Risk Management Business Contingency Plan Essay Example for Free

Risk Management Business Contingency Plan Essay The qualitative risk analysis performed in a previous report identified eight notable risks associated with setting up a call-center presence in Quà ©bec, Canada. As those risks are successfully managed, the call center will commence operation and start handling telephonic insurance requests from mostly French-speaking customers. (Only one-quarter of employees at this center will handle English-speaking calls from Canadian customers.) Because there will be a sole call center in Canada handling 100 percent of the French-speaking calls and one-quarter of English-speaking calls, it will be imperative to establish a business contingency plan, or BCP. Because of the aforementioned propensity for natural disasters in Canada, this plan will address continuity of business in the event of a natural disaster, such as a tornado. The specific areas of business continuity to be treated are 1. Pre-incident adjustments, 2. Ethical use and protection of sensitive data, 3. Ethical use and protection of customer data, 4. Communication plan, and 5. Post-incident continuity. The goal of this plan is to reduce pandemonium associated with natural disasters’ effects on normative business operations. Pre-Incident Adjustments It is important to understand the principal components that contribute to the locomotion of a well-functioning call center. These components include: 1. A functioning telephone-delivery system, also known as a PSTN 2. A functioning networking system for data sharing 3. A functional group of computers for customer processing 4. A functioning electrical system There are other less-crucial components that contribute to a normative operational environment, such as fax capabilities and office equipment. The focus, however, will be on major components. It is obvious that a call center requires the ability to manage inbound and outbound calls. A tornado of any strength has a high likelihood of disrupting this call management ability. (Please review the risk register and attendant risk report for more information on the level of severity and likelihood.) Public Switch Telephone Network The call center is dependent on a public switch telephone network, or PSTN. This is an array of externally managed networks employed to deliver calls throughout the world; this network uses coaxial cables, fiber optics, land lines, and satellite communication to support communication. A natural disaster can physically affect this aspect of the communication network, which effectively prevents the delivery of calls to the call center’s own internal automatic call-delivery system, or ACD. This is an obvious impediment to the nature of a call center. Networking System In order for call-center employees to make and receive calls, the PSTN must deliver the calls to the call center’s networking system, which comprises the business telephone system, or PABX, and high-speed data delivery lines, such as ISDN. If a tornado affects the PSTN, the call center’s networking system for call delivery would be useless, and no calls would be delivered or could be made. If the tornado damaged the call-center structure, the networking system would also fail, not only preventing the handling of calls but the appropriate transmission of data. If there are onsite servers or mainframes, they may also be damaged. Functioning Computers Computers are required in every aspect of call-center operation. Front-line employees cannot process calls or customer requests without access to a computer. Information-technology workers cannot support the existing call-center network without a computer to interface with the network. A direct impact of a tornado would most likely destroy a significant number of workstations, causing elevated levels of inefficiency and the inability to meet customer needs. Functioning computers and network lines are also important for what is referred to as the Intra-Day Management Team. This team is responsible for 1) the proper routing of calls to call-center representatives based on their skill set—referred to skill-set gating—and 2) managing the call-center employees’ phone and off-the-phone schedules—referred to adherence and conformance. Damage to telephone lines, networking structures, and computers prevents the proper support of the call-center employees, which results in missed commitments with telephonic customers. Functioning Electrical System The electrical system is managed by the public-utilities company of the local area. If a tornado sufficiently damaged this entity to prevent the consistent delivery of electricity to the call center, there may be a disruption to the ability to make and receive calls as well as process data. The call center employs backup power generators in such an instance, but these generators provide eight hours of power. In natural disasters, it is not unlikely that utilities companies will be able to restore service within weeks. For each of the communications components listed above, State Farm should establish a call-routing process to handle inbound and outbound calls in exigent situations. Call routing simply means that a national Intra-Day Management Team, a team that manages the overall statistics generated from all State Farm’s call centers and that supersedes the authority of local intra-day management teams, would direct calls from the Canadian center to any number of call centers in the United States. In theory, this concept is simple: Calls are routed to a random call center for processing. In reality, the execution of this process is complicated. State Farm’s call centers house representatives with specific skill sets, with some call centers sharing overall skill-set attributes with others. For example, State Farm’s call center in Jacksonville, Florida, shares the same skill set as its Tempe, Arizona, location. However, four other call centers house representatives that, internal to each call center, are multi-skilled and, external to other call centers, do not share the same skill set. For example, the Phoenix call center houses customer-service representatives and claims representatives—two mutually exclusive skill sets within one call center. The Utah call center houses Spanish-speaking risk-management representatives and non-polyglot underwriting professionals. The call centers are dissimilar in the skill attributes and overall functioning. Depending on the call volume handled by the damaged Canadian call center and based on the distinctions in the antecedent paragraph, routing Canadian customers to American centers can 1. Be tedious to find the appropriate representatives in the call centers to handle the calls 2. Be a negative influence on the call center’s existing metrics it is required to meet. The latter difficulty is notable, since each call center is required to meet specific service-level agreements set forth by operations managers at the national level. These service-level agreements comprise call statistics, such as average speed of answer, average hold time for calls answered, abandon rate (number of calls that disconnect before being answered), etc. These agreements do not account for natural disasters, so with the introduction of, for example, 400 calls to a particular call center, that call center’s ability to meet its own service-level agreements will most  likely be constrained. Considering the nature of service-level agreements is to ensure that telephonic customers are responded to within a reasonable time frame, the customer experience will decline, which will result in lower customer-satisfaction results. This reality correlates with lower profit-maximization opportunities; customers who must wait what they deem to be an interminable amount of time to have a request processed will be more likely to choose a competitor, such as All State, for their insurance needs. Another notable concern is that the Canadian call center answers mostly French-speaking calls. There are currently no other centers nationwide that have French-speaking representatives. At present, customers routed to other customer-service call centers would speak with customer-service representatives who would use a language vendor State Farm employs, ATT Language Line. With the assistance of a language professional from the vendor’s company, the State Farm representative can successfully handle the call. However, statistics demonstrate that these calls are extensively longer and negatively influence the customer experience. It is recommended, therefore, that State Farm seek to employ bilingual representatives throughout its call centers. Human resources would be responsible for managing this proactive initiative. Ethical Use and Protection of Data State Farm houses a staggering amount of proprietary sensitive data. This data must be ethically used and protected. Some examples of this sensitive data is call-center statistics that can expose the employee identification numbers of the Canadian call-center employees; human-resources information systems, or HRIS, containing employee records; and financial records of all payments made to vendors. The call-center statistics are stored onsite on a server. The reason for the onsite storage is the ready access to read and write to this information. Call-center statistics change constantly. For example, the average speed of answer will vary daily, depending on the call volume. The HRIS is also stored onsite on the same server that houses the call-center statistics. The reason that this data is resident on the same server as the call-center statistics is that they are interdependent. The HRIS will contain information on the results of previous-years’ performance evaluation; however, this performance-review data cannot be properly curated without input from call-center statistics. As an example, State Farm can justifiably offer a 10-percent salary increase to an employee because that employee met the calls-handled-per-hour metric, which is culled from call-center statistics. Technically, this data can be discretely stored, but an attention to efficiency demands otherwise. Pulling data sets from one location is more efficient than doing so from discrete locations. The call center has many vendor relationships, all of which require payment to sustain the contractual relationships. For example, all office equipment, excluding computers, is leased through Ricoh International. The call center makes quarterly lease payments for the use of this equipment. This is a financial relationship that requires each element be tracked and stored for tax-reporting purposes. This data is housed in a separate server onsite. The reason for onsite storage is ready access to reading and writing to this data. Similar to call-center statistics, this data constantly changes, so onsite storage offers an efficient way of handling this data. In the event of a natural disaster, the call center must adopt a data-redundancy mindset. Specifically, State Farm must house this data at a separate location, preferably in a different country. Doing so ensures that if a natural disaster were to affect all of Canada, this data, which is stored in Salt Lake City, would still maintain its integrity and can be readily accessed by American call centers that would temporarily manage the calls. Also, when housed offsite, the data should be maintained in the same fashion as it is onsite. Call-center statistics and HRIS data should be housed together due to their interdependence, and financial data should be housed  separately. Ethical Use and Protection of Customer Data Just as company data is important, the maintenance and protection of the integrity of customer data is imperative. Examples of State Farm customer data include customer name, Social Security number, insurance-policy identification number, mailing address, vehicle identification number, and credit-card information. As has been demonstrated with well-publicized data breaches in the past, there is a causal relationship between identity theft and dilatory security processes. Thus, State Farm should not take a languid attitude toward customer security. The abstractions from the customer profile are grouped in two: 1. Demographics: name, address, Social Security number, and license-plate information 2. Financial data: credit-card name and number, banking information, invoices, receipts, and tax documents Each categorization is housed on separate onsite servers, but the categories are connected by a primary key, that is, a record in each group that connects in order to create a complete customer profile. The primary key is name—the name field in the demographic group abstraction and credit-card-name field in the financial-data group abstraction. (This primary key is necessary in order for each representative to access a complete customer profile upon processing a customer request during a call.) In preparation for a natural disaster, this data must be stored offsite on discrete servers but still connected by a primary key. These servers must also be in another country, though they both can be offsite in the same country. When a natural disaster causes the Canadian call center to shutter temporarily, American call centers will still have access to complete customer profiles to add insurance riders or to make payments, since they will not have been affected by the natural disaster. It should also be clearly noted that this data must be stored, whether onsite or off, using the highest encryption, which is presently 256 bit. This encryption level is especially imperative for offsite storage. It mitigates against unauthorized access or breach of this customer data, which would surely lead to expensive and unnecessary lawsuits. Communication Plan A communication plan is a strategy, normally a project-management function, that details the process of effective communication during exigent situations, such as when a call center is damaged due to a natural disaster and is unable to function normally. To avoid chaotic discourse or managers leading at cross purposes, the communication plan offers structure and, thus, efficiency. Ultimately, it is a planning document. (Please note that the goal is always to ensure the customer’s needs are met; this can only happen when the company proceeds in a structured, well-planned fashion.) An effective communication plan has the following attributes: * Objectives * Stakeholder identification * Communication strategy Objectives are set forth in a scope statement. A scope statement is a sentence or series of sentences that define the parameters of the communication plan, that is, what the plan will manage, and what is out of its purview. Setting these boundaries is necessary in order to promote efficiency and structure. The objective of the State Farm Canadian call-center communication plan is to keep all shareholders updated on the drive to normative call-center functioning for the Canadian location. Stakeholder identification is also important, since doing so identifies the key individuals who will benefit from the communication plan. This is also  referred to as a stakeholder analysis. The reason to know the beneficiaries of the plan is so the plan can be crafted to meet their needs. State Farm’s communication plan for a natural-disaster event identifies external customers, shareholders, management, and even line-level employees as stakeholders. Each of these entities will gain a benefit from the successful execution of the plan. Communication strategy sets forth the details of how communication is to occur. For example, when the network fails due to damage from a natural disaster, the communication plan will explicitly designate the entities responsible for communicating and receiving the communication of this event. The communication strategy can be reduced to several components. First, a routine communication strategy must be set. This strategy identifies quotidian communication behaviors, for example, meetings that are held, issues that are identified, and the communication of status updates. Second, financial communication should be set. This aspect is important to internal stakeholders, since recovery from a natural disaster places a burden on limited company finances and, as a result, on their ability to earn profit. Questions that this portion of the communication plan addresses are 1. Is the cost of transferring calls to different American call centers aligned with expectations? 2. What are the current costs for repairing the Canadian call center? 3. What is the downtime cost for every day that the Canadian call center cannot take a call? This is not an all-inclusive list of queries. Third, this communication plan should provide updates on risks and issues that are identified during recovery from the natural disaster. This portion of the communication plan is dependent on prior risk registers and reports that were generated. When additional risks are identified or if additional  issues are noted, this portion of the plan identifies the entity that should be notified and updated. Two risks associated are delays in re-building permits and follow-up natural disasters that thwart rebuilding progress. Post-Incident Continuity The goal of this BCP is to ensure that the call center returns to the level of function prior to the natural disaster. To ensure continuity of the business after the natural disaster, the following must take place: 1. Collaboration with external entities to resolve any communication-line issues 2. Restoration of any communication lines managed by the call center 3. Possible repurchasing of office equipment, inclusive of computers 4. Reinstatement of laid-off employees 5. Rehousing of company data onsite 6. Rehousing of customer data onsite 7. Rehousing of financial data onsite 8. Redirection of routed calls back to the Canadian call center Depending on the severity level of the natural disaster, adjustments will have to be made to the Canadian call center’s service-level agreements. The average-speed-of-answer requirement is 95 percent, that is, 95 percent of all incoming calls must be answered within 30 seconds. This level would have to be upwardly adjusted to allot time for call-center homeostasis. Also, depending on the call center’s downtime, there may be an extenuating time period in which there are no statistics to generate. Such a scenario would have an overall negative influence on the achievement of yearly service-level agreements. It may also be conceivable to start to reroute calls back to the Canadian call center in a gradated fashion. For example, if the call center returns to mostly normal functioning in August, it may be helpful to route only 20 percent of normally handled calls back. Doing so allows the target call center to adjust sufficiently to avoid short-circuiting processes designed  for restoration that are already underway. With each successive month, rerouting can increase by 20 percent. Within five months, the call center would handle all the calls it originally handled, and it would do so within the service-level agreement. State Farm previously developed a risk register and attendant risk report to account for such natural disasters. After normative functions have been restored, call-center management, along with any other entities involved in the execution of the restoration project, should hold a lessons-learned session. The purpose of this session is to determine which executions of the restoration project, based on the risks identified before the natural disaster, were successful and which were areas of opportunities. This is a continuous-improvement aim. Adjustments may have to be made to various aspect of the restoration project to better respond to future natural disasters affecting the Canadian call center.

Information Systems Acquisition Development And Maintenance Information Technology Essay

Information Systems Acquisition Development And Maintenance Information Technology Essay The ISO 27002 standard is the new name of the ISO 17799 standard. It is code of practice for information security. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented. The standard which is to be established guidelines and general principles for initiating, implementing, maintaining, and improving information security management inside an organization. The actual controls listed in the standard are proposed to address the specific requirements identified via a formal risk assessment. The standard is also intended to provide a guide for the development of organizational security standards and effective security management practices and it is also helpful in building confidence in inter-organizational activities ISOs future plans for this standard are focused largely around the development and publication of industry specific versions. One of the content of the ISO 27002 is information system acquisition, development, and maintenance, the details of which are as follows:- Information Systems Acquisition, Development, and Maintenance (ISO 27002) Table of Contents Overview Standards Security Requirements of the information systems Correct processing of the information Cryptographic control Security of the system files Security in development and support processes Technical vulnerability Management Overview Information security must be taken into account in the Systems Development Lifecycle (SDLC) processes for specifying, building/acquiring, testing, implementing and maintaining IT systems. Automated and manual security control requirements should be analyzed and fully identified during the requirements stage of the systems development or acquisition process, and incorporated into business cases.   Purchased software should be formally tested for security, and any issues risk-assessed. The  Systems Development Life Cycle (SDLC), or  Software Development Life Cycle  in systems  and  software engineering, is the process of creating or altering systems, and the models and  methodologies  that people use to develop these systems. The concept generally refers to  computer  or  information systems. Systems Development Life Cycle (SDLC) is a process used by a  systems analyst  to develop an  information system, including  requirements, validation,  training, and user (stakeholder) ownership. Any SDLC should result in a high quality system that meets or exceeds customer expectations, reaches completion within time and cost estimates, works effectively and efficiently in the current and planned  Information Technology  infrastructure, and is inexpensive to maintain and cost-effective to enhance Standards ISO 27002: Information Security Management   Clause 12: Information Systems Acquisition, Development, and Maintenance Security Requirements of the information systems Security can be integrated into information systems acquisition, development and maintenance by implementing effective security practices in the following areas. Security requirements for information systems Correct processing in applications Cryptographic controls Security of system files Security in development and support processes Technical vulnerability management Information systems security begins with incorporating security into the  requirements  process for any new application or system enhancement. Security should be designed into the system from the beginning. Security requirements are presented to the vendor during the requirements phase of a product purchase. Formal testing should be done to determine whether the product meets the required security specifications prior to purchasing the product   Security requirements are established to ensure as an integral part of the development or performance of an information systems. The acquisition of a system or application often includes a Request for Proposals (RFP), which is a formal procurement process. During this process, security requirements need to be identified. Indiana University includes both  a security review and a security questionnaire as part of the RFP process. Learn more about this effective practice. The main objective of this category is to ensure that security is an integral part of the organizations information systems, and of the business processes associated with those systems. Correct processing of the information This category aims to prevent errors, loss, unauthorized modification or misuse of information in applications. Application design includes controls such as those to validate input/output data, internal processing,  and message integrity, in order to prevent erros and preserve data integrity. Input data validation  Data input in applications should be validated to ensure that the data is correct and appropriate.   Control includes use of both automatic and manual methods of data verification and cross-checking, as appropriate and defined responsibilities and processes for responding to detected errors. Control of internal processing Validation checks should be incorporated into applications to detect the corruption of information through processing errors or deliberate acts.  Ã‚   Control includes use of both automatic and manual methods of data verification and cross-checking, as appropriate and defined responsibilities and processes for responding to detected errors. Message integrity  Requirements for ensuring authenticity and protecting message integrity in applications should be identified, and appropriate controls identified and implemented. Output data validation  Data output from applications should be validated to ensure that the processing of stored information is correct and appropriate to the circumstances.   Control includes use of both automatic and manual methods of data verification and cross-checking, as appropriate and defined responsibilities and processes for responding to detected errors. Cryptographic control Objective of cryptographic is to  describe considerations for an encryption policy in order to protect information confidentiality, integrity, and authenticity. A cryptography policy should be defined, covering roles and responsibilities, digital signatures, non-repudiation, management of keys and digital certificates  etc. Certain data, by their nature, require particular confidentiality protection. Additionally, there may be contractual or other legal penalties for failure to maintain proper confidentiality when Social Security Numbers are involved, for example. Parties who may acquire unauthorized access to the data but who do not have access to the encryption key the password that encrypted the data cannot feasibly decipher the data. Data exist in one of three states: at rest in transit or undergoing processing. Data are particularly vulnerable to unauthorized access when in transit or at rest. Portable computers (holding data at rest) are a common target for physical theft, and data in transit over a network may be intercepted. Unauthorized access may also occur while data are being processed, but here the security system may rely on the processing application to control, and report on, such access attempts. This category aims to protect the confidentiality, integrity and authenticity of information by cryptographic means. Policy on the use of cryptographic controls. Policies on the use of cryptographic controls for protection of information should be developed and implemented.   Control includes Statement of general principles and management approach to the use of cryptographic controls Specifications based on a thorough risk assessment,  that considers appropriate  algorithm selections, key management and other core features of cryptographic implementations. Consideration of legal restrictions on technology deployments. Application, as appropriate, to data at rest and fixed-location devices, data transported by mobile/removable media and embedded in mobile devices, and data transmitted over communications links and specification of roles and responsibilities for implementation of and the monitoring of compliance with the policy key management.  Key management policies and processes should be implemented to support an organizations use of cryptographic techniques.   Control includes procedures for distributing, storing, archiving and changing/updating  keys recovering, revoking/destroying and dealing with compromised keys; and logging all transactions associated with keys. Security of the system files The main objective is to ensure the security of system files. Security requirements should be identified and agreed prior to the development or acquisition of information systems. Security requirements analysis and specification An analysis of the requirements for security controls should be carried out at the requirements analysis stage of each project. Control of operational  software. Procedures should be implemented  to control the installation of software on operational systems, to minimize the risk of interruptions in or corruption of information services.   Control includes: updating performed only with appropriate management authorization; updating performed only by appropriately trained personnel; only appropriately tested and certified software deployed to operational systems; appropriate change management and configuration control processes for all stages of updating; appropriate documentation of the nature of the change and the processes used to implement it; a rollback strategy in place, including retention of prior versions as a contingency measure; and Appropriate audit logs maintained to track changes. Access to system files (both executable programs and source code) and test data should be controlled. To ensure that system files  and sensitive data in testing environments  are protected against unauthorized access, and that  secure code management systems and processes are in place for configurations, software, and source code. Documented procedures and revision control systems should be utilized to control software implementation for both applications and operating systems. New York University described their approach in the presentation. Protection of system test data  Ãƒ ¢Ã¢â€š ¬Ã‚ ¢ Test data should be selected carefully and appropriately logged, protected and controlled. Access control  for program source  code  Ãƒ ¢Ã¢â€š ¬Ã‚ ¢ Access to program source code should be restricted.   Control includes: appropriate physical and technical safeguards for program source libraries, documentation, designs, specifications, verification and validation plans; and maintenance and copying of these materials subject to strict change management and other controls. Security in development and support processes This category aims to maintain the security of application system software and information. Change control procedures  The implementation of changes should be controlled by the use of formal change control procedures.   Control includes: a formal process of documentation, specification, testing, quality control and managed implementation; a risk assessment, analysis of actual and potential impacts of changes, and specification of any security controls required; a budgetary or other financial analysis to assess adequacy of resources; formal agreement to and approval of changes by appropriate management; and appropriate notification of all affected parties prior to implementation, on the nature, timing and likely impacts of the changes; Scheduling of changes to minimize the adverse impact on business processes. Information leakage Opportunities for information leakage should be appropriately minimized or prevented.   Control includes: risk assessment of the probable and possible mechanisms for information leakage, and consideration of appropriate countermeasures; regular monitoring of likely information leak mechanisms and sources; and End-user awareness and training on preventive strategies (e.g., to remove meta-data in transferred files). Application system managers should be responsible for controlling access to [development] project and support environments.   Formal change control processes should be applied, including technical reviews.   Packaged applications should ideally not be modified. Checks should be made for information leakage for example  via  covert channels and Trojans if these are a concern. A number of supervisory and monitoring controls are outlined for outsourced development. One of the security layers that can expose serious vulnerabilities is the application layer. Inventorying and securing all applications, software interfaces, or integration points that touch sensitive data is crucial in any organization that handles personal identity data, HIPAA, PCI, or any data that can lead to identifying confidential information. Unfortunately, this layer is subject to extensive variations and stretches across many technologies, human competencies, and organizational controls, practices, and standards. As such, it is difficult to secure and sustain, usually requiring departments to re-evaluate much of their software development, acquisition, and production control organization, staffing, and practices. Moreover, since applications are enhanced to adapt to changing business needs relatively often, even while the technology they depend on may also be changing, a consistent and routinized approach to maintaining their security must be adopted. Fortunately, there are many excellent resources to help organizations get started. a formal process of documentation, specification, testing, quality control and managed implementation; a risk assessment, analysis of actual and potential impacts of changes, and specification of any security controls required; a budgetary or other financial analysis to assess adequacy of resources; formal agreement to and approval of changes by appropriate management; and appropriate notification of all affected parties prior to implementation, on the nature, timing and likely impacts of the changes; scheduling of changes to minimize the adverse impact on business processes Technical vulnerablility Management Technical vulnerabilities in systems and applications should be controlled by monitoring for the announcement of relevant security vulnerabilities, and risk-assessing and applying relevant security patches promptly. To ensure that procedures are implemented to mitigate and/or patch technical vulnerabilities in systems and applications. Control of internal processing  Validation checks should be incorporated into applications to detect the corruption of of information through processing errors or deliberate acts.  Ã‚   Control includes: use of both automatic and manual methods of data verification and cross-checking, as appropriate; and defined responsibilities and processes for responding to detected errors. This category aims to reduce risks resulting from exploitation of published technical vulnerabilities. Control of technical vulnerabilities  Timely information about technical vulnerabilities of information systems used by the organization should be obtained, evaluated in terms of organizational exposure and risk, and appropriate countermeasures taken.   Control includes: A complete inventory of information assets sufficient to identify systems put at risk by a particular technical vulnerability; Procedures to allow timely response to identification of technical vulnerabilities that present a risk to any of the organizations information assets, including a timeline based on the level of risk; Defined roles and responsibilities for implementation of countermeasures and other mitigation procedures. Conclusion Sadly it is not a perfect world and when breaches of security do occur, for whatever reason, it is important to contain the result by reporting the incident and responding to it as quickly as possible. To whom should an incident be reported? What information will that person need to know? What precautions should one take to limit the organizations exposure to the security breach? It is essential that all staff know what comprises an information security incident and also a security weakness and to whom they report it. At the same time it is essential that all management know how to respond if they are on the escalation process for information security incident management reporting or escalation. It may be that there will be little or no time to organise a response to the incident, in which case the more thinking which has gone into the response procedure the better placed the organisation will be to deal with it. Documented and practices information security incident management procedures should be developed and practiced. Whilst information security incidents are not a desired outcome for any organisation, they must learn, and their staff must learn, from them to prevent them occurring again. A process of learning from such incidents by use of induction training, ongoing awareness training or other means should be undertaken and all staff, contractors and third parties should be undertaken. Remember that if the response is likely to include formal disciplinary action then the full process should be formally described and approved by the organisational management to remove the possibility of dispute after the event. If evidence is to be collected it should be done by competent staff and with due regard for rules of evidence for the jurisdiction.

Prospero’s Loss in Shakespeares The Tempest Essay -- Tempest essays

Prospero’s Loss in The Tempest       Shakespeare’s The Tempest is a play about loss - more specifically, Prospero’s loss. Prospero is a tragic hero, in a sense, because he makes the transition from having everything to having nothing. He loses his daughter. He brings his enemies under his power only to eventually lose control and release them. In the end, he gives up his influence on the world – including his incredible power over nature itself. The Tempest can be seen as a tragic play because of a few elements – Prospero is a dominant figure who must have revenge in return for the wrongs inflicted upon him, and, in his fury, he manages to destroy his enemies as well as his own humanity and his daughter’s future.    Prospero is shown to be somewhat of a dictator in The Tempest. He doesn’t speak to the other characters, instead he dictates â€Å"at† them. Rather than converse with his daughter Miranda, Prince Ferdinand, and Ariel, he tells them his thoughts with no intention of receiving a response. At the end of Act IV Prospero is caught up in the ecstasy of punishing and determining the fate of ... ... William Shakespeare. Cambridge: Harvard UP, 1958. xlii. Palmer, D. J. (Editor) The Tempest - A Selection of Critical Essays London: MacMillan Press Ltd., 1977. Shakespeare, William. The Tempest. The Riverside Shakespeare. Ed. G. Blakemore Evans, et. al. Boston: Houghton Mifflin Company, 1974. Solomon, Andrew. "A Reading of the Tempest." In Shakespeare's Late Plays. Ed. Richard C. Tobias and Paul G. Zolbrod. Athens: Ohio UP, 1974. 232. John Wilders' lecture on The Tempest given at Oxford University - Worcester College - August 4th, 1999. Prospero’s Loss in Shakespeare's The Tempest Essay -- Tempest essays Prospero’s Loss in The Tempest       Shakespeare’s The Tempest is a play about loss - more specifically, Prospero’s loss. Prospero is a tragic hero, in a sense, because he makes the transition from having everything to having nothing. He loses his daughter. He brings his enemies under his power only to eventually lose control and release them. In the end, he gives up his influence on the world – including his incredible power over nature itself. The Tempest can be seen as a tragic play because of a few elements – Prospero is a dominant figure who must have revenge in return for the wrongs inflicted upon him, and, in his fury, he manages to destroy his enemies as well as his own humanity and his daughter’s future.    Prospero is shown to be somewhat of a dictator in The Tempest. He doesn’t speak to the other characters, instead he dictates â€Å"at† them. Rather than converse with his daughter Miranda, Prince Ferdinand, and Ariel, he tells them his thoughts with no intention of receiving a response. At the end of Act IV Prospero is caught up in the ecstasy of punishing and determining the fate of ... ... William Shakespeare. Cambridge: Harvard UP, 1958. xlii. Palmer, D. J. (Editor) The Tempest - A Selection of Critical Essays London: MacMillan Press Ltd., 1977. Shakespeare, William. The Tempest. The Riverside Shakespeare. Ed. G. Blakemore Evans, et. al. Boston: Houghton Mifflin Company, 1974. Solomon, Andrew. "A Reading of the Tempest." In Shakespeare's Late Plays. Ed. Richard C. Tobias and Paul G. Zolbrod. Athens: Ohio UP, 1974. 232. John Wilders' lecture on The Tempest given at Oxford University - Worcester College - August 4th, 1999.

HIV and Aids :: Medical Health Medicine Essays

HIV and Aids In Junior High, when we were in sex education class, we were told about AIDS and HIV. We learned that being HIV (Human Immunodeficiency Virus) positive eventually led to AIDS (Acquired Immune Deficiency Syndrome), which eventually led to death. We were taught this and never really doubted it. The AIDS pandemic is global and an estimated 40 million people are infected. None of them have been cured. The amount of funding for AIDS research is not small. A plentiful amount of drugs are available to patients diagnosed with AIDS or HIV. Some AIDS patients take "cocktails" of pills, which often lead to serious physical side effects. Some "cocktails" can mean ingesting 25 pills a day. There has been much talk about finding an AIDS Vaccine, but there have been no definite results as of yet. She created a stir in the media when she appeared on ABC News 20/20(1). Her person She has been called an unfit mother, a heretic, and has been compared to those who believe the Holocaust never happened. The reason for such a stir is because she is HIV positive, doesn"t take any medications whatsoever, questions whether HIV causes AIDS, has published a book called What if Everything You Thought You Knew About AIDS Was Wrong?, has unprotected sex with her husband, has an untested 3 year old son who she breast-fed at birth (the virus can be transmitted in utero, during birth, or through breast feeding), and is pregnant with her second child. Her name is Christine Maggiore and she as well as other dissidents have aroused both anger and support from AIDS and HIV communities. The difference between being HIV positive and having AIDS is that having AIDS means that a person must be HIV positive and either have a T-cell count below 200 or have one of the CDC"s (Center for Disease Control) 28 opportunistic infections. Christine Maggiore started questioning the connection between HIV and AIDS and the HIV and AIDS testing process when certain things she was told about AIDS and HIV did not add up with her situation. She speaks about how she "started really thinking about what AIDS doctors and educators told me rather than just accepting everything as true and correct." Doctors had told her that from her T cell count, she had a recent new infection.

Effective resource allocation among the various economic systems Essay

Effective resource allocation among the various economic systems Introduction Efficient utilization of economic resources by different economic systems            An economic system is scenario whereby goods and services produced in a country or an entity and the resources within are distributed within the existing subsystems. The subsystems in this context entail the combination of agencies, entities and consumers that make an economic structure of a certain community. Or the various sub structures within an entity. The interlinking capacity within these subsystems is the one which makes information and resources to flow between them. One characteristic of a subsystem is the utilization of resources between the involved structures. Normally the inherent trait in resources is the fact that, they are scarce and as such efficiency is imperative for an economic system to survive with the little resources.            In an economic setting there are four defined factors of production, which are, land, capital, labor and entrepreneurship. All this factors have the quality of scarcity, and unless utilized effectively there is larking quality of disorganization within an economic system. The various economic systems in the world economy have their own way of utilizing these scarce resources. This essay will argue the characteristic of effective sharing of resources within command, free enterprise, mixed and transitional economies. Also the essay will argue on effective resource allocation in private and public sector initiative and also private finance initiatives.            In a capitalistic economy, the most crucial form of economic system is the free enterprise economy. This form of a system is free or rather shielded from government interference. The economy promotes free flow of ideas and implementation. This does not mean that the government is never involved when a situation calls. Hence it is a free enterprise regime where there is a minor possibility of government intervention. The inherent characteristic in this kind of a model is that, those who labor must gain. Ownership and creation of means of production is entirely left to the system. In this type the resource allocation is dictated by the market price. If an individual cannot afford it, then they cannot access the service or the product. Hence it is like a form of a system that favors those who can fit. Though it has the capacity to make economies grow fast and large, it is normally a case of survival for those who are fit (Harrison, 2002).            Contrasting that with a command economy, this type of a system has its factors of production controlled by the government. Therefore, planning is undertaken by the central government making it a planned economy. In this kind of an economy there are directives, rules, and laws to be followed. The bench mark is against a set target by the government. Governments that use this system do come up with a central plan upon which they base in order to allocate resources. Hence there is always a priority factor in resource allocation. To effectively allocate resources, the government simply identifies priority areas on which to allocate more resources than the non-priority areas. In command economies, there is a very efficient capacity to bring resources together. As such certain segments achieve much than others. A lot of one thing is normally produced and less of the other. This economy can utilize itself to come up with mega projects and spur innovation in areas that the government wants (Harrison, 2002).            In the real world though, many economies find it easier to utilize the capabilities of free enterprise and command economy to allocate resources. This creates a scenario of a mixed economy. Hence this mix brings in both the markets and government as the custodians of resource allocation. While markets depend much on living choices of the people, the government tries and force allocations. This happens through the use of taxes and regulations. Both the institutions utilize synergy and hence co exists between each other when it comes to resources allocation. There are instances where in a mixed economy; the markets are more dominant in resource allocation than the government and vice versa in other economies. Hence the mixed economy will tend to try and achieve equity while promoting economic growth at the same time. It is bringing the characteristics of both markets together to achieve positive efficiency in resource allocation (Nee, 1992).            An economy can find itself in need of shifting from a command system to a free market system. In such a scenario the economy finds itself in a unique situation of transition. Hence it gets involved in a transitional economy. Transition is changing from one form to another. Transitional economy, changes from command to free market hence initializing a form of liberalization in an economy. Hence it attempts to allow markets to allocate resources thorough pricing and the government lays back. In this type of an economy resources allocation change drastically, there is an element of government control, but an effort to support free market. Hence it is characterized by dropping of trade barriers and privatizations. It falls close to a mixed economy but outside the maturity of a mixed economy. Hence in this economy the government still dominates in resource allocation and direction. It is a work in progress format of a system (Lavigne, 2002).            Apart from the free markets system and command market existing, these economies can harbor other subsystems such as private finance initiatives or public private partnerships. These are entities whereby the public uses private sector to offer a certain service over a certain period under concessionary terms. Under this system this partnership utilizes resources by making a case for fair cost and transfer of risks to another party. This system effectively utilizes resources by spreading risks and looking for quality service that is offered by the government. Hence the government will take care of funds and the private sector takes care of the rest. In other instances the private solely finances the projects. This partnerships frees some resources to be utilized somewhere else, achieving resource efficiency (Buyya, 2002).            In conclusion all the types of economies have the capacity to effectively allocate resources. But the most efficient economy does not utilize one form of economic system. The best economies are those which utilize all the discussed economic systems above, apart from the transitional economy which is solely for countries that are shifting. References Harrison, M. (2002). Coercion, compliance, and the collapse of the Soviet command economy. The Economic History Review, 55(3), 397-433. Lavigne, M. (1995). The economics of transition: from socialist economy to market economy. London: Macmillan. Nee, V. (1992). Organizational dynamics of market transition: hybrid forms, property rights, and mixed economy in China. Administrative science quarterly, 37(1).Buyya, R., Abramson, D., Giddy, J., &Stockinger, H. (2002). Economic models for resource management and scheduling in grid computing. Concurrency and computation: practice and experience, 14(13†15), 1507-1542. Source document

Confedrates in the attic

Tony Horwitz in the book, â€Å"Confederates in the Attic: Dispatches of an Unfinished Civil War† travels throughout the south following the path of the Civil War he meets many people interesting and different people and visits the cities and towns along the path of the Civil War there are many themes throughout the book, but the two I found most important were Reality, and The Life of a Solider. The reason I choose these as my most important topics are because I feel it is necessary to understand the reality of the Civil War and to do that understanding the life of a solider is necessary.During Horwitz' travels one of the first things he learns is that the reenactments are not as easy and fun as he had expected, however there are people who have the same love as Horwitz but do not take Reenactment's as seriously, â€Å"We try to be authentic, but no one wants to eat rancid bacon and lie in the mud all night. This is a hobby, not a religion† (Horwitz 130). The life of a soldier in the 1860's was difficult and for the thousands of young Americans who left home it was an experience none of them would ever forget.The average reinactor was male thirty-four, and did this for fun, so magine how harsh it was for an eighteen year-old drafted solider to leave home and eat rancid bacon and lie in the mud all night. â€Å"Soldiers would carry their cards, dice, writing utensils, letters, and other necessary goods for passing time in their haversacks. Soldier often had to carry these supplies as well as several other things that they needed with them at all times. The types and amounts of supplies available to these soldiers depended on the resources of their armies. â€Å"( Capman and Jankoviak 9).Here the textbooks goal is to make students aware of what the reality of a solider as carrying the personal with them twenty-four/seven. Racial Tensions in the civil war Throughout the Civil War racial tensions grew exponentially, this was not a very good thing f or African American soldiers either fighting with the north or being forced to fght with the south. Getting a Haircut in the army â€Å"The Union and Confederate armies were haphazardly raised, badly organized, poorly trained, inadequately fed, clothed and housed, and almost wholly without comforts, sports, entertainments or proper medical care†(Commerger 1).Im one of ommerger's articles he writes about getting a haircut during the Civil War something that seams so normal to any of us but at camp Cameron there was only one person who knew how to cut hair, one time a man came running through the camp screaming,† The Yankees are coming! † and right there in the middel of his haircut they picked up their weapons and marched into War. How The Civil War Soldiers Marched No hardships were harder than the marching The roads were dusty in the summerand muddy in the winter; the soldiers were dressed in heavy wool, loaded own with fifty or sixty pounds of equipment, often w ithout food for most of the day.It is no wonder that straggling was almost universal, or that thousands of men fell out of line and got lost. It is difficult to know whether the Confederate or the Federal soldiers suffered most from marching. More Confederates than Federals were country bred, and theretore more accustomed to cross-country hiking; on the other hand the Confederacy was low on shoes, and there are any number of stories of Southern soldiers marching barefoot, even in the winter months.

Planning for Management Information System

The biggest challenge and most critical success factor in reengineering projects are persuading the people within the organization to cooperate. When you begin to computerize a legacy system considers the advantages; reduced clerical cost, quicker processing time and improved customer service. Everyone knows that the computer capabilities alone make life a lot easier for all managers. The advantage of time and accuracy spread over the lifespan of the information system means improved long-term vision and focus for top, middle and lower managers. A management information system (MIS) focus is on information that management needs to prepare its job. This task becomes much more difficult when the major players have a tradition of high independence, are often confrontational to management, and are irreplaceable independent contractors. CIO's in major business organizations face exactly this situation; further complicated by the fact that the reengineering effort is crucial to the continued existence of the organization. Such discussion has driven the software industry to focus attention on software specifically designed to support the team approach essential to most service and customer oriented organizations. The importance of teamwork can not be over emphasize in achieving overall organizational goals, and the need to capture and manage an organization's knowledge base remain crucial. This teamwork enables the organization to achieve and sustain competitive advantage in their business. In considering the framework for an information system (IS) each level operational, tactical and strategic planning requires different IS. At the operational planning system, the IS collect, validate and record transactional data relating to acquisition or disbursement of resources. The data for account receivable and payables, payrolls, inventory level, shipping data, printed invoice and cash receipts recorded as they occur. The operational-level IS characteristic are repetitive, predictable, emphasizes the past and detailed in nature just to name a few. The focus of the operational system is the daily tasks performed at the user level. The operational level manager uses this data to check every day tasks, i. e. ordering, shipping, inventory control, the essence of the business processes. The second level in the framework is the tactical system. This system provide middle-level managers with information to monitor and control operation while allocating their resources efficiently. The data is summarized, aggregated, or analyzed with a wide range of reports, i. e. , summary, exception and ah hoc reports. The tactical information system differs from operational information system in the basic purpose: operational support the execution of tasks and a tactical information system supports a manager control over those tasks under their area of supervision as well as the allocation of resources to meet the company objectives set by top management. The data input and the information produced as outputs differ from the type of data involved, tactical characteristics are periodic in nature, with unexpected findings, comparative in nature with both internal and external sources. The tactical information system purpose and the regularity of report produced within the information system are drastically different from an operational system. The third level in the framework is strategic planning, designed to provide top managers with information that assist them in making long-range planning decisions for the business. The different in strategic and tactical are not always clear, because both types of information systems may use some of the same data, you might say that the systems sometimes overlap with the difference being in the data that the system uses. Typically, top management uses strategic planning system to forecast long-range company objectives. The characteristics are ah hoc basis, unstructured format, external source, and subjectivity, summary and predictive in nature. A MIS provides information for effective planning and tactical decision making, which is the foundation of operational level data system. A tactical planning system provides middle-level management with the ability to monitor and control resources. The tactical information system does not support the execution of operational tasks, but allow managers visibility over the operation. Information systems are costly, to deploy and maintain, yet the maximization of economic value of IS in the long-run balance out over the initial set-up cost. The right software products enable teams of people to integrate their knowledge, work processes and applications to achieve improved business effectiveness. It has been suggested that the implementation of such technologies is more difficult and yields more unintended consequences than is typically acknowledged. First, how such technologies are used reflect the effects. Second, how these technologies are likely used when alternative tools co-exist, meaning predictability is difficult from technological characteristics. Third, because people use groupware with other people, one person's choices about how to use groupware may have consequences for other group members, user satisfaction. The measurement for an effective MIS must be the users; usage and satisfaction have a strong correlation. Obvious, the effectiveness of MIS depends upon the use of the system and if the employees accept it. The information system department, managers and users together make the MIS process successful. The managers implement the MIS, their behavior and motivation play an important part in the variables for the system to be effective. Each designed MIS produce information for decision making throughout the organization. Let†s examine several case studies with the implementation of MIS as seen in three distinct companies, an insurance company, a food marketing company and a social service agency. The insurance company normal routine consisted of tons of policy paperwork generated daily to accomplish the company objectives. The company started on line systems supporting policy screening, creation and issuance in the 70†³s. An employee could key in new application information at his or her computer terminal, after the compilation of information an underwriter can evaluate the insurability of potential customers. After the approval process, the information system produces a policy data sheet. This business process makes it possible to handle inquiries from individual policyholders and sales agents seeking personal data information about policyholders. The home office linked to all locations of their sales agencies allowing sales agents to inquire on-line about policies with the capability to edit application information at their site. The home office can still update policies as well. Yes, this service provides the agencies with a competitive advantage in product marketing and customer service. The home office outsourced and purchased software that enable the sales agents to analyze alternative companies† product and service options, resulting in winning the customers† loyalty and a quicker sales. The company continues to grasp the future for innovations and anticipating their customers† needs in the future. This approach along ensures valuable information for the senior-level management to plan as well as reduce overhead cost with improved productivity and better decision-making ability. Next, let look at the food industry and view how information system improved their process. The MIS geared toward physical distribution at the operational level, where update orders and invoices sent to the distribution centers and the system updates the account receivable and associate system files. The system prints invoices at the origin and destination location, resulting in reduced cost and faster payments equal more cash flow. The food company produced numerous reports that enabled the managers to conduct on-line credit checks from their account receivable status report, and identify delinquent accounts, before shipping the merchandise to the distribution centers. The customer services personnel have immediate access to open account allowing for immediate visibility and response to customer inquiries about deliveries and shipments, similarly cash payments received automatically applied to customers† on-line account. Let us not forget to look at the marketing advantages with MIS as well. Sales analysis reports reflect the customers† history product information file; this data generates report by product line in each territory each month for middle-level managers to forecast demands for any specific product item. Normally, this begs the question about production and if the company can continue to support the demands of the customers. At this junction, the IS gives managers additional insight about demand and the need to forecast for future buys. The company established a bill-of-material file, which computerized the ingredients for each product line and created batch size for all products. This process minimized the work process and improved the manufacturing ordering process for each customer batch orders. The product specification file served as the database of reference information enabling the manager the ability to print text on all purchase orders. The text file produced a finished goods inventory, which is transferred to the branch warehouse stockroom in various locations; this information is based on sales analysis report (demand). In the finance and administration department, the updated account receivables correlates with customers' billing and cash receipts. A monthly exception report generated from the aged balances spits out a collection letter automatically to the respective recipients at specified intervals. The MIS enabled the food marketing company to process orders more timely, manage inventories more efficiently and organize their production section. Bottom line cost savings of MIS results in more revenue and a better customer relationship and senior-level managers focusing their attention on emerging trends in the market. A social service department utilizes MIS in the public sector by providing financial assistance to the residences, i. . medical assistance, food stamps, facilitate foster home and adoption, day care, school service, family planning, housing and legal services. The MIS processes new applications and payments. The applicant applies and become eligible then the system creates an on-line record for them. The system automatically prints an identification card for the payroll master file that entitles the recipient to service for which the bill goes to the social service department. An on-line inquiry and update of the applicant record are also possible. The payroll master file sorts, generates the welfare check, and lists them on the payroll register, which generates historical report for managers. In all three case studies, the information systems support transactional processing. The user involvement in each of the project selection ensures the effectiveness of the information system and its acceptability. How do you measure utilization and performance in MIS? The term utilization is the extent that the intended users use the information system (IS) for its intended purpose. The term performance measures the improvement of the business process that supports the IS implementation. These measurements observed through business records, visual or electronic inspections and take the personal opinions and attitudes out of the decision-making loop. The multiple variables sometimes are difficult to identify, but the IS department must be impartial if the true value is realized of a successful IS project. A successful IS project can be measure best with psychometric tests of attitude, interests, and opinions such as user information satisfaction in the broadest sense. The performance measures of the business determine the effectiveness of the MIS. You can see that information technology give companies a competitive edge, once an information based service enters other company either catch up or eliminate the original innovator competitive advantage thus raising the stake for those participating in the marketplace. Today, company can link its customer to its order entry system, thus improving efficiency and improve business performance. Sure, an effective information system, if efficient reduces needless paperwork and allows the customer access to available stock information before committing to the purchase of goods and services. Let not forget about effective too, the information system provide better service to its customers, for instance, i. e. the creation of electronic travel supermarket through on-line reservation system, i. e. www. priceline. com or www. Travelocity. com, which is transforming the basis of competition within this marketplace. To compete efficiently in this world, companies must establish information partnership as an integral part of successful business processes.