Overview
By mid-morning October 27th 2002 LASCAD became the top story of BBC. The cause for this was the LASCAD failed to process the telephone calls that sought immediate ambulatory assistance to get the patients to hospitals. The reports said, many patients were in a moribund state by the time the ambulances reached them. And some even had to experience the irrecoverable loss - the unfortunate demise.
So the reason for such a disastrous situation was the authorities failed to incorporate popper Risk Management, Contingency Planning and Disaster Recovery Strategies. This, post would hence provide an overview of the LASCAD phenomena in the Risk Management Perspective.
Fundamentally, any project is recommended to consider Risks in terms of:
- Risk Identification
- Risk Analysis
- Risk Planning
- Risk Trackging
- Control Measures
- Communication
Let us now see how LASCAD system would have prevented such a disastrous situation being realized in terms of Risk Management, Impact Analysis and Disaster Recovery.
Risk Management
In the Risk Management the rule of thumb is to first identify the Assets, Threats and Vulnerabilities associated with the organization and its Business Processes.
A. Asset Identification
- Information Assets - Medical Data, Caller Details, Ambulance Details, etc
- Paper Documents - Disclaimers, etc
- Physical Assets - Medical Equipment, Ambulances, etc
- Software - IS
- People- Patients, LAS Management, Headquarter Staff (esp. people in the Control Room) and Ambulance Staff
- Reputation - Reliability of LASCAD, Medical Data Protection
B. Threat Identification
- Technical - Hardware and Software
- Human - Sabotage, Human Error, Hostility towards the IS, Friction between the Management and the subordinates, Vague Objectives, Personal Agendas, etc
- Natural - Flood, Thundering, etc
- Absence of Medical Staff
- Unstable Network Connectivity
- Transmission over unprotected Communication Channels
- Budgetary Mishaps
- Natural Disasters
Impact Analysis
It is noted that when the LASCAD failed, they had a lot of trouble in switching to their backup system. There they failed to continuer their organizational operations smoothly. According to the Risk Assessment Framework by Wilcocks and Margettes 6 elements had been taken into consideration in the LASCAD failure.
- History: Prior Organizational Developments (Prior IS Success/Failure)
- Outer Context: Government, the Economy, Markets, etc
- Inner Context: Characteristics of the Organization (Strategy, Structure, Reward System)
- Content: Changes involved (Size of Project, Difficulty)
- Processes: How things are done and possible issues (Project Management, Staffing, Change Management Practices)
- Outcomes: Planned or unanticipated (Cost, Time, etc)
Business Continuity Management (BCM)
The developers of the LASCAD would have considered the following points in BC in the face of a disaster.
- Options (Cost to Implement,MTPoD, Consequences in Interruption, etc)
- People (Patients, LAS Staff, etc)
- Premises (Ambulance Depot, Control Centers, etc)
- Technology (IS, OROIN Standards over Project Management (PRINCE) )
- Information (Call Taking, Resource Identification, Resource Mobilization, Resource Management and Management Information)
- Supplies (multiple suppliers that can compensate amongst each other)
- Stakeholders (Patients, Staff, Media, etc)
Further, they would have crafted a comprehensive BCM response strategy that they should have periodically exercised and tested so as to improve their BCM response. So they would have easily switched over to their backup system when the LASCAD phenomena occurred.
Disaster Recovery
In conclusion they should have practiced the following strategies in quickly recovering from such a scenario:
- Properly documented Disaster Recovery Strategy
- Periodic Execution and Review of the Disaster Recovery Strategy
- Monitoring and Updating the executions
- Going up in the disaster recovery learning curve
No comments:
Post a Comment