THE USE OF TRIZ IN BUSINESS CONTINUITY PLANNING



Similar documents
Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Continuity of Operations Planning. A step by step guide for business

NCUA LETTER TO CREDIT UNIONS

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Business Continuity Planning and Disaster Recovery Planning

Table of Contents... 1

Business Continuity and Disaster Planning

HURRICANE DISASTER PREPARATION CHECKLIST AND BUSINESS CONTINUITY PLAN

Business continuity plan

BUSINESS IMPACT ANALYSIS.5

Business Continuity Planning. Presentation and. Direction

Business Continuity Template

FORMULATING YOUR BUSINESS CONTINUITY PLAN

Business Continuity Planning (800)

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!

Vermont Division of Emergency Management and Homeland Security Business Disaster Preparedness Workbook

Business Continuity White Paper

Disaster Preparedness for Persons with Mental Health Needs

Ohio Supercomputer Center

Creating a Business Continuity Plan for your Health Center

Offsite Disaster Recovery Plan

Business Unit CONTINGENCY PLAN

Business Continuity Planning for Risk Reduction

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Unit Guide to Business Continuity/Resumption Planning

2014 NABRICO Conference

Business Continuity and Disaster Recovery Planning

Emergency Response and Business Continuity Management Policy

IF DISASTER STRIKES IS YOUR BUSINESS READY?

Table of Contents ESF

11 Common Disaster Planning Mistakes

UNITED CHURCH OF CHRIST LOCAL CHURCH DISASTER PREPAREDNESS AND RESPONSE PLANNING GUIDELINES

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Business Continuity Planning

BUSINESS CONTINUITY POLICY

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Business Continuity Planning for Schools, Departments & Support Units

Creating a Business Continuity Plan

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

The Joint Commission Approach to Evaluation of Emergency Management New Standards

Business Continuity Management

Disaster Recovery Plan Checklist

Building Economic Resilience to Disasters: Developing a Business Continuity Plan

Disaster Recovery Planning

Ready for Anything BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS. Plan to Stay in Business

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Business, Resiliency and Effective Disaster Recovery. Anne Kleffner, PhD Haskayne School of Business, University of Calgary

Clinic Business Continuity Plan Guidelines

Temple university. Auditing a business continuity management BCM. November, 2015

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Disaster recovery planning 38 Success Secrets - 38 Most Asked Questions On Disaster recovery planning - What You Need To Know

BUSINESS CONTINUITY PLANNING GUIDELINES

Business Continuity and Disaster Recovery Planning

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

Andres Llana, Jr. INSIDE. Upper Management s Role; Delegating Responsibilities; Minimum Plan Outline; Business Impact Analysis

TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY

Guideline on Business Continuity Management

Disaster Recovery. Tips for business survival. A Guide for businesses looking for disaster recovery November 2005

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Why Should Companies Take a Closer Look at Business Continuity Planning?

Cisco Disaster Recovery: Best Practices White Paper

Disaster Recovery and Business Continuity with E-Commerce Businesses

Is your business ready for a disaster? Ten questions to help you determine the answer.

DISASTER RESPONSE: MANAGING THE ENVIRONMENTAL RISKS. By Frank Westfall and Robert Winterburn

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

Business Continuity Planning Preparing Your Organization

Building and Maintaining a Business Continuity Program

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

Constructing a successful business continuity plan

Community Disaster Recovery: A Framework Approach

Developing a Business Continuity Plan... More Than Disaster

Prepared by Rod Davis, ABCP, MCSA November, 2011

HURRICANE PLAN CAN HELP BUSINESSES WEATHER A STORM. By Gerald Dunlop USA Small Business Development Center

Overview of Business Continuity Planning Sally Meglathery Payoff

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Protecting your Enterprise

Disaster Recovery 81 Success Secrets. Copyright by Michelle Stein

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL (630)

DISASTER RECOVERY PLANNING GUIDE

Workforce Solutions Business Continuity Plan May 2014

Clinic Business Continuity Plan Guidelines

Preparing for. a Pandemic. Avian Flu:

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Risk Assessment Guide

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

Emergency/Disaster Response Plan

BUSINESS CONTINUITY PLAN OVERVIEW

Business Continuity Planning (BCP) / Disaster Recovery (DR)

You Can t Sue a Disaster. Assess your risk, plan for disruption, protect your firm

IT Disaster Recovery and Business Resumption Planning Standards

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Disaster Prevention and Recovery for School System Technology

Company Management System. Business Continuity in SIA

Data Center Refresh: Build or Buy?

Midsize Enterprise Summit Business Continuity Questions

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

10 STEPS TO BUSINESS CONTINUITY

Transcription:

THE USE OF TRIZ IN BUSINESS CONTINUITY PLANNING Jack Hipple Innovation-TRIZ Tampa, FL Steve Elliott Elliot Consulting Tampa, FL Abstract The principles of TRIZ continue to find applications in fields outside their original application in engineering and technical problem solving. The past few years we have reported applications in management and organizational problem solving, ergonomics and human factors, and consumer product design. This year we want to review an application of TRIZ and its normal algorithms and tools, as well as its reverse version, in an important new area---business continuity planning (BCP). TRIZ in reverse inverts the traditional TRIZ algorithm and provides a mental process for identifying potential failure mechanisms that may not be found via normal check list processes in wide spread use such as HAZOP (Hazardous Operations Analysis) or FMEA (Failure Modes and Effects Analysis). Using TRIZ in reverse has identified failure routes that were not able to be identified via these processes in the banking, chemical, and food processing industries. Reverse TRIZ its application to business continuity planning (BCP) is discussed. BCP is a particularly important current concern given present day severe weather and terrorist concerns. I. Business Continuity When a business considers the broad topic of business continuity, it is considering what is involved in maintaining all aspects of its business through any emergency or disaster in a transparent and seamless way to its markets and customers. If this is done correctly, a customer would never know that a disaster ever occurred or that it had any affect on its supplier. This would be a TRIZ definition of an ideal result the business continues without any interruption of any sort at any time. When a business considers its response to disaster situations (weather, epidemic, terrorism, sabotage), the usual immediate concern is for potential loss of personnel and equipment and how to replace them or their functionality on a short term basis. Temporary facilities, collaborative supply relationships, and emergency assistance are normally the primary basis for this planning. Time frames of days are normally considered. Occasionally, planning around time frames of weeks may be considered. However, as hurricane Katrina taught us, months and years may be more appropriate. Then there is the issue of scope. If we look solely at the headquarters building or the primary manufacturing plants, we are certainly looking at core concern areas, but hardly the entire scope of business continuity. Business continuity includes not only manufacturing and sales, but product delivery and customer service, warranty response, cash management, and a myriad of other issues. Let s consider all the elements of

analyzing maintaining business continuity, not just short term survival. We will note how some basic TRIZ concepts can be integrated into the thinking A. Risks and Vulnerability Assessment. Vulnerability depends on the nature of the business, the nature of the disaster that occurs, and the vulnerabity of that business to many different potential crises. It is critical to distinguish between general vulnerability such as building impacts, equipment damage, and loss of operating personnel vs. the functions necessary to maintain a business. In the TRIZ community, we are accustomed to thinking in terms of functions rather than equipment or devices and this same thinking applies in the BCP area as well. For example, when we think of vulnerabilities, are we describing the vulnerability of our order processing center computers or the ability to provide information on customer orders? If our orders are processed outside of our main computer facilities by a third party, then our risk and vulnerability assessments are totally different compared to vulnerabilities if they are contained within our primary building. For example, our headquarters building may be located in a flood prone area, but the third party order processing may be in a tornado or earthquake prone area. The vulnerabilities are quite different. If we put on our TRIZ hats, we might ask: 1. How can the vulnerabilities identify themselves? 2. What resources are required to minimize risks? Have we considered both our internal and external sources? Vulnerability can also time related. If the local McDonald s fast food store is closed for a few days, customers are likely to return. If it is closed for several months, it is highly likely that its former customers will have tried other places to eat and possibly have found another favorite place and never return as steady customers. What resources are required as a function of time? What is the ideal way of handling retail store closure over an extended time? How can the business sustain itself? Then there is the functional nature of the vulnerability. For example, if a business sales force works entirely out of individuals homes away from a headquarters facility and uses only cell phones for communication, then this function may be virtually unaffected by a physical disaster at headquarters, but highly vulnerable to specific local conditions where the sales people live or the destruction of a cell phone tower. It is also possible that, in a major metropolitan area, cell phone communication may be totally disrupted by an electromagnetic pulse, while conventional land line communication is unaffected. The vulnerabilities of a given business and its functions are a strong function of how, when, and where its functions are carried out. B. Crisis Management and Mitigation. No matter what the nature of the emergency, an enterprise needs to deal with the immediate situation, no matter whether it is loss of utilities, flooding, or flu outbreak. Again, many organizations

have not adequately thought through even these short term responses. If a facility handles hazardous materials, crisis management also includes proper community communication. From a TRIZ perspective, how can the crisis manage itself? What resources are required? What contradictions must be dealt with? C. Communication. In times of crisis, communication is paramount. This includes communication to employees, customers, suppliers, and surrounding neighbors and governmental agencies, especially if the crisis involves any kind of a safety or hazardous material issue that might affect public welfare. Dealing with communication issues can be quite different if the enterprise workforce is dispersed. Instead of a large centrally located communication group, we could have reservation and sales agents working out of their homes around the country, such as with Jet Blue Airlines. What resources can be used in a crisis? How can the communication occur automatically to the extent needed and wherever it is needed? D. Risk Management. This is different than crisis management. This involves assessing and mitigating the physical and financial risks that are potentially involved in a crisis and its aftermath. It is not possible to eliminate all risks, but intelligent planning can minimize the potential risk. The types of risks will vary not only with the degree of the hazard, but the nature of the business. It is also greatly affected by the physical nature of an organization s infrastructure. A business such as Starbucks with a café on every corner needs to have a quite different risk management program (with say, food contamination) compared to that of Amazon.com which operates no storefronts but has a huge one-location warehouse from which all shipments are made in response to Email orders. What previously not thought about resources might we used to minimize risk? Have we considered the entire list of possible resources Materials? Time? Before? During? After? People? Fields? Function conversions? Space? Examples of each of these could be backup disks, pre-planning time, contractors, paper to electronic record copies, loss of power triggering automatic responses and results. E. Business Recovery. How does a business recover after a crisis or emergency? That depends a great deal on how well it has prepared ahead of time. From a TRIZ ideality standpoint, the customer would never realize that their supplier had ever had any kind of crisis or business interruption in the first place. An example of not doing this properly was provided with a recent major outage of fiber optic cable service in Florida when a construction crew cut a primary fiber optic cable providing TV and Internet service to much of the state and the back up plan was in place, but the back up service was via a cable through New Orleans which had not been repaired from hurricane Katrina s impact. Customer service was interrupted for over 8 hours.

In our recovery plans, have we considered all the resources that might be available? Have we challenged the availability of these resources? What contradictions might prevent their use? II. The reverse TRIZ Algorithm and how it can assist in this process Though there are many versions of the basic TRIZ/ARIZ algorithm, let s consider the most basic of these as it is more than sufficient to deal with most business continuity cases we have considered: 1. Define the focus for problem solving (Note: this in itself can be a long effort in itself and has its own algorithm) 2. State/envision the ideal result 3. Identify and use existing resources 4. Resolve contradictions that prevent an ideal state (possibly through the use of TRIZ 40 principles and separation principles If we invert this algorithm for business continuity, we get this: 1. Define the ideal result (we desire the business to continue through any conditions) 2. Invert this ideal result (we do not want the business to continue during a crisis or emergency) 3. Exaggerate the inverted ideal state (we never want the business to survive under any crisis condition 3. Identify resources and conditions that would allow and assist this in happening 4. If contradictions are identified that may prevent a negative impact, how would they be resolved to allow them to happen? Let s quickly review some applications where this saboteurial thinking has been applied. The details of some of these applications are confidential, but the general nature of the application can be easily understood. In a banking application, a normal commercial bank and its Internet subsidiary were having excessive electronic bank fraud. This technique was used to identify routes of access and compromise not identified by normal check listing techniques. In a chemical plant release scenario 1, a toxic gas release situation was analyzed providing breakthrough ideas not provided by conventional HAZOP analysis. In a food lysteria bacteria contamination problem, routes for contamination were identified, minimizing future potential poisonings and liability. Lastly software code analysis was improved through the use of saboteurial thinking and providing improved user reliability.

III. Application to Business Continuity Let s now look at how this inverted TRIZ algorithm can be used to improve the elements of business continuity planning discussed earlier. They are currently being applied with clients concerned with hurricane and weather vulnerabilities. A. Risks and Vulnerability Assessment. When we apply the TRIZ algorithm in reverse, we ask how can we make the enterprise vulnerable at all times under all conditions? How would we make sure that our business was always vulnerable? Going through the entire list of resources (from a TRIZ perspective), how could we use each of them to make our business and enterprise more vulnerable and the risks higher? How could our inventory be a liability? How could our utility system be a positive and not a negative? B. Crisis Management and Mitigation. How would we make sure that no one was informed of the nature of the crisis? That everyone assumed the worst because they had no information? The press reported erroneously because they had no information? How would we make sure this happened? C. Communication. How can we make sure that there is no communication to anyone in a time of crisis? How would we accomplish this? Communication is totally inaccurate and causes the wrong response of emergency response agencies? Our employees to do the exact opposite of what we would like them to do? When reporters do not have complete information, don t they tend to make assumptions and guesses, either exaggerating or hypothesizing? D. Risk Management. How can we make sure, with all the resources we have available, that we have no control over risk? That we have no knowledge of the extent of potential risk? That we have insured against all the wrong risks? E. Business Recovery. How can we make sure the business never recovers? What resources do we need to accomplish this? Are they available? Where could we find them? If so, how can their impact be maximized? Another way of using this process is to challenge a developed business continuity plan using TRIZ thinking in reverse. Business continuity planning (BCP) today 2 consists primarily of check listing against known areas of concern: 1. Client locations, type, functions performed 2. Business processes and tolerance for both downtime and data loss 3. For each business process, a definition of software required, support environment, necessary internal staff 4. Hardware support required internal, external, on site, off site, both? How managed? 5. Identification of critical data 6. Nature of manufacturing operations. Utility reliability? Site access?

7. Supply chain. Delivery methods, lead times, contact process, Vendors BCP plan? What alternative sources or materials may be usable and available? 8. Maintenance of customer service. Phone? Fax? Text messaging? 9. Accounting. Order entry, billing and invoicing? Purchasing? Banking relationships? For each of these audit areas and a developed plan, we would use TRIZ in reverse p to analyze it and determine how to make sure that it is not functional. This analysis would then be used to further improve the quality of the business continuity plan. TRIZ tools such as substance field modeling and cause and effect diagramming, potentially involving commercial TRIZ software products, or paper and pencil versions of them, can be very useful in group settings in the outline of a business continuity plan. Conclusions The area of business continuity planning (BCP) has become a highly important new focus area for virtually all major enterprises. TRIZ has many tools that can assist in greatly improving and achieving seamless business continuity. References and Resources 1 Hipple, Jack Using TRIZ in Reverse to Analyze Failures, Chemical Engineering Progress, May 2005 2 Elliot, Steve Business Continuity Strategies, www.elliot-consulting.com Edwards, Aton. Preparedness Now! Paragon Press, 2006 Kaplan, Stan, et.al. New Tools for Risk and Failure Analysis, Ideation International, 1999 Process Safety Process, monthly publication of the American Institute of Chemical Engineers and the Center for Chemical Process Safety www.ccps.org www.innovation-triz.com www.elliot-consulting.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information