, emerging or
stable, it goes through several stages.
According to the experts, the number of
those stages differs, ranging between
three and f ive . But the former a re
unanimous in that, crisis management
involves all procedures, initiatives and
activities carried out before, during
and after the crisis event.
However, in the final analysis, it is the
board of direc tors who must e f fec t
policies to ensure that the company is
ac t ing responsibly, and is sui tably
prepared to deal with crises. Critical
success factors will require investment
in the people with the right capabilities,
and deployment through the enterprise
to ensure i t s subs ta inab i l i ty . This
inc ludes focus ing on , no t on ly the
ini t ia t ives tha t a re direc t ly re la ted
to profits, but also those that are related
to reducing risks and preventing chaos
in a crisis - by avoiding the pitfalls
of catastrophe.
John Ho Chi (email :john.ho-chi @sg.ey.com)
is a Pri ncipal of Ernst & Young Technology& Securit y Risk Services
warran t , and au toma t ica l ly log
procedure status to completion;
! Emergency contact l ist mentioned
earlier also provides a log of both
training and certifications of staff and
other organisations personnel who,
when a s s igned , a re r ecorded
automatically in the incident log;
! Dashboa rd t echnology can be
incorporated to create a briefing tool,
showing key indicators of the real-
t ime response capabi l i t ies of the
organisa t ion in both tabular and
graphical formats.
IN CONCLUSION
At the end of the day, the goal of the
portal is not to save money. But allow a
Mil l ions of virus- infected emailscausing massive t ra f f ic congest ionprob lems fo r compan ies ne tworksystems sent computer administratorsscrambling to identify the source oft he problem.
Having stored them in electronic form,
the same single point of access will also
facilitate the search for information
through a menu structure tailored for the
organisation resulti ng in faster access to
information.
In peace time, the simulation testing
of the plans wil l a l low users to befamiliar with the framework, and its use
a l low for f lexibi l i ty of access and
refinement of the specifications needed
to support the crisis.
USING THE PORTAL IN THEDURING AND AFTER STAGE
When a c r i s i s i s me t , the contac t
management database will allow the
Crisis Management Team to identify the
points of contact for activitation, as well
Spotlight on Business