JAL | JAPAN AIRLINES
Csr business continuity plan (bcp).
- CSR Activities
- Actions for ISO26000 Core Subjects
- Business Continuity Plan (BCP)
In close cooperation with the competent authorities and related organizations, The JAL Group has established policies and measures against specific risks which would threaten our responsibility as a public transportation operator, and has built a system to ensure business continuity even in the event of an earthquake disaster or an outbreak of an unidentified infectious disease including pandemic influenza.
Business Continuity Plan Assuming a Large-Scale Earthquake Hits Tokyo
Our Business Continuity Plan (BCP) Assuming a Large-Scale Earthquake Hits Tokyo provides the necessary policy, system, etc. and other basic matters to continue air transportation services including reservation and information services and payments and settlements, which are important duties of JAL Group, so as to continue sound business operations and thus fulfill our responsibilities as a public transportation operator. This BCP provides concrete behavioral guidelines in terms of "mutual support" (provide mutual support between JAL Group companies and also extend cooperation to relevant government agencies and other companies appropriately) and "ethics in commercial transactions" (fulfill promises such as payments to business partners even in an emergency situation and strengthen the relationship of trust). We will review the BCP regularly to make it more practical. We have introduced a safety confirmation system in 2007 to speedily confirm the safety of all JAL Group staff and their families in the event of a large-scale disaster. To obtain safety-related information more quickly, the group-wide system was upgraded in 2014 and we improved our countermeasures. Communication exercises, etc. are conducted regularly throughout JAL Group to foster staff awareness of risk management and be prepared against unexpected situations. There have been concerns of large-scale disasters recently such as a Nankai Trough earthquake (Tokai, Tonankai, Nankai earthquakes), as well as an earthquake in Tokyo. Should a large-scale earthquake occur, we will use our know-on on emergency relief activities to the maximum. We will not only conduct relief activities through our air transportation business, such as operating extra flights to the Tohoku region and provided free transport of relief personnel and goods after the Great East Japan Earthquake, but also render support and promote exchanges with affected areas.
Business Continuity Plan Assuming Outbreaks of an Unidentified Virus Infectious Disease (UVID) including Pandemic Influenza
This BCP specifies our policy, measures and other basic matters to continue air transportation services including reservation and information services, which are important duties of JAL Group, assuming outbreaks of an UVID so as to continue sound business operations and thus fulfill our responsibilities as a public transportation operator. Should there be outbreaks of an UVID, we will basically set up a command board and respond according to the BCP, share information closely with JAL offices in the relevant country/region, and provide maximum human assistance and in-kind support in view of the seriousness and urgency of the situation in society. We have developed concrete behavior guidelines based on the fundamental policy to strive to prevent infection of customers and staff in accordance with instructions from public institutions such as WHO and related governments, etc., and minimize the customers' inconvenience as a public transportation operator. When the Ebola virus spread in West Africa in 2014, we responded according to this BCP. We coordinated with related government institutions, developed the necessary system, and added "Policy of Handling the Ebola Virus Disease (International Flights)" in our BCP. We will review our BCP basically once a year and amend it as necessary to make it more practical.
- CSR Activities Top Message JAL Group's Corporate Social Responsibility --> ISO26000 Comparison Table GRI Guideline Comparison Table Participation in the UN Global Compact Integrated Report Awards
- Coexist with the Earth Eco-First Commitment Environmental Action Program Environmental Activities Vision Environmental Initiative Cabin Shade Closed Exercise Environmental targets of the airline industry Global Warming Tropospheric Observation What is Carbon Offsetting?
- Contribute to Communities Assisting Tohoku Emergency Assistance Report Recovery Assistance Report Support for Disaster Victims Tohoku Cotton Project Volunteer Activities
- Nurturing Future Generation
Operational and Business Continuity Planning for Prolonged Airport Disruptions (2013)
Chapter: part 1 - business continuity planning at airports.
Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
P a r t 1 Business Continuity Planning at Airports
3 The likelihood that incidents will occur threatening to dis- rupt the continuity of business and operations at airports cre- ates significant risk and obliges airports to develop recovery strategies and plans. Whether these disruptive incidents are specific to an airport or the result of broader circumstances, it is the airportâs and fixed base operatorâs (FBOâs) responsibility to plan for pos- sible impact on its operations. Planning enables organizations to assure their customers, stakeholders, and regulators that they can maintain some minimal service level during disrup- tions and recover fully afterward. To minimize the impact of potential interruptions on operational continuity, airports can develop and maintain a business continuity plan. Business continuity plans equip air- ports to recover their mission-essential functions as quickly as possible after any kind of material or prolonged disruption. Recovery is particularly important in the airport envi- ronment because airportsâas part of the critical national infrastructureâplay an outsized role in connecting people, supporting commerce, sustaining communities and econo- mies, and protecting the national interest. This guidebook is a resource that airports and FBOs can use to do the following: ⢠Gain an understanding of business continuity planning ⢠Create a management structure to sponsor and support the process ⢠Name a team to develop a plan ⢠Institute a process to create business continuity awareness and a preparedness culture throughout their organizations This guidebook was written and designed to function seam- lessly with the accompanying CRP-CD-140: Airport Busi- ness Continuity Planning Software Tool, which is bound into this book or which can be burned onto a CD-ROM from an ISO image located at www.trb.org/Main/Blurbs/169246. aspx. The tool is a detailed interactive survey that enables users to create a basic, customized business continuity plan quickly by answering a series of detailed questions about their operations. Definition of Business Continuity Planning Business continuity planning (BCP) is the process of devel- oping a roadmap for continuing operations under adverse con- ditions and during disruptions caused by all types of incidents, emergencies, and crises. BCP is a process or methodology that documents how business is conducted during a disruption and how essential functions, processes, and resources are opti- mally recovered and restored after a disruption. BCP focuses on recovering data, information, operations, and processes in every essential organizational function. It is a holistic process that should be applied across the business and operations foot- print of the entire entity. Airports and FBOs that have achieved a state of business continuity are those that have rigorously embraced the BCP process, developed a âlivingâ business continuity plan, adopted a business continuity mindset and discipline throughout the enterprise, and regularly exercise and update their plans. What Business Continuity Planning Is Not BCP is quite distinct from other emergency-related pro- grams and processes in the airport environment, although other processes may be tangentially related to business conti- nuity. The distinctions among these other processes and their relationships with BCP are described below. Emergency Management Emergency management is the process of preventing con- trollable incidents that threaten life, property, and physical Overview of Business Continuity Planning at Airports
4assets; mitigating the impact of incidents that actually occur; responding to these incidents; and physically recovering from them. Emergency management is incident-specific and deals with all types of risks, hazards, and emergencies, both natu- ral and man-made. It includes incident action plans (IAPs), which are incident-specific strategies for dealing with each unique emergency situation. Business and operational disruptions to airport operations may well be caused by emergency incidents. Unlike emer- gency management, however, BCP is not concerned with the type of incident or emergency that causes disruptions or with the likelihood of its occurrence. The focus of BCP is on the impact of such an emergency incident on the continuity and resilience of the essential functions and processes that are regular, routine airport operations. The kinds of resources used to respond to emergencies are very different than those used to recover business operations. Information Technology Disaster Recovery The information technology (IT) departmentâs Disaster Recovery (DR) plan addresses how technology infrastruc- ture, applications, and resources will be optimally recov- ered after disruption and in what order these elements will be restored to support the business requirements of the organization. The IT DR plan is a component part of a comprehensive BCP process. Optimally, DR plans are aligned with the busi- ness continuity plan through the business impact analysis (BIA). This analysis assigns relative recovery priority to all business and operational functions, and, in turn, the BIA defines the demand for the recovery of IT support for the most critical functions. The BIA ranks the priority of busi- ness functions for IT resources through two measuresâthe tolerance each function has for loss of data and the amount of time these functions can be unavailable to the airport before there is material negative impact to their mission and to the airport. Crisis Management Crisis management consists of methods used to respond to both the reality and perception of a crisis, the estab- lishment of metrics to define which scenarios constitute a crisis and should therefore trigger the necessary response mechanisms, and the communications that occur within the response phase of emergency management scenarios and persist afterward. Crisis management is the strategic overlay to how airport organizations think about and deal with critical incidents that can affect elements like operations, regulatory assurances, financial performance, reputation, and legal circumstances. BCP plays a role as a component of the crisis management strategy, specifically supporting both the resilience of essen- tial functions during those crises that cause disruptions and the recovery of these functions after the crisis passes. Irregular Operations Irregular operations (IROPS) are events that disrupt nor- mal flight schedules, causing problems for airports, airlines, and passengers. IROPS are usually caused by extreme weather conditions or mechanical issues and can vary widely among airports. Negative impacts can include tarmac delays, passen- ger surges in terminals, and extended stays in airports. Creat- ing a comprehensive contingency plan helps airports comply with related government regulations and improve overall customer service during IROPS events. BCP addresses how to recover and restore normal airport operations after a material disruption of any kind. âNormal operationsâ refers to how the airport routinely runs its myr- iad functions and activities when the operating environment is stable. IROPS, on the other hand, encompass airportsâ con- tingency plans during abnormal circumstances in the aviation system and with air carriers that impact passengers at the air- port. IROPS are operations during times when the systemic air traffic environment is fundamentally in chaos. ACRP Report 65: Guidebook for Airport Irregular Operations (IROPS) Contingency Planning is available to assist airports in developing, continually evaluating, and updating contin- gency plans and procedures during IROPS periods that may cause significant disruptions to the traveling public. Disaster Operations Groups Disaster operations groups (DOGs) are regional airport- to-airport voluntary mutual aid compacts that offer opera- tional assistance during large-scale disasters. These groups offer effective âairport-centricâ response during disasters, including specific relief and operational, technical, and logis- tic support. A typical DOG response could include the coop- erative provision of services such as the following: ⢠Liaison ⢠Needs assessment ⢠Skilled personnel ⢠Relief services ⢠Specialized equipment ⢠Basics (food, water, personal needs, fuel trucks, and jet fuel) ⢠Airfield equipment (regulators, generators, lighting, and signage) ⢠Public safety items such as law-enforcement officers (LEOs) and aircraft rescue and firefighting (ARFF) personnel and equipment
5 ⢠Assessment and advisory teams ⢠Shared emergency operations center (EOC) facilities to coordinate relief efforts DOGs, such as Southeast Airports Disaster Operations Group (SEADOG) and Western Airports Disaster Operations Group (WESTDOG), are essentially emergency management cooperatives that recognize that airports may be the entities best equipped to help other airports respond to large-scale regional crises such as hurricanes. DOGs can play an impor- tant business continuity role because they provide potential alternative resources to support operational continuity for some airport activities until the affected airport can recover its own capacity. Business Continuity Planningâ A Strategic Priority for Airports Critical National Infrastructure Airports are a key part of the critical national infrastruc- ture in the United States. Airports efficiently move people and cargo, support commercial activity and economic develop- ment, enable response to emergencies and crises in a timely way, and provide infrastructure that helps protect the coun- try. They provide the vital commercial and general aviation backbone connecting communities and people across the nationâs span of urban, rural, and remote localities. It is in the national interest that members of the critical air transportation sector develop a sustainable internal capacity for operational resilience. Ensuring the continuity of airport operations is importantânot just at large and medium hubs and cargo airports, but also at non-hub, reliever, commercial service, and general aviation airports. It is also important to ensure continuity of operations for the companies that are FBOs and specialized aviation service operators (SASOs) at airports. Because each of the thousands of public and private avia- tion entities serves as a vital element in the lives and live- lihoods of Americans everywhere, the extended or prolonged loss or disruption of function and capacity at any facility poses a significant community, regional, or national threat. The U.S. economy and way of life depend on a vital and uninterrupted aviation sector, and airports are critical to that imperative. Good Business Practice Good Strategy That BCP is strategically important as a good business practice and as a risk management imperative, is perhaps the best reason to initiate BCP at airports. As federally cer- tificated transportation and commercial centers serving and supporting local and regional economies for the public good, airportsâ strategic business plans should include the capacity and capability to provide continuous operations in the service of their stakeholders. Risk Management Business continuity is a natural adjunct to airport enterprise risk management (ERM) and insurance programs because it documents risk mitigation efforts that the airport has adopted and assures underwriters that tangible contingency planning is in place. BCP can help organizations quantify the economic cost of business interruptions so that they can understand, document, and plan for the impact in terms of lost revenue, contractual or regulatory penalties, or contingent cost impli- cations. Airports are organizations that may be exposed to enhanced operational continuity risk because many of their operating assets are concentrated in a single physical location with severely limited or non-existent aeronautical relocation options. Contractual Obligations BCP may also help airports meet service level agreements (SLAs) with and contractual obligations to their business part- ners and maintain compliance with loan or funding covenants. Airline tenants may require the development of a business con- tinuity plan by the airport as a condition to (or prerequisite for) locating or continuing flight operations at that airport. Because airports depend on complex âsupply chainsââsymbiotic net- works of vendors, contractors, tenants, and concessionsâfor their mission-critical services, resources, and capacity, they may encourage airlines to coordinate their own contingency plans with those of the airport. Airports should establish BCP programs to address the operational resilience of each of their partners in order to mitigate single points of failure in their integrated networks and help these partners meet their own continuity objectives. Compliance Regulation and Oversight Airports must comply with numerous federal, state, and local regulations; directives; rules; and oversight. These may directly or indirectly obligate airports to implement BCP. Many states have statutes requiring that departments, agen- cies, and other arms of government comply with continuity of operations planning (COOP) directives for operational resilience and sustainability (e.g., the capacity to recover after disruptions and remain operational). To the extent that
6airports are considered government organizations, govern- ment COOP directives may require BCP at airports in their jurisdictions. Indirectly, compliance with specific FAA certifi- cation requirements (such as maintaining ARFF index levels) may be enhanced with BCP. Industry Standards Whether airports develop business continuity plans for business reasons or to comply with governmental mandates, there is a body of business continuity standards that has been developed and widely adopted to define recommended pro- cess and practice. Government COOP mandates usually refer- ence these standards. A voluntary BCP compliance program of the U.S. Department of Homeland Security aligns with these standards. Many business continuity âleading practicesâ are consistent with them. These business continuity standards are further detailed in Appendix A. Liability Management BCP may be adopted at airports as a mechanism to sup- port organizationsâ efforts to limit their (or the airport operatorâs or governmental jurisdictionâs) exposure to liabil- ity for claims, lawsuits, and contractual penalties related to operational losses. Why Business Continuity Planning Has Been Poorly Embracedâ Findings from the Research The research that preceded the development of this guide- book and software tool amplified the original premise behind ACRP Project 03-18: that relatively few American airports have adopted BCP and that they need a better understand- ing of BCP as well as a basic roadmap and tool to help them implement it. The research confirmed that although some airports have implemented various levels of BCP, a majority of them have not made BCP a critical priority. The research concluded that airports need a process, along with supporting information, to equip them to address busi- ness continuity with the same rigor and expertise that they address emergency management. The key findings of the research are summarized below. Business Continuity Planning Not a Strategic or Business Priority at Most Airports A minority of airports have included comprehensive BCP in their strategic business plans or supported BCP from the top of the organization by establishing a steering committee to oversee it. Few have formally named a person who is quali- fied to lead a business continuity effort. Those that have made some progress in BCP may have instituted the process at a non-strategic level of their organizations. For some, responsi- bility for BCP may reside in City Hall, the county office build- ing, or with the airport operator. Until someone of rank and authority publicly prioritizes and endorses BCP, it is unlikely to be embraced or to compete effectively for scarce airport resources. Minimal Awareness of Business Continuity and Inconsistent Operational Understanding The U.S. airport industry is largely unaware of BCP, and the discipline is generally misunderstood. There is a pau- city of reliable sources of information in the industry about BCP and no apparent or dedicated provider of training or best practices on the topic. The top aviation schools do not address BCP in their textbooks, curricula, or classrooms, so young airport executives arrive at their first jobs with no grounding in the process. Until the inception of ACRP Project 03-18, BCP had not been a topic, track, or item pre- sented from the podium at industry conferences or work- shops, and BCP is rarely addressed in industry publications or resource lists. BCP is not widely practiced at airports, so most airport employees do not get exposure to the topic on the job. There is very little in the available press or online that addresses business continuity within an airport context. Because BCP is uncommon in the airport sector, even a small step forward will represent significant progress for airports. Emergency Management versus Business Continuity Planning One core reason for the lack of understanding of BCP is wide- spread confusion about the terms âemergency managementâ and âbusiness continuity.â Airports are very good at emergency management because they are âgeneticallyâ focused on emer- gencies, accidents, and safety and are extremely resourceful and competent at preventing, preparing for, mitigating, and recov- ering from emergencies. Airports are also good at emergency response because they have sufficient management, staffing, training, funding, regulatory impetus, emergency supplies and equipment, federal assistance, and memoranda of understand- ing (MOUs) for regional collaboration through local emer- gency services and DOGs. Airports have benefitted from no regulatory basis, funding, and support for business continuity activities.
7 Challenges of Business Continuity Planning in the Complex Airport Operating Environment Airports are host to a unique mix of critical and support- ing activities, roles, and responsibilities spread across multiple entities at fixed locations. Key functions are managed by airport staff, commercial contractors, tenants, FBOs and SASOs, or by airport operator personnel (e.g., city or county employees). Creating a business continuity plan that takes into account a broad assortment of independent or quasi-independent pub- lic, private, or government entities makes the BCP process more challenging than it would be if all airport functions were controlled centrally. Because most airports are operations-centric entities with staffing and resource constraints, their institutional knowl- edge often rests in the hands (and heads) of a single manager, a small group of executives, or highly specialized personnel. Because this knowledge may be undocumented, when there is a âsuccession situationââsuch as dismissal, relocation, death, retirement, or sicknessâsingle points of failure may exist at many airports, increasing the risk of failure during prolonged disruptions. While essential functions at some airports may be supported by recovery strategies that are well understood, documented, and exercised by their staffs, many airports have no formally written and rehearsed plan. Responsibility for business continuity management, like other airport func- tions, may reside with the airport operator, adding another layer of complexity to the challenge. Business Partner Interest in Airport Business Continuity Plans Airports are co-dependent with a number of stakeholders with whom they maintain symbiotic relationships. Airlines, as the single most important operating tenants at airports, main- tain corporate business continuity plans. Yet, as carriers who are dependent upon efficient airport recovery, airlines need to understand what they can expect when the host airport acti- vates its recovery plan. Similarly, all other commercial tenants, FBOs, and con- cessions need to develop and maintain their own business continuity plans and align them with the airportâs recov- ery plan. The general aviation community is enthusiastic about airports having a commitment to operational recov- ery because private and business aviation fundamentally depend on continuity of available airport services, assets, and facilities. Airport BCP and exercises should involve tenants, FBOs, concessionaires, and general aviation interests appropriately. Some of them (corporate flight departments and recreational pilots, for example) have both choice and mobility; they can relocate their activities to alternative airports that have better plans for operational resiliency. No Federal Mandate for Airport Business Continuity One of the reasons why BCP is not a core practice at airports (notwithstanding the standards and federal guidance summa- rized in Appendix A) is that no federal mandate specifically requires airports to develop a business continuity plan. No grant specifically funds airport BCP. Having a business conti- nuity plan is neither an official obligation in consideration of grant assurances nor is it funded by any aviation program at the federal level. While the absence of a mandate should not be a reason for any airport to delay the development of a plan, this absence undermines the industryâs understanding and embrace of BCP. Challenges to Developing Airport Business Continuity Plans Although the unique operating environment at airports and the broad mix of airport types, sizes, and missions makes widespread adoption of BCP somewhat more challenging, it also renders the results more beneficial. The complex inter- play of aeronautical, non-aeronautical, commercial, non- commercial, government, military, and support activities provided by numerous independent entities makes coordi- nating recovery planning important. Because contractors, commercial tenants, federal agencies, and FBOs often perform essential functions instead of airport employees, authority and control are dissipated and divided among these contractually connected organizations. The multi-organizational structure at airports makes BCP more complex because the chain of command is indirect, and plans must rely heavily on the operational continuity planning of each distinct entity. The lines of demarcation that separate operational responsibilities among these various entities can blur, varying greatly from airport to airport. This level of complexity makes the BCP process at airports understandably challenging because so many core functions are out of airportsâ control. The tools available to airports to ensure that a disparate group of interdependent stakehold- ers optimally coordinate business and operational recovery may be limited to contractual provisions with commercial partners, MOUs with governmental entities, or simply strong administrative coordination. The complexities that make BCP a challenge for airports are closely related to the roles each constituent plays and its vested interest at the airport, including ownership, commercial tenants, government agen- cies operating at airports, and FBOs and SASOs.
8Ownership The ownership dynamics of U.S. airports contribute to the business continuity challenge because, for publicly owned air- ports, responsibility for numerous business functions may lie with departments at City Hall, the county office building, or the airport operator such as a port authority or even the state. In these cases, airport business departments in areas such as finance and administration (F&A), human resources (HR), or payroll may actually be extensions of the larger city or county departments. If airport employees are formally con- sidered employees of the municipality, for example, then the airportâs payroll, labor relations, or HR function may be actu- ally housed and performed at City Hall, not at the airport. Likewise, grants, funding, government relations, bond issues, and many other essential airport activities may be coordi- nated jurisdictionally, with the airport as the beneficiary, but with operations centrally coordinated or controlled. The implications for BCP include extending the manage- ment commitment process, assessment, planning process, and training and exercises beyond the boundaries of the air- port to each of those core functions that are managed by the airport operator or a governmental department or agency, wherever it may be physically located. This adds a level of complexity and demands inclusion, coordination, and inte- gration for two reasons. First, the city or county COOP needs to be considered during the airportâs BCP process to understand the extent to which it defines and documents what the airport can expect for departmental recovery priorities and resources for those externally managed and located functions. Second, the airport plan must take into account those externalities to which its recovery planning is exposed because many city or county (i.e., non-airport-related) disruptions can partially or fully bring operations in these offsite business departments to a halt. These non-airport disruptions can still impact airport operational continuity because of the airportâs dependence on those department functions that are essen- tially outsourced. Commercial Tenants Just as some essential airport business functions may rest with local government, many airport operating functions are controlled under contract, commercial lease, or land lease by tenants. Commercial flight operations are the responsibility of airlines; general aviation operations are run by the FBO; fueling services may be provided by an FBO or into-plane fueling agent; parking may be the responsibility of a parking contractor; rental car service is the province of the national car rental companies; and public safety may be outsourced to a private security contractor. While airports likely maintain strong and cooperative rela- tionships with private operational contractors and commercial lessees, the airportâs influence on the BCP practices of these companies may be limited practically to contractual leasehold provisions that require that these outside firms adopt and maintain their own business continuity plan. Large, well-funded, national companies such as commer- cial airlines, car rental companies, and hotels probably prac- tice BCP at the corporate level. The question for the airport is whether those plans have recovery systems and processes in place for airport-specific operations (e.g., âwhat is Acme Parkingâs plan for operational recovery at my airport?â). Those essential airport operating functions that are contractu- ally controlled through commercial relationships present the challenge of how to ensure an orderly recovery of functions that the airport itself does not directly control. Contractors that may not have any plan for recovering their operations at the airport present airports with an even more serious problem; the airport business continuity plan may be unable to address critical third-party functions that must be recovered in order for the larger airport to function smoothly. Consequently, airport business continuity planners need to inform the process through inquiries into the local recov- ery capacity and plans of its essential commercial tenants and contractors. The airport BCP team should be in close con- tact with its counterparts at hotels and car rental companies, among others, so that, ideally, the airportâs plan can be inte- grated with the business continuity plans and recovery goals of their partners and expectations are as cohesive as possible. If the airport decides to add a BCP provision or require- ment to its commercial leases and agreements, such a con- tractual requirement should be applied fairly and equally across all similar types of agreements and leases in order to maintain compliance with FAA requirements. Government Agencies Operating at Airports Several mission-critical airport functions are the responsi- bility of independent federal agencies that are not part of the airport organizational or management structure. At many air- ports, the FAA is responsible for some aeronautical operations, air traffic control (ATC) activities, navigation aids (NAVAIDS), and related inspections and certifications in areas like ARFF operations. To minimize flight safety risk, the TSA screens all passengers, baggage, and cargo, coordinating enforcement activities with the airportâs public safety department. The U.S. Customs and Border Protection Agency (CBP) and the Immigration and Customs Enforcement Agency (ICE) clear inbound passengers from international flights, inspect their declarations for prohibited materials, and enforce immigra- tion laws. In some airports, the U.S. Department of Agricul-
9 ture (USDA) screens and isolates potentially harmful organic and agricultural substances to protect the U.S. food chain and public health. The airport does not control the functions these agencies provide. However, without the recovery of FAA, TSA, CBP, ICE, and USDA functions after disruptions, aviation operations are impossible: departing passengers cannot board, arriving inter- national passengers cannot legally enter the United States, and harmful substances and dangerous people may not be detected and their entry interdicted. Downtime or partial or complete loss of any of these essential airport functions can massively impact airports and their tenants. The result could be an esca- lating crisisâthousands of stranded passengers who require food, restroom facilities, and access to medical facilities, sleep- ing quarters, and transportation; massive flight delays and can- cellations with far-reaching impact on airlinesâ flight networks; or flight and passenger diversions to alternative international arrival airports. While airports have no direct responsibility for the opera- tional processes of the key federal agencies operating in an airport, each agency relies on airport-provided space, infra- structure, utilities, and access in order to perform its activities there. Hence, the airportâs business continuity plan must pro- vide for the recovery of any supporting services and infrastruc- ture the airport provides federal agencies, and it must take into consideration their airport-specific operational contin- gency plans. Fixed Base Operators and Specialized Aviation Services Operators At most airports, FBOs (and sometimes SASOs) single- handedly manage complex responsibilities such as general aviation operations, aircraft maintenance, or the fueling func- tion. The entirety of operations and management at some smaller airports may be handled by an FBO managed under contract with the municipal or county airport operator; this places extraordinary responsibility for essential airport func- tions in the hands of private-sector companies. FBOs and SASOs should implement and exercise a site- specific, scope-specific recovery planning process for each fixed base operation they provide at airports. Functional business and operational recovery after disruptions may âlook differentâ at each unique airport where FBOs and SASOs operate, with widely varying priorities and considerations based on each air- portâs mission, strategy, resources, and recovery capacity. Overcoming Challenges and Inertia in Business Continuity Planning Airport operators and management have a duty of care to all their constituents to run the airport soundly, as a local or regional resource upon which thousands and sometimes hundreds of thousands of people and organizations depend for their livelihoods, mobility, and recreation. Airports are an important element of the public goodâmacrocosms of economic, social, and government activity. Their operational continuity is invaluable to their owners, tenants, contractors, and customers. If the airport breaches public trust by failing to implement a BCP process for expedited recovery after disrup- tions, it introduces unacceptable risk to the common good. Hurricanes Katrina and Sandy, the 9/11 attack, rolling regional black-outs, floods and tsunamis in Asia, transit strikes, data center and network crashes, and other catastro- phes have taught an important lesson. Disruptive incidents and emergencies happen to all economic entities with seem- ingly increased regularity, severity, and negative impact. The collective appreciation for enhanced risk management, in turn, obligates airports to take concrete steps to ensure that their constituents can always rely on the operational resil- ience of the airport. To be able to deliver credibly on that implicit promise, airports should embrace accepted practices for operational continuity planning as one of the rational and effective management disciplines available to them. Airports should embrace BCP because it is a wise busi- ness practice. They should adopt BCP to comply with related standards. They should implement BCP as a fundamental risk management practice and rely on it to reduce liability exposure. With so many disruptive incidents in the relatively recent past, choosing not to embrace resilience planning for reasonably predictable business and operational disruptions introduces unnecessary risk and causes unnecessary harm. At the very least, such willful ignorance may amount to operator and managerial incompetence. At its worst, it may rise to the level of negligence and failure. This guidebook and accompanying software tool can be the catalyst that helps introduce U.S. airports to BCP and helps them start the process in earnest.
10 Preliminary Steps in Business Continuity Planning Creating a Risk Profile Scenario Planning Scenario planning is the process of identifying the range of specific threats that an airport faces based on its mis- sion, ownership, geographic location, operating environment, and many other factors that define the airportâs risk profile and the types of disruptive incidents that the airport might encounter. Walking through the most pressing and likely cri- sis scenarios as part of a disciplined organizational process can help airport management better understand how disrup- tive incidents might be triggered or develop and how their impact might negatively affect essential operating and busi- ness functions. It is the impact of disruptions on essential processes and functions that is important to the business continuity process rather than the probability of their occurrence. Assigning prob- ability or likelihood, however imprecise, is addressed during the risk assessment. Scenario planning addresses the impact of incidents regardless of their chance of occurring. Risk Assessment Airports and FBOs can also create a risk profile, which will inform the business continuity plan, by conducting a risk assessment. This assessment can be done internally or be per- formed by outside engineering, IT, or risk management con- sulting firms. It can have a broad scope (e.g., ERM) or a narrow scope (e.g., technology risk, engineering risk, or facilities risk). Most assessment methodologies use some combination of these elements: type of incident, probability of occurrence, risks to the airport, impact on the airport (e.g., life safety, facilities/physical plant/infrastructure, operational, finan- cial), and the acceleration and duration of incidents or their impact. The most helpful or productive business continuity risk assessments focus on the impact of predictable and less- predictable incidents on the core mix of resources that enable each essential airport function. These resources include staff (employees or contractors), plant and equipment (the facili- ties that staff need to perform and the tools, supplies, materi- als and vital records, and files they require), technology that enables or supports staff efforts, and other processes upon which many functions depend. Effective business continuity risk assessments consider the functional impact to these four types of resources if disrup- tive events occur, rather than attempting to predict how likely they may be to occur. For example, rather than consuming time predicting the likelihood of winter storms, or a tran- sit strike, or a power outage, business continuity risk assess- ments should address the impact of those incidents on the ability of people to get to work and do their jobs, on the avail- ability of essential tools and equipment, on the availability of space and facilities, and on the availability of processes upon which other processes depend. Because every important airport function depends upon some mix of these types of resources, it is the impact of inci- dents on the availability of these resources that should be the focus of the business continuity risk assessment. Impact assessment helps direct the business continuity plan toward preparation for the most impactful resource disruptions, which can degrade essential airport functions, activities, and processes or bring them to a halt. BCP then addresses how to mitigate impact risk with alternative ways to keep important functions operational during disruptions and recover full capacity afterwards. Developing the Scope of the Plan A combination of several factors establishes the param- eters and scope of an airport business continuity program. Each organization should consider these factors in defining and funding their BCP efforts: number of locations, num- ber and complexity of operating functions, IT DR, partner
11 network or âsupply chain,â departmental depth, and strategic business objective. Number of Locations If the business continuity plan is being driven by an airport operator responsible for more than one airport, it should include an individual plan for each airport. Airport locations might include only the airport operatorâs key terminal(s), other on-site and offsite facilities, and back-office operations. Alternatively, the plan might include non-aviation proper- ties and businesses that the airport operator may own and operate (if these are material to its mission). Plans might also be expanded to include resilience preparedness at locations operated by the contractors and third parties that perform essential airport functions as independent entities. Number and Complexity of Operating Functions The set of operating functions to be analyzed also deter- mines the scope of the business continuity plan for the air- port. Small, general aviation, commercial service, or reliever airports may have a relatively modest number of depart- ments or functions. This narrows and simplifies the plan- ning scope. Larger hubs and cargo airports are likely to have a more comprehensive mix of functional groups, implying a more complex and integrated planning process. Identify- ing these functions requires a comprehensive analysis of how the airport is organized; how it conducts its daily activities; and which departments, offices, contractors, processes, and activities compose the entire operation. Information Technology Disaster Recovery If the IT departmentâs DR plan is included in the scope of the business continuity plan, there will be added complexity in the process necessary to align the business recovery requirements of each department or function with the IT departmentâs technol- ogy recovery plan. At technology-dependent airports, reliance on supporting technology significantly impacts the recovery expectations of many business and operating functions. The business continuity and DR plans are inherently linked, or should be, as many business and operating functions depend on the technology provided and supported by the IT depart- ment. These plans are also linked by the synchronization that should take place between each departmentâs recovery point objectives (RPOs) (tolerance for loss of supporting data) and its recovery time objectives (RTOs) (tolerance for functional âdowntimeâ) and the provisions in the DR plan for recov- ering essential hardware and network infrastructure and applications. Partner Network or âSupply Chainâ Airports may extend their BCP initiative to key business partners that operate at the airport. Depending on the extent and complexity of those relationships with airlines, lessees, suppliers, FBOs, and contractors, the scope of the planning process may be commensurately broader and more complex. Departmental Depth The BCP program scope is also influenced by how deeply the process goes into departmental organizations. Business continuity plans can delve deeply into each function or depart- ment, covering multiple levels of sub-departments, and add- ing granularity to the scope of the plan. Conversely, they can take a more high-level approach. Strategic Business Objective The âend gameâ of the BCP process may be narrowâ including only a BIA, a gap analysis, or a strategy development documentâor it may be a far more comprehensive process, culminating in the documentation of a full-scale business continuity plan or an IT DR plan. The scope of BCP may be influenced by its primary goal, whether this is developing a sound operations management approach to resilience; pro- viding required sustainability documentation to regulators, airlines, or funding sources; or addressing a negative com- ment in the auditorâs report. Identifying the Stakeholders Airports are variously accountable to many types of stake- holders, according to each airportâs ownership, mission, and whether it is publicly or privately held. Other factors affecting an airportâs accountability to stakeholders are its inclusion within a governmental jurisdiction or its employment of unionized personnel. Stakeholdersâthose groups whose interests are fun- damentally affected when an airportâs routine operations are compromised and disruptedâtypically include the following: ⢠Elected officials ⢠Regulators or authorities ⢠Shareholders ⢠Employees ⢠Federal agencies ⢠Workersâ unions ⢠Trade associations ⢠Insurers or insurance brokers ⢠Customers ⢠Business partners (tenants, contractors, suppliers, FBOs, and general aviation users) ⢠The general public
12 BCP at airports should comprehensively identify critical stakeholders, appropriately communicate with them about the process, and include them when relevant. Airports should consider whether stakeholder groups should be part of the process or simply be included in the communications plan to keep them apprised of BCP at the airport. Forming a Business Continuity Planning Leadership Team A critical step in initiating the BCP process at the airport is naming the appropriate participants in the process, the BCP leadership team. Naming the BCP leadership team ideally includes identifying an executive sponsor, a project steering committee, a project manager or coordinator, business pro- cess owners, and plan administrator(s). Executive Sponsor The sponsor is typically the most senior manager who (1) coordinates the scope of the process, (2) often leads or participates as a member of the project steering committee, (3) ensures that the program has an adequate budget or fund- ing, (4) communicates to the other airport stakeholders that BCP is an organizational priority, and (5) motivates others within the organization to participate as necessary, at the executive level. BCP projects can easily fail or become meaningless exercises without strong executive sponsorship by airport management. Ideal executive sponsors might come from the arenas of inter- nal audit, F & A, compliance, risk management, or IT. Some- one in a chief-of-staff or senior operating role could also be a sponsor. Steering Committee The BCP steering committee should comprise a manage- able number of departmental leaders representing the breadth and scope of airport departments and organizations that are within the process scope. The committee oversees the BCP process and ensures the necessary internal cooperation and support and availability of resources at the functional level to meet the projectâs objectives. Assigning formal departmental roles for BCP and including participation as a metric in staff performance plans may be required to achieve the best results. Project Manager Reporting to the steering committee, the project manager coordinates the day-to-day work on the BCP program. This person may be an internal manager from the office of the airport director or another department with airport-wide knowledge and perspective, such as those suggested above and in the following section titled âAssembling the Right Expertise.â The project manager might also be a BCP expert hired from the outside on a temporary consulting or advisory basis. BCP is a complex process, so the ideal project manager will excel in cross-functional process management. Business Process Owners Staff members who have responsibility for entire depart- ments or specific functions or processes within departments are known as business process owners. They can be high-ranking staff members (e.g., the Chief Financial Officer) or lower-level staff members, such as the persons responsible for accounts payable, accounts receivable, treasury, or cash management. Plan Administrator(s) Plan administrators are staff members assigned by the steer- ing committee or project manager to coordinate business pro- cess owners in keeping the plan up to date on an established basis (i.e., annually) or as circumstances change and opera- tions evolve. Assembling the Right Expertise Departments such as internal audit, risk management, F & A, operations, or IT often spearhead BCP projects internally because these departments typically have a broad financial, technical, or functional perspective on the airportâs overall operations, which puts them in a good position to facilitate the process. Airports may additionally choose to use the planning, over- sight, guidance, or involvement of professionals who are certi- fied in the discipline of BCP by organizations like the Disaster Recovery Institute International (DRII) in the United States or the Business Continuity Institute (BCI) in Europe. Trained BCP practitioners carry designations such as Certified Busi- ness Continuity Professional (CBCP), Master Business Con- tinuity Professional (MBCP), MemberâBusiness Continuity Institute (MBCI), SpecialistâBusiness Continuity Institute (SBCI), FellowâBusiness Continuity Institute (FBCI), or CertifiedâBusiness Continuity Institute (CBCI). Airports may hire business continuity professionals as part of their staff or retain them as outside consultants. BCP special- ists can help ensure that the planning process follows industry practices and complies with relevant BCP standards. This guidebook and accompanying software tool were developed by certified BCP professionals. The tool includes a truncated, self-directed process that when completed will generate a customized business continuity plan that aligns with accepted BCP practice.
13 BCP includes a core set and general order of activities and processes, each of which is a building block of the finished plan. After taking the preliminary steps described above, air- ports and FBOs will have prepared the organizational and funding framework necessary to begin the process of devel- oping their actual plans. Conventional BCP follows a generally accepted process from conceptualization through plan development, exercis- ing, and plan maintenance (see Figure 1). Each process phase includes several steps. Project Management The BCP project management phase should start with proj- ect initiation activities and continue until the airportâs plan- ning process has been completed. A project kick-off meeting should formally initiate the process when the steering com- mittee establishes goals, objectives, and timelines; identifies roles and responsibilities; develops and finalizes a project plan; and establishes management and status reporting tools and escalation procedures. At this stage, it is important for the steering committee to define the strategic and business priorities at the airport; these will be used to establish how the airport will qualita- tively and quantitatively measure impact from the disruption and downtime of its essential functions. Without a common measure of disruption impact, the job of prioritizing recov- ery among widely disparate functions that contend for scarce resources can be extremely challenging and politically divi- sive. The steering committee typically examines the effects of disruption on the following: ⢠Loss of revenue ⢠Fines, penalties, and lawsuits ⢠Brand image ⢠Customer satisfaction and attrition ⢠Regularity impact ⢠Competitive advantage ⢠Employee morale ⢠Stakeholder confidence The steering committee should also define a recovery time- frame scale that the airport can tolerate, measured in hours, days, or weeks. For example, RTOs for the most critical func- tions might be measured in minutes or hours, while RTOs for less critical functions might be measured in days or weeks. Recovery of the least critical functions might be measured in months. A consistent scale should be applied across all busi- ness and operating functions. Establishing Planning Objectives and Assumptions Defining the Business Continuity Planning Objectives The objectives of the BCP process should be to document the organization of the recovery, individual and functional roles and responsibilities, and the associated resources required to minimize the effect of a disruption on airport operations. Additionally, the business continuity plan should detail the procedures that will be carried out by the individual functions operating at the airport in the event of a disaster that affects airport facilities. The plan should provide for testing, mainte- nance, and overall planning standards. The end result should be a plan to facilitate the recovery of critical operations, functions, and technology in a timely and organized manner and to ensure the availability of sup- porting resources, so that the organization can continue as a viable airport facility. The plan should identify the primary objectives for the recovery planning process, which may include the following: ⢠Maintaining customer service commitments ⢠Preserving the reputation of the airport The Business Continuity Planning Process
14 ⢠Maintaining financial controls ⢠Maintaining compliance/regulatory status ⢠Improving risk management ⢠Maintaining employee commitments ⢠Meeting contractual covenants Defining Planning Assumptions In order to document the recovery requirements and detailed tasks and responsibilities provided in the airportâs business continuity plan, key planning assumptions should be identi- fied and documented. Identifying planning assumptions will ensure a consistent basis for identifying the requirements for all functions to recover efficiently from a disruption at the airport. Each airport should construct its own assumptions, based on its unique circumstances. Examples of planning assumptions are the following: ⢠The disaster will affect a specific facility only, rather than the region as a whole. ⢠There will no longer be access to the airport facility, and all documents and equipment at the facility will be inacces- sible for some assumed number of weeks. ⢠Recovery or relocation resources will be unaffected by the same disaster. ⢠Qualified personnel will be available to continue operations. ⢠IT recovery plans are in place, and IT can meet the RTOs of all other airport departments. The types of operational assumptions an airport makes will define much of the scope, breadth, duration, and complexity of its plan. Assessing the Organizationâ The Business Impact Analysis Conducting the assessment, or BIA, is the foundational step that usually drives the development of the business continuity plan. The BIA generally consists of these general steps: ⢠Identify essential business functions and operations at the airportâthose core operations, processes, and functions that are critical and routine in running the airport (and FBO functions at the airport) during normal circumstances. ⢠Analyze and document how these essential functions work and what human, technology, physical, and process resources these functions require to do what they are expected to do. ⢠Determine the sensitivity of each essential function to downtime and the loss of supporting data by establishing RTOs and RPOs. ⢠Rank the relative recovery priority of each function based on the strategic and business objectives of the organization established by the steering committee. ⢠Review the results and make management adjustments, if necessary, to most accurately reflect the recovery impera- tives at the airport. Identifying Critical Business Functions An airportâs essential functions are those that are fun- damental to the core mission and operation of the airport or FBO. Some functions may be essential to most airports, such as uninterrupted power and sufficient back-up power, adequate water supplies to support ARFF functions, and pay- roll processing. The criticality of other functions, however, may differ markedly among airports. For example, winter operations will be a critical operating function in airports in Minnesota, while flood control may be essential to those in Florida and the Gulf states, where storms frequently inundate airside operations areas. Maintenance of the aeronautical operations assets of a co-located military unit at the airport may be critical to supporting its defense mission. For airports that make significant revenue from parking operations, the maintenance of parking garages and payment equipment may be deemed critical. Essential functions may exist in every department or office and may also exist within the agencies or departments of the local government or airport operator, to the extent that these functions (such as payroll or human resources) are managed there. By answering the question âHow do we do what we do to run the airport?â, the BCP project team can begin to identify what is essential in aeronautical operations, environmental compliance, governmental reporting, human resources, cargo operations, ARFF, purchasing, and every other core function that is critical for the airport to continue as a viable operating entity. Many departments may have multiple essential functions. When identifying critical functions in the BIA process, it is not uncommon for airports to recognize how essential even Project Managementâ Objectives and Assumptions Business Impact Analysis Gap Analysis and Strategy Plan Development and Integration Testing and Maintenance Figure 1. The business continuity process.
15 obscure, âminorâ functions, processes, or operations can be to their viability. Many other, more obvious, airport functions can be predicated on seemingly inconsequential processes. For example, contracting with a back-up provider of diesel fuel to run back-up generators may, during a disruption, be the function that ensures that the secondary generators are able to provide power to runway and taxiway lights. Essential functions can include operating, business, and support and infrastructure functions. Good places to start in identifying essential airport functions include the organization chart; the strategic business plan; risk management assessments; FAA or state aviation authority man- dates; and the historic record of incidents, claims, emergencies, and disruptions that have occurred at the airport. Analyzing and Documenting Functions Every important activity that takes place in every func- tion at the airport involves some mix of resourcesâhuman resources, physical plant and equipment, technology, and processes. The first step in documenting how essential func- tions at the airport operate is to create a critical resources inventory. This list describes the people that are required to operate the function or department and complete the task or manage the process. The list also describes the tools, equip- ment, supplies, facilities, space, and vital records needed to accomplish each function and the technology and automa- tion that supports the function. Creating a critical resources inventory involves dissecting every essential function into a set of sub-functions and pro- cesses, each of which is accomplished with a specific mix of resources, and documenting these through a discovery pro- cess as part of the BIA. The following questions should be asked regarding the people involved in each function and documented to help identify and describe their airport role: ⢠How many people do we need to perform this airport function? ⢠Are they airport employees, government employees, or contractors? ⢠Do they require any special training, licensing, or certifica- tions to do their jobs? ⢠Are they union members? Is there any union-specific pro- cess for replacing employees who may become unavailable? ⢠Must they possess any job-specific skills, such as language fluency, or meet strength or height thresholds in order to do their jobs? ⢠How long does it take to find replacements for them if they are absent? ⢠Do the jobs that require special knowledge include suc- cession plans, so the airportâs institutional knowledge is documented in case it loses someone? Each of these kinds of questions informs the BCP process about the appropriate mix of human resources required for every essential function. These requirements help identify the staffing needed to manage each function during disrup- tions and to recover them afterward. The responses establish a framework for thinking through what must be done to plan for and ensure that essential functions and activities can be staffed appropriately during significant operational disruptions. Regarding the processes involved in each function, the fol- lowing questions should be asked: ⢠What do the essential people in each airport function do to complete the core functions for which they are respon- sible? ⢠How do they do them? ⢠What processes have they established, and what processes do they, in turn, depend on in their roles? ⢠Can they initiate or complete a job activity if a predecessor activity or process has failed or if they lose technology or automation? ⢠Has the airport identified those predecessors for each essential function and does it understand who or what organization is responsible for providing them? Answering these questions helps define each essential func- tion and puts it into context relative to other activities at the airport or activities performed by others outside the airport. This helps document exactly what processes have to be recov- ered and sheds light on how the operations of these functions might be temporarily possible during disruptions if they have to be done without the technology upon which they normally depend. It also helps to document how interdependent many processes are and, consequently, how much contention there may be over resources during periods of disruption. Regarding plant and equipment, the following questions should be asked: ⢠What kinds of facilities or physical space does each depart- ment need in order to perform its essential functions at the airport? ⢠How many gates, hard stands, square feet, or acres of space are required? How much ramp space is required? ⢠What support or characteristics must this space have (e.g., access to special critical infrastructure, proximity to another operational area at the airport, or special security considerations)? ⢠What equipment, tools, devices, or vehicles does the depart- ment or function need to do its essential work? ⢠Are there any mission-critical supplies without which depart- ments cannot function appropriately? ⢠Does the airport store enough at normal usage rates to ensure that it can weather a disruption?
16 These questions help define the tangible âphysical plantâ components that are required by every function to operate sat- isfactorily. Many airport operating functions are equipment- centric (e.g., the maintenance and repair department) and space-centric (e.g., public parking or aeronautical operations) by the very nature of their missions. Essential plant and equip- ment inventories for these will always be very important com- ponents of the airport business continuity plan. Essential supplies are also important to identify. These may not be run-of-the-mill, ubiquitous supplies such as office sup- plies, bathroom supplies, or cleaning supplies. Rather, these are supplies that are fundamental to the capacity of depart- ments to perform essential functions. For example, if public safety officers are armed, their ammunition is a critical supply item. Diesel fuel is mission-critical to the back-up power func- tion, and supplies of jet fuel are crucial to the fueling function; likewise, fire-retardant foam is a key supply item for the ARFF function. Regarding technology, the following questions should be asked: ⢠What are the technology requirements of each of the air- portâs essential business and operating functions? ⢠Does the function require computer or communications hardware, and, if so, how many of which kinds of devices? ⢠From which hardware and software vendors or systems integrators does the airport procure devices and hardware if it needs more? ⢠Which software and applications do the functions require and depend on in order to perform their roles? ⢠Has the airport documented where these applications reside in the organization and how to gain access to them in a disruptive situation? ⢠How long can the airport do without these essential applications? ⢠What kind of network, communication, and storage infra- structure does the airport need to support each function? Many airports are highly automated and make exten- sive use of technology across their operational footprint. Knowing the specific technology requirements of depart- ments is important in BCP because it helps establish how the IT department must plan for support, availability, and redundancy. An awareness of technology needs also helps identify how every core technology-dependent activity might be accomplished for a short period of time if the technology these activities depend on is âdownâ during disruptions. For airports that have, or plan to move to, a shared infra- structure services model, the requirement for technology resources may be even more acute because entire automated systems may depend on functioning technologyâfor instance, baggage handling, a common car rental center, or airport- owned gate operations. Defining Recovery Time Objectives The BIA process at the airport should objectively assess how long every essential business and operating function can with- stand partial degradation of capacity or a complete loss of func- tion before it is incapable of doing its job, meeting its goals, or providing functional output to the larger organizational entity. The important question is, how long can a function be down before there is real pain and negative consequences? This tolerance to downtime is referred to as each functionâs RTO. Functional RTOs can be measured in minutes, hours, days, or weeks, based on level of criticality, seasonal or cycli- cal imperatives, and other factors. Identifying RTOs provides a comprehensive perspective into which functions are truly mission-critical and how the interdependencies among these functions affect other âupstreamâ or âdownstreamâ functions. For example, payroll (obviously, an essential function) cannot be run until the time management system reports on the num- ber of hours employees worked during the pay period. That is an internal dependency. An example of an external depen- dency is when airport services such as electrical, water, or sew- age utilities are provided outside the airport; when disruptions in service occur because of events such as a regional black-out or water utility emergency, the airport can be affected. The qualitative and quantitative parameters established during BCP kick-off by the steering committee are important in determining RTOs because they provide a unified definition of how disruption impact is measured at the airport. These parameters may be very different among different airports or types of airports. Negative impact can be measured many ways: reduction in revenue; increase in fines or penalties; fail- ure to meet loan covenants or regulatory requirements; dam- age to the airportâs brand, image, or reputation; and so forth. Defining negative-impact benchmarks uniformly across the airport forces the assignment of RTOs based on a common denominator, which is important in aligning relative recovery priority among widely disparate types of functions. Defining Recovery Point Objectives In the BIA process, the organization should also identify for each essential function a finite measure of its tolerance for loss of data that are essential to the functionâs role and mission at the airport. Tolerance for the loss of data needed to sup- port activity in a function is referred to as the functionâs RPO. The RPO is an indication of the amount of time the function can continue without supporting data before the productiv- ity of the function is materially impacted. Data dependence can be profound for critical financial and reporting applica-
17 tions; supervisory control and data acquisition (SCADA) sys- tems; and hardware, network, database, or communications infrastructure. A functionâs RPO is affected by factors such as how often a process must run or be activated (e.g., running payroll semi- monthly) or how long it can use data processed or produced earlier (e.g., composing reports to the FAA or EPA using the last periodâs data if the supporting process is currently down or paying the parking contractor using last periodâs data if the current periodâs credit card data are unavailable). RPOs can be affected by whether there are viable functional alternatives for temporarily running the process without the usual technology support. These are called âmanual work- arounds,â and they are a very important part of departmental recovery plans. A remarkable number of technology-dependent functions may be available temporarily with manual work- arounds. These short-term fixes may seem inelegant, but they might suffice for a few hours, a few days, or a week before the absence of new data is fatal to the ongoing function. For example, the TSA can still accomplish its security mis- sion if power is lost. It can perform hand pat-downs, open and inspect baggage, use battery-powered scanning wands, and deploy canine teams. The process will still work, but pos- sibly at a quickly escalating cost to the airport and airlines in the form of missed flights, crowd management crises, and overtaxed personnel resources. RPOs are also influenced by whether seasonal or cyclical circumstances render functions more or less critical at cer- tain times (e.g., winter operations are only seasonally criti- cal; payroll is critical only twice per month; baggage systems are critical only during aviation operations hours). RPOs can vary widely, from minutes to months, based on these factors. Ranking and Reviewing Recovery Priorities When each essential function has been analyzed and RTOs and RPOs established by those responsible for them, it is important to create a system that prioritizes functions, sub- functions, processes, and activities. This helps airport man- agement understand the recovery priorities among many different kinds of functions that may be completely unrelated or, alternatively, highly interdependent. The recovery ranking process can be difficult because it requires some kind of system that can order the recovery prior- ity among functions as different and seemingly unconnected as payroll, wildlife management, parking systems, ARFF, bag- gage management systems, procurement, and fueling. The difficulty is compounded because many of these critical func- tions are the responsibility of a third-party contractor or a government agency. The airportâs BCP project team and steering committee should establish a relative ranking approach that works for the airportâs unique needs and circumstances. Ideally, rank- ing should be driven directly from a set of qualitative and quantitative factors that reflect the strategic business priori- ties of the airport. A recovery ranking system based on these priorities pro- vides the underlying basis for assigning to any given function a higher or lower priority than another function. Creating a model for ranking relative recovery priority requires analy- sis, negotiation, and patience because process âownersâ and function managers may each see their responsibilities as more important than someone elseâs. Centrally defining the rank- ing factors helps reduce these disagreements. Because airports have common basic roles, such as sustain- ing commercial and general aviation operations, and may be certificated by the FAA based on their sustained capacity to comply with regulations and meet minimum standards, there is a basis for establishing recovery priorities. The functions, processes, activities, and technology that need to be recovered more quickly than others should be those that enable and sustain aeronautical operations, protect the revenue stream and financial viability of the airport, help the airport meet its contractual obligations, and help it maintain its certification. Beautiful grounds may be an airport objective, but recovering the maintenance department so that it can meet this objective is less important than recovering aircraft fueling operations. Based on these parameters, it seems critical to recover the water supply if it is disrupted for any reason because compro- mising the airportâs ARFF index can lead to de-certification or a shutdown of flight operations. Likewise, recovering the capacity to provide infrastructure and support services to the FBO(s), airlines, contractors, and tenants that operate under contract at the airport is important because penalties and contractual âgive-backsâ can materially impact the airportâs financial position. Similarly, recovering the power supply after a black-out or providing sufficient back-up power is important because power loss darkens the runway, stops elevators and escalators from moving people, shuts down flight arrival and departure monitors and signage, and makes printing boarding passes and passenger and cargo manifests impossible. Planning for how to keep or replace airport employees or contractors who may be highly specialized or may possess critical operat- ing knowledge that has not been documented is important because loss of these people to retirement, relocation, health issues, or death can remove vital institutional or functional knowledge from the airport. Notwithstanding these obvious recovery priority drivers, every airport and FBO has a different mix of business param- eters that helps their organizations rank priorities across the breadth of their operations. There is no such thing as a stan- dard recovery priority format or model; each organization is unique.
18 Critical Path Framework for Determining Recovery Priority Recovery priority depends on determining those operating and business functions that are essential to the airportâs mis- sion. The greater the negative impact is on the airport when a particular operating or business function is disrupted, the greater priority the recovery of that operating or business func- tion should have. This can differ widely among airports based on what is important to their unique operating and business model. Figure 2 provides a logical framework to use in evaluat- ing and determining criticality of functional recovery. When the impact of disrupted airport functions could lead to a shutdown of airport operations, the affected functions should be considered essential functions and be assigned the shortest RTOs. Examples include the following: ⢠The disruption of the aeronautical operations area that shuts runways ⢠The loss of ARFF index due to loss of essential ARFF resources or supplies ⢠Power outage or loss of back-up power that blacks out runway lighting, NAVAIDS, and airport systems Figure 2. Critical path framework for recovery priority.
19 ⢠The widespread absence of key operations staff due to pandemic, strike, or regional catastrophe ⢠Loss of winter operations equipment during a major snowstorm Loss of these functions may result in a statutory or rule- based airport shutdown or an incident-specific shutdown. Loss or significant degradation of capacity of any function that can result in airport closure should be assigned a very short RTO, one measured in minutes or hours. BCP should take into account seasonality and cyclicality in assigning some RTOs. For example, recovery of the winter operations func- tion is critical during winter storm months, but non-critical during summer months. Loss of payroll on or around pay- day may require immediate recovery, but this function can be recovered less quickly during the days when payroll is not being run. The negative impact of many functional disruptions may not be as immediate, but may nonetheless threaten the viabil- ity of the airport by severely cutting services, by exposing the airport to regulatory fines and penalties or contractual penal- ties and claw-backs, by degrading the airportâs customer ser- vice capacity, or by materially damaging the airportâs image and reputation. While these impacts may be less immediate, they may be severely damaging if disrupted functions are not recovered in an appropriate timeframe. These functions should be assigned reasonably short RTOs, possibly mea- sured in hours or days. Examples include the following: ⢠Loss of the infrastructure maintenance function could impact airport services by causing non-working elevators, escalators, and moving sidewalks. ⢠Loss of recharging stations for electric people movers might cause elderly and immobile passengers to face dif- ficulties moving within the airport. ⢠Loss of power to TSA screening stations could necessitate manual scanning, luggage searches, and pat-downs, creat- ing long lines of angry passengers and problems with air- lines, who expect smooth security screening. Loss or disruption of other functions may not directly or severely impact the airport, but may trigger contingent dis- ruptions that, in turn, cause severe impact. These contingen- cies are examples of internal and external dependencies. The BIA process should identify critical dependencies so RTOs can be appropriately assigned based on the potential con- tingent impact of disruption. Losing the system that reports employee hours worked may not itself be critical, but its sus- tained outage may in turn render the payroll system inop- erable. A strike that includes employees or contractors with highly specialized skills or training on unique equipment might be tolerable until those skills are required in critical path operations in the aeronautical operations area. Degra- dation of general aviation services may result in corporate flight operations moving to an alternative airport. Negative impact from the loss of other airport functions may be less severe or may manifest over a longer term, and thus these functions are less important to recover. The impact of disruption of these functions might be felt over time, but the airport can afford to restore them over several weeks or even months. For example, recovering the grounds main- tenance function can wait as its impact is largely aesthetic. Recovering non-aeronautical businesses or concessions may not require immediate action if they are not crucial to airport operations or consolidated revenue. If the impact of the loss of a function is minimal or manifests very slowly, the BCP might classify it as a non-essential func- tion, per se, and therefore leave its disruption unaddressed. Reviewing, Adjusting, and Finalizing the Results The BCP steering committee and senior airport manage- ment should be prepared to provide oversight and direction to the process of ranking recovery priorities by reviewing the results and making management adjustments, if necessary, to reflect their view of the recovery imperatives at the airport. These adjustments are needed to âbreak the tiesâ when two or more functions argue for recovery primacy. Adjustments should be made against a fact-based backdrop that looks to the severity of impact should a given function or process become degraded or completely lost, in these typical areas: ⢠Revenue impactâdoes the loss materially affect the income statement? ⢠Regulatory or legal impactâwill the loss result in fines, penalties, lawsuits, negative court orders, or loss of grants? ⢠Contractual impactâmight the loss trigger breach of con- tract, claw-backs, or penalties? ⢠Customer or stakeholder impactâwill the loss degrade capacity to serve tenants, lessees, and flying customers? ⢠Reputational impactâis the loss likely to negatively affect the airportâs or the airport operatorâs image, brand, or reputation? ⢠Employee moraleâwill the loss materially impact staff attitude? Gap Analysis and Strategy Development The BIA is an essential precursor to the component of gap analysis and strategy development (which helps the airport identify potential areas of mitigation). The BIA examines the interdependence of the various components of airport
20 operations and prioritizes those functions the airport abso- lutely requires in order to continue its day-to-day activi- ties. For every function at the airport, the BIA catalogs how things are done at the airport. The BIA evaluates which mix of resources is required for every function to sustain a minimal operational level and shows the relative priority of the essential functions that need to be recovered for nor- mal operations to resume after material disruptions. The BIA process also assesses where IT resources should be most quickly directed to support recovery. Gap Analysis In the follow-on gap analysis phase, the airport should analyze its set of required functions, as defined by the BIA, and compare it to both the resources currently available to aid recovery and the current plans or procedures for doing so. The gap (or difference) between recovery needs and capacity and resources available to sustain operations is addressed by the airportâs business continuity strategy and is defined for every essential operational element. Current General Resources Understanding the general resources available at the air- port might include a review of departmental plans and pro- cedures such as the following: ⢠The human resources staffing process ⢠The existence of succession plans in key departments and delegation of authority for critical roles ⢠The facilities plan ⢠The procurement and requisitioning process ⢠The alert notification procedures used to call relevant stakeholders ⢠The location of, and access to, vital records, files, and data ⢠The IT DR plan In its gap analysis, the airport should look at the various elements of current practice and capacity and document dis- parities between what is required by each essential function to recover operations (based on priority) and what resources are currently available to do so. Closing those gaps (or decid- ing to live with the risk of not doing so) is part of a well- thought-out business continuity plan. Current Technology Resources Because many airports and FBOs are technology depen- dent, it is important to align the technology requirements of essential functions to the IT departmentâs DR plan, which documents how the IT department will provide resources and services and restore them to full operational status after disruptions. The gap analysis should assess the back-up and restoration policies and procedures for key data files and application systems used in the essential functions of the air- port. The analysis should also include a comparison by the IT department of the minimum equipment configuration required in the data center for delivering those technology resources and sustaining current operations as required versus its current data center configuration. Critical Resources Inventory An important step in BCP is to identify and inventory all the critical resources that are necessary to accomplish each essential airport function. These resources are addressed in these categories: ⢠People (for specific duties) â Number of staff â Special certifications, licenses, or training they require â Other job-specific qualifications, such as height require- ments to operate equipment or strength requirements for ARFF staff â Status as employees or contractors and contractual replacement restrictions that may be present with union members ⢠Plant and equipment â Physical space required to perform the function such as office space, operating space, shop space, and storage â Necessary office equipment such as workspaces, desks, copiers, and fax machines â Equipment that is mission essential such as tools, vehi- cles, and heavy equipment ⢠Materials and supplies â Minimum on-hand inventory required such as office supplies, parts, fuel, and so forth â Minimum quantity for reorder ⢠Systems and processes â Assemblages of permanent equipment and assets that work together to support any essential function such as shared services baggage handling system ⢠Information technology â Network infrastructure â Computers and laptops ⢠Mutual aid and assistance â Essential resources that are contractually available from outside organizations such as local first responders, DOGs, and disaster services vendors The gap analysis matches essential functions with the inven- tory of resources that support these functions. The BCP strat- egy that follows should address the gaps between the RTOs of each essential function and the organizationâs capacity to
21 execute recovery within the RTO. Airports should close those gaps that they determine to be critical by investing in a mix of essential resources that will enable the organization to predict- ably recover its essential functions within their RTOs. Business Continuity Strategy Development The airportâs business continuity strategy will be its approach to mitigating or minimizing interruptions to its operational continuity and recovering its mission-essential functions as soon as possible after significant disruptions. The strategy should include a detailed and granular recovery plan for each function or department as part of an airport-wide perspective that takes into account the interdependencies among opera- tions and processes. The airportâs plan itself will be the result- ing documentation of recovery resources and procedures that address the organizationâs recovery priorities for bringing criti- cal processes to a minimum threshold level of effectiveness dur- ing and after disruptions. Contention for Recovery Resources A major part of the business continuity strategy should be an analysis of the critical resources required by each function, so airport management can plan a cohesive strategy for their combined needs for space and facilities, staff, equipment, sup- plies, and technology during and after disruptions of any kind. When all departmental inventories of resource requirements are considered en masse, contention for resources such as staff, space, and technology may result. For example, several depart- ments may plan to relocate physically to the same space in the case of disruption, unaware that the space may not be able to accommodate them all. Several departments may vie during a disruption for a limited number of airport vehicles; demand for those vehicles might then exceed the supply. More than one department that plans to relocate to alternative space may claim prepositioned office equipment although there is not enough to be used by more than a single entity. Recovery priority helps define the âtriageâ system for these resources. However, airport management should take into account competing and overlapping needs as it develops its business continuity plan and provisions recovery resources. This process of defining priorities for resource contention is sometimes known as de-confliction, because it forces a com- prehensive solution to resource conflict across airport func- tions and departments. Manual Work-Arounds Another key step of the airportâs business continuity strat- egy is documenting manual processes for performing a func- tion that is normally performed using technology. During times of disruption, this documentation can guide each airport department in manually performing some essential functions when it has lost access to technology or automation or to some other process that is necessary to those functions. Because contention for technology may escalate during disruptions and because IT budgets may be constrained, defining viable manual work-arounds for as many essential processes as pos- sible can make the difference between operational continuity and functional failure. Alternatives to the Status Quoâ Processes and Technology Many essential functions at airports depend to some degree on the support of technology, IT infrastructure, and technology- driven processes. If a disruption debilitates or degrades criti- cal supporting technology processes, the business continuity plan should document ways that dependent functions can be provided or maintained when technology is partially or completely absent. Some functions may be completely depen- dent on technology and thereby impossible to recover in its absence. However, many essential functions can be provided at some basic level or for a minimal amount of time without this infrastructure. For example, running payroll may normally be an auto- mated process managed by a payroll application. Nonetheless, the airport may be able to document an alternative payroll process that it can manage for one or two pay periods when the payroll software is down, whereby it calculates compensa- tion and deductions manually, based on the last periodâs data, and writes payroll checks by hand. A thoughtful analysis of each critical function makes it pos- sible to describe and document similar manual work-around processes for use when the expected technology processes fail or are fully or partially unavailable. Note that the busi- ness continuity process does not focus on why technology is down (electrical storm, failure of the data center, inter- nal sabotage, malware infection, or an external distributed denial of service [DDOS] attack). What matters is recogniz- ing that the technology upon which a core process or activity normally depends may not be available and documenting how the process or activity can be performed manually dur- ing the period of operational duress. While many essential functions can be performed at least partially or for a short period of time without supporting tech- nology, many may not be recoverable until predecessor technol- ogy processes are themselves recovered following a disruption. When faced with the loss of a core process, the airportâs busi- ness continuity plan can consider several kinds of responses: ⢠Abbreviate the process. If accounting runs its general led- ger process each night, a decision can be made that during
22 major disruptions accounting can get by with running the ledger process every fortnight, if the impact of the reduc- tion in frequency can be tolerated. If mowers are broken, the maintenance department can cut the grass every 2 weeks instead of every week for an extended period of time. ⢠Complete the process manually. If a technical resource for accomplishing an activity becomes unavailable in some way, the airport should devise manual processes to use until the supporting resources become available again. For example, if the power to jet bridges is lost, crews can use manually moveable stairs to deplane passengers. Similarly, if a shared services baggage claim carousel is down, extra handlers could be directed to deliver arriving luggage manually, using hand-operated dollies. The cost to the airport in terms of passenger frustration, long lines, crowd control, and pressure on bathroom and food service establishments in the arrivals area may be great, but the airport can meet its baggage delivery obligations for a short time by manu- ally moving luggage with extra staff and rolling stock. ⢠Live without it. The airport may be able to suspend many processes during prolonged disruptions. The business con- tinuity plan should identify every process that the airport or FBO can afford to suspend temporarily until normal operations are recovered. For example, if a disruption causes overcrowding of an airport terminal, can the use of courtesy people movers (normally used to transport those with special mobility needs) be curtailed since they cannot move through the crowds? (If so, the manual work-around might be to hire more red caps to use hand-pushed wheel- chairs as temporary replacements.) Similarly, when technology is unavailable as the result of a disruption, the airportâs business continuity plan can also consider various responses: ⢠Transfer loads to back-up sites. Bringing up a âwarmâ or âhotâ IT site that may be situated on a different power grid can help airports recover technology capacity with minimum downtime. System crashes that require some- times lengthy restart routines can present the airport with the requirement for a gradual recovery of numerous IT-based applications; this in turn necessitates a plan for the orderly recovery of applications based on the criti- cality of the application and its interdependencies with other applications and processes (as documented from the BIA). ⢠Transfer to back-up vendors. The airport can pre-plan transfer of technical services to back-up vendors using stand-by or just-in-time MOUs and contracts that define when and how the replacement vendorâs systems must be prepared to be made available. For example, if payroll is down, airports might alternatively process checks with one of the large payroll processing vendors for 2 weeks until recovery. ⢠Trigger manual work-arounds. Some processes at the airport that depend on technology can be accomplished manually, at least for some abbreviated period of time dur- ing disruptions. While the payroll application example is a highly automated process, for airports with smaller staffs, the accounts payable department may be able to write paper checks for one or two pay cycles while waiting for the tech- nology to come back online. Highly labor-intensive manual delivery of checked baggage can be planned for a scenario in which the automated baggage moving system fails. ⢠Live without it. There may well be a number of applica- tions that airports can simply manage without for a brief period of time, with acceptable loss of service and capabil- ity. The business continuity plan should identify each of these technologies and how long they can remain unavail- able before more profound damage is done. Airports operating in a shared services model, where key resources, functions, and technology are centrally operated and used by airlines and other lessees on a per-use basis, should focus their business continuity strategy on technol- ogy systems redundancies. Alternatives to the Status QuoâPhysical Location Every department in the airport or FBO has a primary location for staff, office furnishings, tools, equipment, com- puters, and supplies. The business continuity process should address how the airport plans to move its essential functions to alternative locations if a disruption renders primary loca- tions unusable or unavailable. One role of the plan is to document the places to which each essential function, office, or operation would be relo- cated if a disruption made their normal location inaccessible or unsuitable. Relocation plans should take into account the size of the staff that would be relocated and, if the reloca- tion site currently houses another group, whether that site is large enough to accommodate both. Contention for reloca- tion space should be resolved in the de-confliction portion of the airportâs plan so that a workable space is available for every function. Plans should also document which essential equipment, tools, and supplies will have to be moved to the alternative location (or prepositioned there) in order for each depart- ment to be functional in the new location. Plans should also document how the staff is expected to get to the alternative location, whether by personal or public transportation or by using airport-provided transportation. Each essential air- port or FBO function should have a designated primary and secondary relocation site, assessed for viability by the staff âs
23 answers to questions about how essential people, processes, plant and equipment, and technology can also be relocated there or effectively used elsewhere. Disruptions can present airports with the loss of physical assets and infrastructure ranging from the fundamentally critical (e.g., loss of a runway due to flooding or power fail- ure) to minor and inconvenient (e.g., loss of one of its three parking garage exits). In these instances, airport management can respond in one of several ways: ⢠Temporarily work around the loss. In the lost parking example, increasing staff and activating additional exit sta- tions or kiosks at one of the alternative exits can provide extra capacity until repairs can be completed on the one that is damaged and unavailable. ⢠Schedule dependent activities differently. If an airport runway or taxiway is unavailable, for example, the air- port can pre-plan with the FAA how to manage flight operations with the remaining operational runway con- figuration. Long-term parking lots can be used until the short-term lot is available, using additional buses. Alter- native offsite city or county parking facilities may also be accessible. ⢠Offload the activity to an alternative resource. The air- port can establish one or more alternative resources to help it manage until it recovers the lost assets, vehicles, or equip- ment. In large regional incidents, the airport might rely on MOUs for support from a DOG to move some airport functions and capacity to neighboring facilities or obtain emergency resources, in coordination with any affected carriers and the FAA. ⢠Use back-up suppliers. Airports can create and maintain a list of stand-by resources and vendors that offer just-in- time services such as disaster management and recovery vendors that can ship in trailer-based assets (e.g., technol- ogy, back-up power sources, etc.); these can be brought online within hours. Alternatives to the Status Quoâ Skilled Staff Availability When disruptions affect the availability of essential staff in any core airport function, the challenge is how to replace this particular talent pool, temporarily or over the long term, so that operations for which they are responsible will not go unperformed. This is a special business continuity challenge when affected staff members are highly specialized, maintain unique skills, or have job-specific training, certifications, or professional status. Many airports have employees with a high level of institutional knowledge (of processes, policies, practices, or contact information for key people) that has not been docu- mented. This makes the recovery of staff after disruptions critically important because the absence of these knowledge- able people can bring functions to a halt. At airports, risk is elevated because these responsible, knowledgeable people may not actually be located at the airport, but at the airport operator or government office if key airport functions are managed there. They may also be employees of commercial tenants and contractors who per- form certain essential airport functions. Any lack of cross- training or documentation of these peopleâs job knowledge creates a very real risk that while one or two key people may know how a function is performed, the airport organization may not know how it is done or how to recover the function if the most knowledgeable people become unavailable during a disruption. Routine personnel reductions and normal staff attrition from death, relocation, retirement, sickness, or dismissal increase business continuity risk because specialists who become absent for any reason represent single points of failure if no one else knows what they do or how they do it. If a pandemic impacts the availability of a large portion of the staff, entire airport departments could cease to function appropriately for days or weeks until the return or replace- ment of vital personnel. The possibility of disruption in the availability of essen- tial staff is why the airport or FBO business continuity plan should document essential functions, processes, procedures, and call trees so that they are accessible to replacement staff and management in the absence of the specialists who nor- mally are available. The business continuity plan should identify these skilled staff requirements or determine that, for an abbreviated period, a particular function can be performed by someone who is not fully credentialed. The business continuity plan should also document how to locate and acquire the services of replacement staff with commensurate skills, attributes, certifications, and professional credentials. For example, essential financial roles at the airport may require the replacement of certified public accountants (CPAs). Replacing staff for planning, design, structural, or infrastruc- ture positions may be require professional architects, licensed engineers, or people certified in computer-aided design (CAD) applications. Heavy equipment operators or other skilled air- port maintenance workers may need to have apparatus-specific certifications or to be licensed tradesmen. Public safety staff may have to be sworn law-enforcement officers. ARFF staff might require certification on the use of specific firefighting apparatus. Employees in the airport infirmary might have to be registered nurses or licensed nurse practitioners. Planning for the replacement of these types of personnel during disruptions must take these requirements into account.
24 Some jobs may require specific demographic attributes: operators of some vehicles or equipment might have to be of a minimum height; firefighters may have to be capable of car- rying a personal equipment load of a certain weight up lad- ders or meet other endurance tests; some security roles may require staff who are fluent in another language or of a par- ticular gender. Essential workers may have to be members of a particular union. Union contract rules may not only require replacements with certain skills, seniority, or trade skills, but also may legally limit where union workers can be asked to relocate and work, even during workplace disruptions. The airportâs business continuity plan should consider all such limitations to the airportâs ability to replace skilled staff and document how it will overcome these limitations so the organization understands exactly how it will replace spe- cialists of all kinds if the disruption makes the current staff unavailable for any impactful length of time. When faced with not enough of the right people to ade- quately perform each core function identified in its business continuity plan, airport management can decide to take sev- eral types of actions: ⢠Do it differently. Management can ask different people (who have been cross-trained) to perform the function or find someone who can perform an automated process manually. The recovery plan for each airport function should address whether and how staff members from a related department should be cross-trained to perform temporary tasks. ⢠Do it less often or less thoroughly. Similarly, managers should consider questions such as these: â Can we perform this task or run this process weekly instead of daily? â Can we complete the process with a sample of incidences instead of all instances? â Can we monitor this procedure for exceptions, rather than confirm every completion? Any of these approaches reduces dependence on people who are unavailable for a period of time. ⢠Do not do it at all. When considering the importance of a task or process and recovery priority, managers might ask these questions: â Is this process absolutely critical in a time of duress? â Can we get by for an hour, a day, or a week without some- one doing it? â Do we put the operating certification of the airport at legal or regulatory risk if we stop doing this? â Do we put people at unacceptably high levels of risk if we stop doing this? â Do we abrogate our responsibilities under our leases or loan covenants, to significant legal detriment, if we tem- porarily stop doing this function? Determining what not to do during disruptions can help mitigate the requirement for strained human resources. Effective business continuity plans include two processes for ensuring the availability of essential replacement staff during disruptions: ⢠Delegations of authority. These are formal assignments of specific authority to make defined decisions, such as approving leaves of absence, expenditures, timesheets, and travel. If a staff member is unavailable during a disruption, his or her authorities should pass seamlessly to a primary, secondary, or even tertiary replacement, so essential deci- sions can continue to be made. ⢠Succession planning. If an essential staff member is perma- nently unavailable as part of a disruption (i.e., is disabled or deceased), a formal succession plan should pre-establish who will take over the job. Fundamental to both delegations of authority and succes- sion planning is the BCP objective of identifying and docu- menting how every element of every essential function in a job description is accomplished, ensuring that successors to the function know exactly how to operate the function when called upon to do so during disruptions. This establishes sus- tained institutional knowledge that cannot be lost if essential staff members become unavailable. During prolonged airport disruptions, the business conti- nuity plan should detail an approach to managing all essential airport or FBO functions by replacing lost people, processes, and plant and technology resources, or managing without them at some minimally acceptable level. By analyzing each airport function and documenting its resource mix and recovery priority, the BIA process equips the airport BCP team to identify alternative resources that the airport might call on in order to perform key tasks a dif- ferent way. Requiring Contractors, Tenants, and Suppliers to Have Business Continuity Plans Because airports often rely on outside, non-employee firms for many essential functions and processes, it is important that airport management require these key, third-party com- panies to develop their own proprietary business continuity plans. This can be done by contractually requiring vendors, contractors, and lessees to develop continuity plans for the essential functions they perform at the airport (fueling, gen- eral aviation management, maintenance, security, etc.) so the airport has confidence that their functions include a recovery and restoration process after disruptions occur. It is a good idea to attach these plans as appendices to the airportâs final
25 plan for reference and to invite third-party firms to partici- pate in business continuity exercises and testing. Documenting the Business Continuity Plan The documentation of the business continuity strategy for all an airportâs business and operating functions should be integrated into a plan that includes the following types of information. Administrative Content Administrative content should include the following: ⢠Plan confidentiality statement. This limits the accessi- bility of the plan to those personnel that the BCP team and airport or FBO management specifically designate. Limits on distribution are important because business continuity plans contain a great deal of highly confiden- tial information. ⢠Introduction and overview. This section should define the purpose and scope of the business continuity plan and document the assumptions made in developing the plan; this section should also describe the âConcept of Opera- tions,â which provides the structure and operational guide- lines for using the plan. ⢠Organizational chart and responsibilities. Three relevant types of organizations should be named and described, the crisis management team (CMT), the damage assessment team, and the business recovery teams. The airportâs CMT evaluates disruptive events that impact the airport and makes decisions as to the deployment of recovery resources for the entire airport. The damage assessment team iden- tifies the extent of the physical damage and helps deter- mine the resulting duration of the outage. The business recovery teams manage and coordinate each departmentâs or functionâs response to and recovery from any disrup- tive crisis that affects it. The names and mandates of these organizations may vary widely among airports. ⢠Emergency contact information. The plan should estab- lish a dial-in number and/or website or social media page(s) that enable employees and relevant stakeholders to access updated information about the disruption and recovery. Business Continuity Plan Elements This should be the main section of the business continuity plan. For FBOs or small airports, it might be relatively lim- ited, based on the size and complexity of the organization. For larger hubs, this section will be far more extensive. In order to develop this core part of the plan, organizations should assemble the following information for each essential business and operating function at the airport: ⢠List of the essential functions performed in the depart- ment, the person(s) responsible for each, and a sense of the relative recovery priorities for the functions ⢠List of any essential functions that are outsourced to a tenant, contractor, or vendor; the person or company responsible; and a list of any essential âinputsâ to these functions that the airport must provide to the responsible contractor ⢠A description of âmanual work-aroundsâ essential for functionsâin other words, how these functions are accom- plished if the technology upon which they normally depend is absentâand who is assigned to these work-arounds ⢠List of files or vital records required to perform essential functions, their locations, and recovery priorities ⢠Any data control requirements for information used in the functions ⢠Identification of audits, validation, or formal approvals required to complete essential functions, and who or what entities perform these reviews or audits ⢠The names assigned to the business recovery team for each essential function, their roles, and contact information ⢠Number of staff members or full-time equivalents needed to perform each essential function and any specific licenses, training, certification, or qualifications required for replace- ment personnel in those roles ⢠Names of the entities that provide this licensing or certification ⢠An estimate of how long it would take to replace essential staff ⢠List of any external personnel, contracting agencies, or unions and their contact information ⢠Identification of essential staff members, their primary and secondary replacements, and licensing/certification, union membership, or contractor information ⢠List of everyone in the department, or outside of it, who must be notified if the essential functions are disrupted, along with contact information ⢠The normal location at which the function is located, man- aged, or coordinated and the normal location at which any âfield operationsâ take place for the function ⢠At least one alternate location for the function in case the primary location is unavailable; the address, capacity, and number of departmental staff required to locate there; and information on whether the airport provides transporta- tion to the alternate location
26 ⢠Types of any function-specific physical facilities required at alternate locations, the sources of these facilities, and their specifications ⢠List of any special infrastructure support services required by the function, their sources, and specifications ⢠Any special security measures required by the functions, their sources, and specifications ⢠List of any function-critical materials and supply items, minimum quantities required to be on hand, minimum reorder quantities, their sources, and specifications ⢠List of any function-specific equipment or tools, order quan- tities, minimum quantities, sources, and specifications ⢠Number of computers used in the function, their types, quantities, sources, and specifications ⢠List of function-essential software applications, where they are stored or hosted, the criticality of recovery for each, the suppliers, and their contact information ⢠List of function-essential communications devices, quan- tities required, sources, and specifications ⢠List of essential office equipment, quantities required, sources, and specifications ⢠Description of any other function-critical devices, quanti- ties required, sources, and specifications ⢠List of all organizations, agencies, or entities that need to be contacted during prolonged operational disruptions, the criticality and timeliness required for contacting them during disruptions, and their contact information Recovery Time Objectives The RTO for each of the airportâs business and operating functions should be listed in a table. The RTO is the amount of time each functionâs operations can be suspended before the resulting negative impact becomes unacceptable. It is the tolerance for downtime for a particular function. RTOs can be stated in minutes (for functions that must be recovered at once), hours, days, or weeks, based on priority. Each organi- zation will establish RTOs that meet the requirements of their unique circumstances. Alternate Work Space If the decision is made by the airportâs CMT to activate the business continuity plan, the Alternate Work Space sec- tion of the business continuity plan instructs each function to follow the business relocation procedures as documented in their section of the plan. It defines both the relocation that will take place immediately after the declaration of a disruption through some airport-specific timeframe and medium- to long-term relocation strategies. This section of the plan also addresses recovery site activation and tasks the appropriate team with communicating the appropriate instructions for relocation to each of the airportâs business recovery teams. Essential Operating Functions This section of the plan should include a subsection for each business and operating function that is included in the business continuity plan. Every subsection should include this content: ⢠Overview and basic information about how the function operates ⢠Table of the business recovery team members and emer- gency call lists ⢠Complete list of the essential services provided by this airport function ⢠Definition of the recovery priority of the function as a whole and each of the key components of the function (expressed in RTOs or some similar ranking methodology) ⢠Lists or tables of essential resource requirements for the functionâstaffing, services, equipment, communications devices, office equipment, technology, and vital records ⢠Delegation of authorities and succession plans ⢠Alternate location information for recovering functional operations elsewhere during disruptions ⢠Functional recovery procedures ⢠Continuity plans for outside third-party companies that operate essential airport functions and processes under contract Additional Business Continuity Planning Information Business Continuity Planning Team Responsibilities This section should describe and clarify the roles and responsibilities of the various BCP teams and their leaders to minimize any confusion among plan constituents. Definition of Disruptive Incidents Each airport and FBO should define what it considers to be disruptive incidents in terms of their impact on essential operations. The airport or FBO should distinguish among those disruptions that may be non-impactful emergencies and those that are likely to cause material disruption of key functions. Phased Approach Strategy This should be an airport-specific strategy for defining its overall RTOsâthe maximum amount of time that each function at the airport can be suspended before causing a
27 severe impact to one of the airportâs recovery objectives (such as meet contractual commitments, maintain regulatory com- pliance status, preserve reputation, maintain financial and operational controls, and maintain employee commitment and morale). In this section, the airport should establish standard RTO intervals (e.g., 4 hours or 2 days); this will optimize consis- tency among the business units in determining functional criticality and recover priority. Standard intervals enable each airport function to evaluate resource needs and facilitate the allocation of recovery resources in the event of a site outage affecting multiple business and operating units. Consistency reduces the risk that a less important function may recover before one that is more critical. Plan Activation This section should define the factors that will prompt the organizationâs management to activate its business continuity plan. The triggers for activating the plan may be obviousâ loss of power (because it can eliminate all systems), loss of water pressure (because it can reduce critical ARFF capabili- ties), or an IT network failure. Activation triggers may also be less obviousâa growing pandemic degrades availability of critical staff, a local transit strike keeps many workers at home indefinitely, or meteorologists predict a high wind and flooding event within 2 weeks. Plan De-activation In some cases, when the kinds of elements that trigger business continuity plan activation are eliminated, the plan is de-activated. Restoration of power or water supply, net- work restoration, or the end of a pandemic are examples. However, the closure of the triggering event may not auto- matically mean that contingent systems, equipment, or tech nology impacts that were a result of the primary trig- gering event have been addressed. Plan de-activation may be delayed until these dependent impacts can be resolved and essential functions associated with them restored. For example, the IT department may have restored the data cen- ter, but the data required to be recovered for other essential functions may not be restored for another day or week. In this case, it would be premature and counterproductive to de-activate the plan until all necessary elements are back in place. Plan Distribution Airports should use this section to document the people to which the plan will be distributed and how in order to control access and to maintain confidentiality. Plan Testing and Maintenance This critical section of the plan should describe the air- portâs testing objectives for its business continuity plan. This section should also define the type and scope of exercises the airport intends to facilitate to keep the plan current and well practiced, establish a formal test/exercise schedule, and define the components of the tests. A more detailed discussion of plan testing and maintenance is presented in following sec- tion, âPlan Testing, Exercises, and Maintenance.â Stakeholder Recovery Plans Because so many essential airport functions may be the re - sponsibility of contractors, FBOs, and government agencies, the airportâs business continuity plan should incorporate copies of the contingency plan or COOP of each of those outside part- ners for the functions it specifically performs at the airport. Plan Testing, Exercises, and Maintenance When the business continuity strategy is developed and the plan is documented, it should be continually maintained and regularly tested and exercised. This is to ensure that it remains up to date, reflecting periodic changes in the airport or FBO operating circumstances, and that employees and other stakeholders understand the plan and how to use it during prolonged disruptions. Ideally, business continuity should be an airport-wide pro- cess. While the plan itself may be developed by the members of the BCP project team, it is important for airport man- agement to socialize the plan and provide training well into senior departmental ranks so everyone in the organization, as well as its other stakeholders, is aware of the plan and under- stands its implications and their specific roles and responsi- bilities during disruptions. Maintaining a state of business continuity preparedness depends on the airport regularly testing its plan and the assumptions built into the plan and running periodic exer- cises that simulate the various types of disruptions that the airport may face. Without such exercises, the business continuity plan is nothing more than a documented compendium of informa- tion. Its effectiveness during real disruptions may be compro- mised if the airport has not tested the effectiveness of the plan through exercises that familiarize the staff with its provisions and reveal areas of the plan that can be improved. Plan testing should be used to do the following: ⢠Determine the state of readiness of the recovery organiza- tion to respond to and recover from a disruption to busi- ness, operations, and systems
28 ⢠Determine whether the required resources for recovery are available at recovery locations ⢠Determine whether the business continuity plan has been properly maintained to reflect changes in the airportâs business, operations, and technology ⢠Manage the expectations of the business units at the air- port regarding what they can expect in the event of an actual disruptive incident ⢠Instill a sense of calm and confidence across the airport by showing that there is a demonstrable state of readiness for a potential disruption of services ⢠Demonstrate compliance with applicable regulatory requirements and good airport industry practices Exercises are classified based on the extent of the actual resources being employed and the manner in which they are tested. Airports should consider using three types of exer- cises: a structured walk-through, component testing, and an integrated simulation/full operations test. Structured Walk-Through A structured walk-through is a paper evaluation of the air- portâs business continuity plan or a portion of the plan. It is designed to exercise the planâs effectiveness without incurring the expenses or using the personnel resources associated with performing a full test. The objectives of the structured walk-through are to do the following: ⢠Verify the contents of the plan ⢠Prepare for simulation testing ⢠Train new members and create employee awareness ⢠Maintain preparedness while limiting use of resources ⢠Confirm that the strategy documented in the plan is viable ⢠Educate critical personnel on their responsibilities during a disruption ⢠Confirm that the information in the plan is current and accurate ⢠Identify areas of the plan that need revision or updates A structured walk-through exercise is a cost-effective method for evaluating the adequacy of a plan. This exercise can be performed regularly on different parts of the plan and under different disruption scenarios. Component Testing Component testing is an off-hours exercise that airports should use to test a particular part of their recovery plan more aggressively. It serves to verify the correctness of oper- ating procedures, hardware components, and the ability to restore a business unitâs critical functions. An example of this type of test is a limited systems restoration and a connectivity test at a functionâs recovery site. Component testing differs from the structured walk- through in that it involves actual recovery activities being exercised. It differs from a full operations test in that it does not require the use of the actual recovery sites. The objectives of component testing are to do the following: ⢠Demonstrate the accuracy of the execution of the plan ⢠Verify the appropriate operating and incident escalation procedures ⢠Train and increase awareness of personnel ⢠Validate previous modifications of the BCP, including the DR plan Integrated Simulation/Full Operations Testing Integrated simulation/full operations testing should be per- formed at the airportâs actual recovery site(s) and should use the resources for the specified tasks of the test (i.e., recovery site systems and workspace). This method of testing requires some processing activities to be performed at the recovery sites and requires the most advance preparation of all the test types. Integrated simulation/full operations testing demonstrates the adequacy of systems and business recovery procedures as well as the compatibility of back-up resources, providing vali- dation of the time needed to restore critical airport functions. The objectives of integrated simulation/full operations testing are to do the following: ⢠Test the entire plan or a portion of the plan under emer- gency scenarios ⢠Validate operational effectiveness and business unit inter- dependencies ⢠Provide measurable technical and administrative results It is advisable to schedule an exercise of this proportion after hours or during a weekend. There are three test categories that are classified by the extent of the overall plan that is being tested. Element testing exer- cises a particular part of the airportâs plan, such as its call trees. Business unit testing exercises the recovery plan of an individual business or operating unit, such as winter operations. Full pro- cess (integration) exercises test business unit interdependencies and the integration of departmental plans with supporting business processes, along with how parts of the plan work together as a complete disruption response.
29 Test Schedules The senior business continuity officer should coordinate the administration of the review, maintenance, and testing schedules. This person should also be responsible for follow- ing up on any revisions to the plan that may be required as a result of tests. The business continuity steering committee should review and approve any revisions. As a matter of regulatory compliance, many airports should test their operational recovery capabilities on an annual basis. They should use the preceding yearâs test results as a basis from which to develop the test objectives for the current year. Consideration should be given to changes to the airportâs RTOs and resource requirements, the inclusion of new busi- ness units and processes, business units experiencing signifi- cant personnel changes, regulatory changes, and changes to the airportâs IT environment from the previous year. Conducting Tests Preparation, execution, and review of test results are the key components of a successful airport BCP testing program. (See Appendix D for a sample test evaluation form.)
30 â The facilities that the plan covers â The number and identity of the business and operating functions addressed by the plan ⢠Objectivesâdescribes the goals set by the airport for the business continuity plan and distinguishes it from other plans (e.g., the emergency management plan, crisis com- munications plan, IROPS plans, etc.) ⢠Assumptionsâdescribes the following: â The extent of the plan activation (i.e., how long it will take to recover disrupted functions when following the plan) â The factors addressed in the plan (essential functions, resources, and support) â Any exclusions (i.e., that the emergency management plan, the IT DR plan, or the crisis communications plans are not part of the business continuity plan) â How the plan is integrated with other incident manage- ment plans that the airport maintains â How staff members who have responsibilities under the plan are to be trained and prepared â How the plan will be regularly exercised, updated, and maintained Concept of Operations Concept of operations includes roles and responsibilities, individual plans for functional recovery, functional recovery prioritization, plan activation, and plan deactivation. ⢠Roles and responsibilitiesâthe responsibilities of all staff with formal recovery roles on various teams when the business continuity plan is activated: â Steering committee, plan manager or coordinator, busi- ness process owners, and plan administrators â Crisis management team â Damage assessment team â IT recovery team What the Business Continuity Plan Should Look Like Effective business continuity plans should include the ele- ments listed below (based on accepted business continuity standards and practice) applied intelligently to each airportâs specific operating environment. While plans can be docu- mented in hard copy, it is increasingly popular to develop them using a software tool so that they remain easy to access, update, and distribute and can be more effectively used for training and exercises. Cover Page The cover page includes the date, version number, and offi- cial declarations: ⢠Dateâthe date of the plan as subsequently updated ⢠Version numberâso every update is recorded ⢠Official declarationsâindicating approved uses (e.g., âofficial use onlyâ) or any necessary disclosure approvals or permissions Introduction The introduction includes organization of the plan, distri- bution and access, mission statement, scope, objectives, and assumptions: ⢠Organization of the planâdescribes and defines the planâs sections and layout ⢠Distribution and accessâdefines to whom (people, roles, and organizations) the plan is distributed and provides any official access restrictions to the plan ⢠Mission statementâdefines the plan and what it is meant to accomplish for the airport ⢠Scopeâdefines what the business continuity plan covers, in terms of the following: â Impact to identified functions that are essential to the continuity of the airportâs operations
31 â Functional recovery teamsâteam leaders, members, and those with financial, crisis management, or public safety or security roles during recovery activities ⢠Individual plans for functional recoveryâan explana- tion that the master airport plan is a âroll-upâ of the recov- ery plans and requirements of the essential business and operating functions at the airport is given in this section ⢠Functional recovery prioritizationâa listing of the many essential departments and functions operating at the air- port or supporting it with a general recovery prioritization ⢠Plan activationâa section defining those incidents or dis- ruptions that will result in official activation of the busi- ness continuity plan ⢠Plan de-activationâconversely, a section defining events that will de-activate the plan and return staff and depart- ments to normal roles and responsibilities Functional Recovery Plans This section is the âmeatâ of the business continuity plan. It documents the recovery plans and the resources that are essen- tial to the recovery of every essential function at the airport. For each function, this section provides a functional descrip- tion or overview, mission-essential functions and recovery priorities, business recovery teams, critical resources, vital records and data, alternate facilities, delegations of authority, succession planning, and alert notification procedures and call lists: ⢠Functional description or overviewâa definition and description of the department or function ⢠Mission-essential functions and recovery prioritiesâ including the following: â Identification and prioritization of all sub-functions or business processes within the function â RTOs â RPOs â Internal interdependencies â Any special safety and security measures required dur- ing recovery ⢠Business recovery teamsâidentifies those within the func- tion who are formally assigned roles and responsibilities for recovery ⢠Critical resourcesâan inventory that documents the mix of systems, plant and equipment, materials and supplies, per- sonnel, mutual aid and assistance, and technology resources that are essential to the operation of the function or business process ⢠Vital records and dataâan inventory that documents all the electronic and hard-copy files, data, and vital records that are essential to the operation of the function or busi- ness process ⢠Alternate facilitiesâincluding the following: â Pre-established facilities and space to which the func- tion will relocate if it cannot use its current space (includ- ing prepositioned equipment, supplies, materials, and furnishings) â Emergency acquisition procedures for alternate space if the primary relocation facility is unavailable â Provisions and procedures for working from home, when possible â Relocation procedures and procedures for taking essen- tial equipment, supplies, materials, and furnishings to the new facility ⢠Delegations of authorityâformal assignment of author- ity and approval of leave, travel, procurement, time sheets, contracts, and so forth, if the person who normally provides these becomes unavailable ⢠Succession planningâformal plan for assuming the posi- tions, roles, and responsibilities of someone who is perma- nently unavailable ⢠Alert notification procedures and call listsâlists of inter- nal and external contacts who should be notified or con- sulted during functional disruptions, including staff, family contacts, suppliers and vendors, contractors, airport opera- tor personnel, first responders, and others, as well as infor- mation on preferred methods and means of communication Devolution This section describes in detail what will occur if the busi- ness continuity plan fails to recover the function. It provides for temporarily transferring the administration, rights, pow- ers, property, and responsibility for the function to an outside organization or entity, such as the airport operator, the city or county, another airport, the military, or another appropriate entity. Reconstitution This section describes how the airport overall (or each func- tion per se) will return to its normal operation once the busi- ness continuity coordinator determines that the disruption has ended, all danger is over, and the plan is de-activated. This requires a damage and situational assessment of the essential elements that make up and support the function or the air- port. Some disruptive incidents may have caused extensive damage that precludes speedy reconstitution of some airport functions. When the airport returns to normal operations, a desig- nated person from each function should notify the coordina- tor of its business continuity activation and relocation status, operational and communication status, and the time neces- sary to return to its normal location. Plans are described for
32 allocating space and moving people, equipment, supplies, materials, records, files, and furnishings to their normal locationsâin coordination with local government, mutual aid agencies, DOGs, and even state or federal emergency support agencies. Employee claims (workersâ compensation, overtime, etc.) associated with the dislocation and relocation must be pro- vided for in this phase, as well as a system of accounting for all personnel throughout the recovery process. Plan Testing, Training, and Exercises This section of the business continuity plan should describe how staff is trained on the plan; how the plans or segments of the plan are tested and improvements are integrated into a plan revision; and how often, to what extent, and over what scope the plan will be exercised. The provision for regular testing, training, and exercises is critical to the planâs effec- tiveness in meeting its mission of supporting the resilient operation of the airport. Without these regular improvement activities, the business continuity plan may become irrelevant âshelf-wareâ that fails to provide effective and realistic recov- ery guidance or to prepare staff adequately. Plan Review and Maintenance This section describes the timetable for the official review of the business continuity plan, as well as provisions for maintaining it as the airportâs operations evolve and as real disruptions and exercises reveal the need for edits, updates, and improvements to the plan. Business Continuity Plan Appendices The appendices to the plan can include information such as the following: ⢠Lists of airport staff assigned to various business continu- ity groups or committees ⢠Recovery plans of various contractors, lessees, and sup- pliers that operate essential airport functions, or support them ⢠Employee preparedness plans to support them and their families during incidents ⢠Employee support information or policies ⢠Plan maintenance calendar ⢠Testing, training, and exercising calendar ⢠Lists of vital records, applications, data, and other support- ing elements Using the Resulting Business Continuity Plan Creating the business continuity plan is only the starting point of the larger objective of actually ensuring the organi- zationâs readiness and capacity to provide operational conti- nuity during and after disruptions. The business continuity plan itself is nothing but a printed document, a website, or a software application, and its quality is dependent on the level of support it receives from senior management. To optimize the effectiveness of BCP, airports should make BCP a fun- damental part of departmental goals and objectives, exercise plans regularly, and maintain and update them as the airport or FBO evolves and its imperatives change. The business continuity plan should be a framework for operational recovery, for responding to the impact of any type of disruptive incident or event. The plan should include a com- prehensive inventory of essential resources that are required to operate effectively and be a reference document that defines core functions. It should align with the business continuity or contingency plans of the contractors, government agencies, vendors, and commercial tenants that are responsible for many essential airport functions. Finally, the plan should remain a flexible, living document that evolves along with the airport. It is important to appreciate that the business continuity plan is not an incident-specific action plan that describes for all BCP participants the steps they should take for recovery of their disrupted business and operational processes. Incident- specific action plans can most effectively be generated once the particulars of the disruptive emergency have been established and confirmed. Instead, the business continuity plan is more of a frame- work and inventory that describes how every essential func- tion works at the airport, how important things get done, and what mix of resources are required to do so. That informa- tion provides airport management and the BCP team with the information they need to determine a specific course of action in response to the particulars of any type of incident.
TRB’s Airport Cooperative Research Program (ACRP) Report 93: Operational and Business Continuity Planning for Prolonged Airport Disruptions provides a guidebook and software tool for airport operators to assist, plan, and prepare for disruptive and catastrophic events that have the potential for causing prolonged airport closure resulting in adverse impacts to the airport and to the local, regional, and national economy.
The software tool is available in a CD-ROM format and is intended to help develop and document airport business continuity plans or revise current plans in light of this guidance. The CD is also available for download from TRB’s website as an ISO image. Links to the ISO image and instructions for burning a CD-ROM from an ISO image are provided below.
Help on Burning an .ISO CD-ROM Image
Download the .ISO CD-ROM Image
(Warning: This is a large file that may take some time to download using a high-speed connection.)
CD-ROM Disclaimer - This software is offered as is, without warranty or promise of support of any kind either expressed or implied. Under no circumstance will the National Academy of Sciences or the Transportation Research Board (collectively "TRB") be liable for any loss or damage caused by the installation or operation of this product. TRB makes no representation or warranty of any kind, expressed or implied, in fact or in law, including without limitation, the warranty of merchantability or the warranty of fitness for a particular purpose, and shall not in any case be liable for any consequential or special damages.
Welcome to OpenBook!
You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.
Do you want to take a quick tour of the OpenBook's features?
Show this book's table of contents , where you can jump to any chapter by name.
...or use these buttons to go back to the previous chapter or skip to the next one.
Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.
To search the entire text of this book, type in your search term here and press Enter .
Share a link to this book page on your preferred social network or via email.
View our suggested citation for this chapter.
Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.
Get Email Updates
Do you enjoy reading reports from the Academies online for free ? Sign up for email notifications and we'll let you know about new publications in your areas of interest when they're released.
Enable JavaScript
Please enable JavaScript to fully experience this site. How to enable JavaScript
Click OK to log in and restart your reservation. Click Cancel to continue with your reservation without logging in.
- Skip to global navigation
- Skip to content
- Skip to footer
We'll redirect you to the home page of the country / region site you choose.
- Search AA.com® Submit search
- Legal, privacy & copyright
Customer service and contingency plans
Customer service plans.
American Airlines and American Eagle are in business to provide safe, dependable and friendly air transportation to our customers, along with numerous related services. We’re dedicated to make every flight you take with us something special. Your safety, comfort and convenience are our most important concerns.
- In June 2007, American Airlines and other members of the Air Transport Association submitted service plans addressing particular issues of consumer interest to the Department of Transportation (DOT).
- In September 1999, American Airlines and American Eagle submitted their joint Customer Service Plan to the DOT.
Customer service plan
Tarmac delay contingency plan – U.S. airports
Every American Airlines, Envoy, PSA and Piedmont team has a comprehensive contingency plan to respond to lengthy onboard ground (tarmac) delays at U.S. airports.
- Ensures we’ll have adequate resources available to meet your needs
- Names a control person to coordinate local teams and communicate with central operations centers
At each U.S. airport we serve, plans are coordinated with:
- Local airport authorities
- Transportation Security Administration (TSA)
- U.S. Customs
- Border Protection at each U.S. airport regularly used for international flights
We also have plans for all airports we regularly serve (including our designated diversion airports) to make reasonable efforts to share facilities and gates with other carriers in an emergency and during irregular operations such as extreme weather. Gates would be made available in accordance with established operational priorities (i.e. medical emergencies, maintenance concerns) and local gate compatibility constraints. If a gate is not available and deplaning is necessary, other equipment such as air stairs will be made available to deplane passengers.
Unless otherwise noted, marketed international and / or codeshare flights (AA flight number operated by another carrier) follow their own tarmac delay contingency plan. This contingency plan is explicitly separate from and not a part of these carriers' contract of carriage.
Limits of lengthy tarmac delays
Lengthy tarmac delays can take place both during taxi-out (prior to departure) and taxi-in (after landing). During these phases of travel, these limits apply:
- For domestic flights, American Airlines, Envoy, PSA and Piedmont will not permit an aircraft to remain on the tarmac at a U.S. airport for more than three hours without providing passengers an opportunity to deplane. For departing flights, the clock measuring the three-hour period stops when the pilot asks for permission to return to the gate or the aircraft begins to return to a suitable disembarkation point, and American will begin this process no later than three hours for domestic departure flights.
- For international flights departing from or arriving at a U.S. airport, American Airlines, Envoy, PSA and Piedmont will not permit an aircraft to remain on the tarmac at a U.S. airport for more than four hours without providing passengers an opportunity to deplane. For departing flights, the clock measuring the four-hour period stops when the pilot asks for permission to return to the gate or the aircraft begins to return to a suitable disembarkation point, and American will begin this process no later than four hours for international departure flights.
Delays longer than these time limits may be necessary if:
- The pilot-in-command determines that permitting a passenger to deplane would jeopardize passenger safety or security or there is a safety or security reason why the aircraft cannot leave its position on the tarmac to deplane passengers.
- Air traffic control advises the pilot-in-command that returning to the gate or another disembarkation point elsewhere in order to deplane passengers would significantly disrupt airport operations.
Passenger services during a lengthy tarmac delay
For all flights experiencing a lengthy ground delay at a U.S. airport, American Airlines, Envoy, PSA and Piedmont will:
- Provide passengers with adequate food and potable water no later than two hours after the aircraft leaves the gate (in the case of departure) or touches down (in the case of arrival) if the aircraft remains on the tarmac, unless the pilot-in-command determines that safety or security considerations preclude such service.
- Ensure that operable lavatory facilities will remain available while the aircraft remains on the tarmac.
- Ensure adequate medical attention is available, if needed, while the aircraft remains on the tarmac.
- Ensure a comfortable cabin temperature is maintained.
- Ensure passengers on the delayed flight will receive a notification regarding the status of the delay when the delay exceeds 30 minutes.
- Notify passengers on a delayed flight each time there is an opportunity to deplane from an aircraft if the opportunity to deplane actually exists.
At American Airlines, Envoy, PSA and Piedmont, the safety and comfort of our customers is always an important priority, especially during flight delays. We are confident our contingency plans will lessen your inconvenience.
You may also like...
Passenger rights – Canada
.webp "Compass IT Compliance Logo")
- Penetration Testing
- Vulnerability Assessments
- Web Application Scanning
- API Scanning
- Endpoint Detection & Response (EDR)
- Firewall Security Review
- Wireless Network Assessments
- Virtual CISO (vCISO)
- CIS Critical Security Controls
- MA 201 CMR 17
- Application Risk Assessments
- Business Continuity Planning
- Business Resilience Review
- Data Privacy Risk Assessments
- Incident Response Planning
- IT Policy Templates
- IT Process & Controls Assessments
- IT Risk Assessments
- Outsourced IT Audits
- Vendor Management
- Phishing Assessments
- Security Awareness Training
- Social Engineering Assessments
- Dark Web Monitoring
- Cloud Security
- Incident Response & Forensics
- White Label Security Services
- Financial Services
- Higher Education
- Hospitality
- Manufacturing
- Case Studies
- eBooks & Files
- Glossary of Terms
- Industry News
- Webinars & Videos
- Career Opportunities
- Certifications
- Meet the Team
- Press Releases
- Request a Speaker
- Testimonials
Further Flight Troubles and Better Business Continuity Planning
This morning, the Federal Aviation Administration’s (FAA) system for alerting pilots and airports of real-time hazards, called NOTAM (Notice to Air Missions), went offline around 3:28AM EST. While flights have slowly resumed to normalcy, this recent event is a further example of a breakdown in incident response, business continuity, and disaster recovery planning in the airline industry. As of now, transportation Secretary Pete Buttigieg has not yet ruled out a cyberattack as the cause of the massive system outage.
This breakdown occurred just sixteen days after the recent Southwest Airlines breakdown in service . On December 26th, 2022, thousands of passengers around the United States learned that Southwest Airlines had canceled almost all flights scheduled for that day. Travelers were stranded far from home, and some were even told by police that they were trespassing while attempting to find alternate travel plans. More than two days later, Southwest CEO Bob Jordan apologized on the company's Twitter account. But what caused Southwest Airlines to cancel 2,293 flights in a few short days while the top nineteen competing airlines only canceled a combined total of 859? The simple answer is that software from the 1990s and inefficient business continuity plans (BCP) and disaster recovery plans (DRP) led to a significant disruption for Southwest Airlines.
Responsibility was originally attributed to poor weather conditions and bitter winter cold, though later reports surfaced revealing that the major cause of cancellations was due to Southwest Airlines relying on outdated scheduling software called SkySolver, which was developed the same year Facebook was launched and is quickly nearing its end of life. Due to the winter storm and the tremendous amount of scheduling changes that were required for passengers and crews, SkySolver could not match crew members with flights.
According to a spokesman for GE Aerospace, multiple systems are involved in crew scheduling. The company stated that its software is not an end-to-end solution. Rather, it's a so-called backend algorithm that airlines can supplement with other software. GE Aerospace stated that the algorithm gathers input from other systems to provide recommendations to resolve crew-related disruptions.
Since 2015, Southwest Airlines pilots and crew have been begging leadership for internal technology updates. However, only minor updates to SkySolver have been implemented since its inception, referred to as "technical debt" , or the gap between existing software and the required updates to maintain baseline operations. An IT consultant said the union had been urging the airline for years to update "I.T. and infrastructure from the 1990s" .
Modern companies have been making a move to cloud-hosted solutions for several years now. Services such as software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) are offered by many cloud service providers such as AWS. Depending on the service model implemented, consumers of cloud services can avail their organizations of benefits such as scalability and flexibility, potential cost savings (e.g., pay for only the resources actually used), advanced security, and data loss prevention.
The idea behind cloud services is a shared responsibility model whereby security and compliance are shared between the cloud service provider and the customer. Here is a simplified example of the shared responsibility model:
Regardless of the service model, it is important to understand that access management, monitoring, log analysis, and configuration control are customer responsibilities. An organization needs to define and implement strong password policies, consider multifactor authentication, and verify secure configurations are implemented.
Whether organizations implement a traditional IT, hybrid, or cloud-based model for managing systems and applications, security and compliance must be considered throughout all system and application lifecycles, and sound security practices must be implemented. At a minimum, organizations need to ensure the following security practices are implemented:
- Asset identification – Understand and document the critical assets of the organization. This includes people, processes, and technologies.
- Patching – Outdated systems and applications increase the chance that threats will exploit vulnerabilities.
- Backups – Backups protect against human errors, hardware failure, virus attacks, power failure, and natural disasters. Backups can help save time and money if these failures occur.
- Business Continuity, Incident Response, and Disaster Recovery Policies and Procedures – Business continuity keeps your organization running during the lifecycle of an incident. Incident response allows your organization to handle an incident from the start. Disaster recovery supports the recovery process back to normalcy.
While the details of today’s event are still emerging, both incidents highlight the catastrophic effects that can occur if incident response, disaster recovery, and business continuity plans are insufficient to keep an organization operating at full or near-full capacity in the event of an incident resulting in a stoppage. Testing and updating plans regularly is a crucial step. Leveraging a third-party consultant to assist in evaluating these plans is highly recommended (and at times required by regulators). Compass IT Compliance has worked to assist private and public sector entities in strengthening these plans since 2010. Contact us today to learn more and to discuss your unique challenges.
You May Also Like
These Related Stories
Blackbaud Breach – Time to Review Your Vendors
The Importance of Testing Your Business Continuity Plan
Reflecting on the AWS Outage and Cloud Disruption Risks
Get email notifications, no comments yet.
Let us know what you think
- Business Continuity Plan
Business Continuity Plan Template
Prepare for business disruption and disaster recovery.
Published 15 Feb 2023
What is a Business Continuity Plan Template?
A Business Continuity Plan (BCP) template is a tool used by business continuity managers and IT teams to outline strategies for keeping businesses operational despite emergencies such as extreme weather events, building evacuations, power outages, etc. It identifies high business impact operational areas, assets, and recovery strategies with assigned personnel.
Download Free Template
Use this Business Continuity Plan (BCP) template as an outline for your business continuity plan that will critically assess all aspects of the business and make sure the emergency procedures and equipment are adequate. This business continuity template can help with ISO 22301 compliance and allow business continuity managers and consultants to:
- Identify key business functions and components to be prioritized for restoration and recovery during an emergency.
- Add list of processes/equipment most at risk of disrupting business operations.
- Discuss roles and responsibilities of key personnel and gather confirmation (digital signatures).
Click on the Web or PDF report below to view the business continuity plan example.
- Preview Sample Digital Report
- Preview Sample PDF Report
Business continuity templates can be used in any industry for IT disaster recovery, continuity of customer-facing operations, and backup of transport & logistics operations.
In this article
7 elements of business continuity planning, components of a bcp template with examples, faqs about bcp, how do you write a business continuity plan with safetyculture (formerly iauditor), featured business continuity plan templates.
When the COVID-19 pandemic hit the world, the economy took a massive hit. The need for a business continuity plan became more apparent to organizations. Business continuity planning enables businesses, small or large, to build a more resilient operation.
A Business Continuity Plan should include:
1. BCP Team
In the midst of a disaster or emergency, having a team or point person to go to will be essential. The BCP team will be responsible for planning and testing business continuity strategies. Background of each member in the BCP team can vary from organization managers or supervisors to specialists.
2. Business Impact Analysis
A business impact analysis (BIA) identifies, quantifies, and qualifies the impact of a loss, interruption, or disruption. Having a BIA will be essential in discovering risks that your business is exposed to and the potential disruptions that may occur.
3. Risk Mitigation
This element pertains to the strategies against the risks that were discovered during the BIA. Risk mitigation strategies may include putting up security and safety systems in the workplace, conducting preventive maintenance of vehicles, machines, equipment, or any asset vital to operations, and training of employees, among others.
4. Business Continuity Strategies
A good business continuity plan should establish strategies or alternate practices to keep the business running despite disruptions or disasters. An example of a continuity strategy that a lot of businesses had to implement during the pandemic was remote working or work-from-home. This enabled businesses to continue their operations and keep their employees safe from contracting COVID-19 in the workplace.
5. Business Continuity Plan
The business continuity plan is a combination of findings from the performed BIA and the recovery strategies established by the organization. A BCP plan typically includes 4 key components: scope & objectives, operations at risk, recovery strategy, and roles and responsibilities.
6. Training
All relevant personnel associated with the business continuity, disaster recovery, and incident response process should be trained according to the BCP plan that’s established and agreed upon.
In the testing phase, strategies and plans are being rehearsed or exercised to demonstrate its effectiveness. Testing the plan before rolling it out will enable the BCP team to discover potential flaws and fix them before they lead to damage or injury. It is recommended to review and test the plan periodically to ensure that all protocols and strategies are up-to-date.
Business Continuity Plan Template | Preview Sample PDF Report
BCP serves as a guide for organizations on creating an effective strategy for responding to potential business-disrupting events. Here are four key components of a BCP:
Scope & Objectives
States the purpose of the BCP, including specific business functions that should be prioritized for recovery during an emergency. This section should include examples of emergency events that would trigger the response of this BCP.
This BCP is to ensure the continuity of IT services and customer lines in the event of an unforeseen and prolonged power shutdown. Power disruption could be caused by emergency weather conditions or a building fire. Functional areas that are prioritized for recovery in this BCP include the customer support desk and finance team.
Operations at Risk
Includes possible risks with key operational functions which would greatly disrupt business and customer continuity. This also involves the magnitude of risk to each function, which will help the BCP committee decide on appropriate preventive actions.
Operation: Customer Support Operation Description: Customer support team looking after 24-hour global operations of live chat and customer calls for US, EMEA and APAC regions Business Impact: Critical Impact description: 100% of live chats go through the customer support team in Manila. 20% of live calls are routed to Manila office. A disruption would mean no more live chat support and customers experiencing significant wait times on calls Project timeline and team schedules
Recovery Strategy
Outlines all the relevant procedures to restore business operations after an incident or crisis. A good recovery strategy includes a realistic recovery timeline and essential emergency resources.
IT personnel and BCP committees should operate alternate backup programs and servers to help save customer requests after power outage. Customer support should be able to receive the requests and respond to customers within 30 minutes. IT Director should operate alternate server rooms in Area B if the power outage last more than an hour to prevent huge revenue loss.
Roles & Responsibilities
Refers to key personnel and their assigned tasks during or after an incident. Each committee member has a unique set of responsibilities to successfully carry out the BCP for each business function.
Representative: Jon Sims Role: Head of Operations Contact Details: [email protected] Description of Responsibilities: 1. Must ensure BCPs are updated and must coordinate with team leaders regarding changes 2. Helps notify key stakeholders in EMEA region of threats in Customer Support programs & tools
Business Continuity Planning (BCP) is important because it helps organizations protect their business amid a crisis or emergency. A business continuity plan contains instructions that will serve as a guide for the organization to maintain their operations.
A business continuity plan should be tested at least every 6 months to verify the BCP’s effectiveness. Frequent testing can also allow the discovery of gaps, and potential issues. This will help the organization update protocols and strategies accordingly.
BCP documents should be updated regularly. If any organizational changes have been made in terms of team structures and operational procedures, the BCP should be updated. A review will be conducted to check if information in the BCP is still reliable. .
Outdated BCPs might result in loss of customer trust, huge revenue loss, and damage to brand and company reputation. This is why it is crucial for BCPs to remain up-to-date.
Regular BCP audits are essential to help evaluate emergency procedures and identify if there are vulnerabilities. They also help realign emergency procedures to the ISO 22301 standard, business goals, and industry practices. Up-to-date and efficient BCPs help businesses effectively manage any unexpected event, prevent extra costs, and continuously develop their overall processes and key functions. Using a business continuity plan checklist can aid business continuity managers and IT teams to ensure comprehensive BCP audit reports.
SafetyCulture , the world’s leading digital form mobile software, can help businesses create and prepare a good business continuity plan more efficiently. Paper-based business continuity plan templates and Excel spreadsheets can be troublesome for management to keep and regularly update. With SafetyCulture as a business continuity software , businesses can switch to a paperless planning process where you can create your own templates, easily assess the accuracy of recovery procedures, and update your plans as needed in your mobile device. With SafetyCulture, you can:
- Create and customize business continuity plans using your desktop, iPad, or even on your mobile phone
- Easily assign tasks to key personnel and BCP committee members
- Use speech to text dictation to easily complete audits
- Gather photographic evidence in your BCP drills
- Record electronic signatures as required
- Send and share an updated business continuity plan report to your team in a few taps. See sample business continuity plan PDF report here .
- Automatically save your BCPs in the cloud
To help you get started on your paperless planning, we have created the business continuity templates and checklists you can download and customize for free.
Business Continuity and Disaster Recovery Plan Template (IT)
A business continuity and disaster recovery plan template is used to identify business functions at risk during an emergency and come up with a plan for continuous operation and recovery. This business continuity and disaster recovery plan template aims to help IT teams and business continuity managers become proactive in preparing for events that could disrupt operations and come up with strategies for disaster recovery. This template empowers you to:
- Specify and prioritize IT functions for recovery during a disaster.
- Describe IT equipment/ systems at risk in disrupting normal operations and essential backup programs needed for recovery.
- Confirm assigned tasks with IT team members through their digital signatures.
Business Continuity Plan Checklist
Perform regular audits of your organization’s BCP with a business continuity plan checklist. Whether small or medium business, this checklist can be used to ensure BCPs are up to date and reflect current high impact operations. Review key operational functions outlined in the BCP including recovery strategies and relevant assigned resources. SafetyCulture (iAuditor) BCP templates can be edited to fit the organization’s needs.
- Download PDF Report
Business Continuity Awareness Checklist
This template highlights the importance of employee awareness and employee knowledge of business continuity plans and business continuity processes. As a business continuity process template, this document helps:
- Gauge the level of understanding employees have regarding BCP processes.
- Determine opportunities how to better acclimate teams to internal business continuity plans.
- Identify the need for continuous improvement of business continuity programs.
SafetyCulture staff writer
Erick Brent Francisco
Erick Brent Francisco is a content writer and researcher for SafetyCulture since 2018. As a content specialist, he is interested in learning and sharing how technology can improve work processes and workplace safety. His experience in logistics, banking and financial services, and retail helps enrich the quality of information in his articles.
Explore more templates
A business continuity and disaster recovery plan template is used to identify business functions at risk during an emergency and…
Download free Read more
Perform regular audits of your organization’s BCP with a business continuity plan checklist. Whether small or medium business, this checklist…
This template highlights the importance of employee awareness and employee knowledge of business continuity plans and business continuity processes. As…
Related pages
- Food Hygiene Inspection Checklist
- Environmental Audit Checklist
- Privacy Impact Assessment Template
- Product Specification Template
- Post Construction Cleaning Checklist
- Asset Tracking Software
- Task Management Software
- Lone Worker Safety Devices
- Farm Equipment Maintenance Software
- MRO Software
We use cookies to provide necessary website functionality and improve your experience. To find out more, read our updated Privacy Policy .
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Business Continuity Plan
Business Continuity Planning Process Diagram - Text Version
When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps:
- Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
- Identify, document, and implement to recover critical business functions and processes.
- Organize a business continuity team and compile a business continuity plan to manage a business disruption.
- Conduct training for the business continuity team and testing and exercises to evaluate recovery strategies and the plan.
Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business. Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored.
Resources for Business Continuity Planning
- Standard on Disaster/Emergency Management and Business Continuity Programs - National Fire Protection Association (NFPA) 1600
- Professional Practices for Business Continuity Professionals - DRI International (non-profit business continuity education and certification body)
- Continuity Guidance Circular - Federal Emergency Management Agency
- Open for Business® Toolkit - Institute for Business & Home Safety
Business Continuity Impact Analysis
Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies.
The Operational & Financial Impacts worksheet can be used to capture this information as discussed in Business Impact Analysis . The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize:
- the operational and financial impacts resulting from the loss of individual business functions and process
- the point in time when loss of a function or process would result in the identified business impacts
Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.”
Resource Required to Support Recovery Strategies
Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies.
Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Resources can come from within the business or be provided by third parties. Resources include:
- Office space, furniture and equipment
- Technology (computers, peripherals, communication equipment, software and data)
- Vital records (electronic and hard copy)
- Production facilities, machinery and equipment
- Inventory including raw materials, finished goods and goods in production.
- Utilities (power, natural gas, water, sewer, telephone, internet, wireless)
- Third party services
Since all resources cannot be replaced immediately following a loss, managers should estimate the resources that will be needed in the hours, days and weeks following an incident.
Conducting the Business Continuity Impact Analysis
The worksheets Operational and Financial Impacts and Business Continuity Resource Requirements should be distributed to business process managers along with instructions about the process and how the information will be used. After all managers have completed their worksheets, information should be reviewed. Gaps or inconsistencies should be identified. Meetings with individual managers should be held to clarify information and obtain missing information.
After all worksheets have been completed and validated, the priorities for restoration of business processes should be identified. Primary and dependent resource requirements should also be identified. This information will be used to develop recovery strategies.
Recovery Strategies
If a facility is damaged, production machinery breaks down, a supplier fails to deliver or information technology is disrupted, business is impacted and the financial losses can begin to grow. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis .
Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap. However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted.
Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work. Possible alternatives should be explored and presented to management for approval and to decide how much to spend.
Depending upon the size of the company and resources available, there may be many recovery strategies that can be explored.
Utilization of other owned or controlled facilities performing similar work is one option. Operations may be relocated to an alternate site - assuming both are not impacted by the same incident. This strategy also assumes that the surviving site has the resources and capacity to assume the work of the impacted site. Prioritization of production or service levels, providing additional staff and resources and other action would be needed if capacity at the second site is inadequate.
Telecommuting is a strategy employed when staff can work from home through remote connectivity. It can be used in combination with other strategies to reduce alternate site requirements. This strategy requires ensuring telecommuters have a suitable home work environment and are equipped with or have access to a computer with required applications and data, peripherals, and a secure broadband connection.
In an emergency, space at another facility can be put to use. Cafeterias, conference rooms and training rooms can be converted to office space or to other uses when needed. Equipping converted space with furnishings, equipment, power, connectivity and other resources would be required to meet the needs of workers.
Partnership or reciprocal agreements can be arranged with other businesses or organizations that can support each other in the event of a disaster. Assuming space is available, issues such as the capacity and connectivity of telecommunications and information technology, protection of privacy and intellectual property, the impacts to each other’s operation and allocating expenses must be addressed. Agreements should be negotiated in writing and documented in the business continuity plan. Periodic review of the agreement is needed to determine if there is a change in the ability of each party to support the other.
There are many vendors that support business continuity and information technology recovery strategies. External suppliers can provide a full business environment including office space and live data centers ready to be occupied. Other options include provision of technology equipped office trailers, replacement machinery and other equipment. The availability and cost of these options can be affected when a regional disaster results in competition for these resources.
There are multiple strategies for recovery of manufacturing operations. Many of these strategies include use of existing owned or leased facilities. Manufacturing strategies include:
- Shifting production from one facility to another
- Increasing manufacturing output at operational facilities
- Retooling production from one item to another
- Prioritization of production—by profit margin or customer relationship
- Maintaining higher raw materials or finished goods inventory
- Reallocating existing inventory, repurchase or buyback of inventory
- Limiting orders (e.g., maximum order size or unit quantity)
- Contracting with third parties
- Purchasing business interruption insurance
There are many factors to consider in manufacturing recovery strategies:
- Will a facility be available when needed?
- How much time will it take to shift production from one product to another?
- How much will it cost to shift production from one product to another?
- How much revenue would be lost when displacing other production?
- How much extra time will it take to receive raw materials or ship finished goods to customers? Will the extra time impact customer relationships?
- Are there any regulations that would restrict shifting production?
- What quality issues could arise if production is shifted or outsourced?
- Are there any long-term consequences associated with a strategy?
Resources for Developing Recovery Strategies
- The Telework Coalition (America’s leading nonprofit telework education and advocacy organization)
Manual Workarounds
Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now? If the staff is equipped with paper order forms, order processing can continue until the electronic system comes back up and no phone orders will be lost.
The order forms and procedures for using them are examples of “manual workarounds.” These workarounds are recovery strategies for use when information technology resources are not available.
Developing Manual Workarounds
Identify the steps in the automated process - creating a diagram of the process can help. Consider the following aspects of information and work flow:
Internal Interfaces (department, person, activity and resource requirements)
- External Interfaces (company, contact person, activity and resource requirements)
- Tasks (in sequential order)
- Manual intervention points
Create data collection forms to capture information and define processes for manual handling of the information collected. Establish control logs to document transactions and track their progress through the manual system.
Manual workarounds require manual labor, so you may need to reassign staff or bring in temporary assistance.
Last Updated: 05/26/2021
Return to top
- Business Plan for Investors
- Bank/SBA Business Plan
- Strategic/Operational Business Plan
- L1 Visa Business Plan
- E1 Treaty Trader Visa Business Plan
- E2 Treaty Investor Visa Business Plan
- EB-1 Business Plan
- EB-2 NIW Business Plan
- EB-5 Business Plan
- Innovator Visa Business Plan
- Start-Up Visa Business Plan
- Expansion Worker Visa Business Plan
- Manitoba MPNP Visa Business Plan
- Nova Scotia NSNP Visa Business Plan
- British Columbia BC PNP Visa Business Plan
- Self-Employed Visa Business Plan
- OINP Entrepreneur Stream Business Plan
- LMIA Owner Operator Business Plan
- ICT Work Permit Business Plan
- LMIA Mobility Program – C11 Entrepreneur Business Plan
- USMCA (ex-NAFTA) Business Plan
Franchise Business Plan
- Landlord business plan
- Nonprofit Start-Up Business Plan
- Cannabis business plan
- Ecommerce business plan
- Online boutique business plan
- Mobile application business plan
- Daycare business plan
- Restaurant business plan
- Food delivery business plan
- Real estate business plan
- Business Continuity Plan
- Buy Side Due Diligence Services
- ICO whitepaper
- ICO consulting services
- Confidential Information Memorandum
- Private Placement Memorandum
- Feasibility study
- How it works
- Business Plan Examples
Airline Business Plan Sample
FEB.01, 2021
Do you want to start an airline company?
An airline business provides air transport to passengers on a national and international level. The business is undoubtedly much more profitable than other usual businesses. However, it comes at the cost of a difficult startup.
Starting an airline business is an inevitably expensive venture. The costs of jets, the salaries of qualified and experienced pilots, salaries of the crew, charges paid to the airport, payments to government and travel agents combined make a huge cost.
Therefore, if you are exploring how to build an airline business plan, you must first make sure that you will be able to manage a large team and expenses. To start this business, the first step would be creating a business plan. In this blog, we’re providing a business plan for airlines written for the startup, Bruce Airlines.
Executive Summary
2.1 the business.
Bruce Airlines will be a registered and licensed aviation business startup headquartered in Charlotte. The business will be owned by Bruce Greg, former COO of Aer Lingus.
2.2 Management of Airline company
Managing an airline company demands a lot of experience and expertise. Because the slightest mistake of anyone can lead to huge money and even life losses. In this airline business plan executive summary pdf we’ll be providing all details about Bruce Airlines. So you would have complete knowledge of what to include in your starting up airline business plan.
To manage an airline company, you’ll be needed to employ aviation attorneys, schedule coordinators, aviation technicians, flight attendants, pilots, and administrative staff.
To ensure the smooth running of business’ operations, Bruce Airlines will offer just 45 destinations across the globe in the initial phase.
2.3 Customers of Airline company
The customers of our airline will mainly be businesspersons and officers who need to travel internationally. Moreover, the general public and tourists will also be our target customers.
2.4 Business Target
Our target is to cover the startup expenses within two years of the launch. Moreover, we also aim at earning a net profit margin of $27k per month by the end of the second year and $49k per month by the end of the third year.
Company Summary
3.1 company owner.
Bruce Greg completed his pilot training at American Airlines Cadet Academy at the age of 21. After that, he did an MBA from Harvard University and joined Aer Lingus as a company manager. He served at several managerial posts and eventually became the company’s, Chief Operating Officer. He served as COO for six years and then decided to launch his own airline.
3.2 Why the airline company is being started
Bruce has always been associated with the airline business. He decided to launch his own airline to be an entrepreneur and earn the most by utilizing his skills and experience.
3.3 How the airline company will be started
Step1: Creating A Business Plan
The first step before starting an airline company is to create a business plan for airlines company. Bruce studied several examples of business plans for airlines and developed his start an airline business plan himself. We are providing the business plan he created in this sample business plan airline company.
Step2: Acquiring Required Licenses & Permits
Step3: Establish Headquarter, Values & Services
Bruce Airlines will be headquartered in Charlotte. The company will come into contact with airports and the government to negotiate the fee for hangars and for scheduling flights and routes. Meanwhile, the company will define its services, values, and customer care policies to get recognized.
Step4: Hire The Staff
To run an airline company, you need to hire a large staff. Due to the responsible and delicate nature of work, Bruce decided to recruit staff after rigorous testing and interviewing. The list of staff he’ll hire will be given in the upcoming sections along with their job descriptions and salaries.
Step5: Promote & Market
To attract customers amid huge competition, it is essential to develop an effective marketing strategy. And to come in contact with stakeholders who can indirectly promote your company.
Step6: Establish Online Presence
In this era, it is really important to establish a strong website presence. Bruce decided to launch a website that provides electronic ticketing and flight booking system to facilitate his customers.
Like all other airlines, Bruce Airlines will also be offering four travel classes. The services and luxuries associated with each class are listed here. If you want to build your own airline you can take help from this business plan template airlines.
- Economy Travel Class: This will be our basic class consisting of normal quality seats, foods, and extras for those looking for economical travel. The leg space, seat width, and screen size will be a lot lesser than all other classes. However, it will be adequate for a short flight.
- Wider and Comfortable Seats
- Quality foods and refreshments
- 16-inch entertainment screen
- Extra things including hot towels, toothbrushes, headsets, etc.
- Extra Comfortable Seats (More width, inclination)
- High-quality foods and refreshments
- 20-inch entertaining screen
- Extra things including eye masks, headsets, towels, and others.
- High priority check-in security
- High priority baggage handling
- Mini-Suites with privacy doors and noise-dampening curtains
- Storage compartments
- 26-inch entertainment screen
- Personal wardrobe
- Comfortable seat that reclines into super-comfy bedding with temperature control
- Finest foods and drinks made by world-renowned chefs
- Amenity kit including toothbrushes, face creams, lip balms, ear-plugs, and other things.
Marketing Analysis of Airline Company
Marketing analysis is a very important part of airlines business plan template. It analyzes the target market and target customers. Moreover, it also explains how much price you should set to meet your financial goals while attracting more customers than your competitors.
In this starting an airline business plan we are providing the marketing analysis done for Bruce Airlines. Here we have analyzed the global market trends for this business and the general groups of people that can be considered as potential customers.
If you are looking for how to write a business plan for an airline you can take help from airline business models pdf.
5.1 Market Trends
According to IBISWorld, more than 22k global airline businesses are running in the United States, employing more than 2.5 million masses. According to the same source, the business holds a huge market size of $686 billion.
Despite that the industry is already quite large, still, It is expected to grow more in the coming years. The growth is forecasted based on the surge in travel activities and expansion in the middle-class population in the coming years.
5.2 Marketing Segmentation
5.2.1 Business Persons
This group of our customers comprises of businessmen and women who need to travel to several countries as part of their business. This group is expected to avail of our first class and business class travel tickets. As this category usually arrange business trips and meetings, therefore, we expect this group to avail our services in groups.
5.2.2 Foreign Officers
Our second target group comprises high officials who need to travel on regular basis to meet their job responsibilities. This group is also expected to avail of our first class and business class travel tickets.
5.2.3 Tourists
Our third target group will comprise tourists who board airplanes frequently to reach out to remote locations. This category is expected to travel mostly in economy and premium economy class.
5.2.4 General Public
Lastly, general people who have to travel far-off places on an urgent basis will also be our target customers. This group is expected to avail mostly our economy class service.
5.3 Business Target
- To earn a profit margin of $49k per month by the end of the third year
- To achieve an average rating above 4.77 by the end of the second year
- To achieve a CSAT score above 92 by the end of the first six months
- To increase our travel destinations from 45 to 55 within three years of our launch
5.4 Product Pricing
Our prices will lie within the same ranges as that of our competitors. However, we will offer several discounts in the startup phase.
Marketing Strategy
Bruce Airlines will come up with several competitive aspects to get ahead of its competitors. In this airline marketing strategy pdf we’re providing the marketing strategy of Bruce Airlines. So that you can have help in making your own airline marketing business plan.
6.1 Competitive Analysis
We expect to get popularity among our customers due to the following competitive aspects.
- Electronic booking and ticketing facility
- Additional amenities
- Discounted rates in the first two months
- Dedicated flight attendants
- Highly customer care oriented policies
6.2 Sales Strategy
To advertise our startup, we’ll
- Promote our services through travel agent companies , social media campaigns, and Google Local ads services.
- Offer a 30% discount on the economy, premium economy, and business class tickets for the first two months of our launch.
- By launching our frequent-flyer program for privileged and loyal customers.
- By making our website SEO and by investing in artificially intelligent chatbots.
6.3 Sales Monthly
6.4 Sales Yearly
6.5 Sales Forecast
Personnel plan
An airline company needs a lot of staff to manage operations. Therefore you should make a detailed list of required employees with their job descriptions as you write a business plan for an airline.
7.1 Company Staff
Bruce will be the CEO himself. The staff he’ll hire is listed below:
- 1 Chief Operating Officer
- 5 Pilots with ATP certifications
- 9 Flight Attendants
- 2 Airline Operations Agents
- 3 Avionics Technicians
- 3 Airline Station Agents
- 1 Aviation Attorney
- 2 Sales Executives
- 1 Social Media Manager
- 6 Security Officers
- General Cabin Crew
7.2 Average Salary of Employees
Financial plan.
The airline company is not like other usual businesses. Starting and running an airline business is extremely expensive due to the high costs involved in
- Purchasing Airplanes
- Recruiting highly qualified pilots
- The fee paid to the government and airports
- The fee paid to travel agents
- Frequent loss due to empty seats
- Salaries of a large workforce
- Maintenance costs
- Money spent on marketing and advertisement
Therefore due to the high costs involved in airline operations, you need to be very much careful in managing your finances. Your financial plan for this business must draw a trajectory to earn targeted profits despite these huge expenses.
As Bruce had all the knowledge to create a financial plan, he carried out this task himself. In the case of your startup, if you are not a professional financial analyst, you must hire the services of one. To get a rough idea of what to expect from your professional financial plan writer , we are providing the financial plan of Bruce Airlines in this starting airline company business plan.
8.1 Important Assumptions
8.2 break-even analysis.
8.3 Projected Profit and Loss
8.3.1 profit monthly.
8.3.2 Profit Yearly
8.3.3 Gross Margin Monthly
8.3.4 Gross Margin Yearly
8.4 Projected Cash Flow
8.5 Projected Balance Sheet
8.6 business ratios.
Download Airline Business Plan Sample in pdf Professional OGS capital writers specialized also in themes such as drop shipping business plan , import and export business plan , logistics business plan , airmall business plan and helicopter business plan .
OGSCapital’s team has assisted thousands of entrepreneurs with top-rate business plan development, consultancy and analysis. They’ve helped thousands of SME owners secure more than $1.5 billion in funding, and they can do the same for you.
Add comment
E-mail is already registered on the site. Please use the Login form or enter another .
You entered an incorrect username or password
Comments (0)
mentioned in the press:
Search the site:
OGScapital website is not supported for your current browser. Please use:
StartupBoeing
Prepare for takeoff.
Starting an airline is tough. Running a profitable airline is even tougher. From startup airlines to established industry leaders, the process involves constant learning and adaptation.
Few businesses have as many variables and challenges as airlines. They are capital-intensive. Competition is fierce. Airlines are fossil fuel dependent and often at the mercy of fuel price volatility. Operations are labor intensive and subject to government control and political influence. And a lot depends on the weather.
But the intrepid entrepreneur is not alone. The StartupBoeing team assists entrepreneurs in launching new airlines. From concept through launch, StartupBoeing offers guidance, review, analysis, data, resources, contacts, and referrals to qualified startup airlines.
For further questions or dialogue, please e-mail us at [email protected] .
Market Analysis
Entrepreneurs who are considering a startup airline launch are wise to study the commercial aviation market. Three comprehensive publications are very useful in providing a detailed analysis of traffic growth, regional trends, and airplane requirements. They are produced by Boeing and highly regarded throughout the industry.
Commercial Market Outlook World Air Cargo Forecast Current Aircraft Finance Market Outlook
Operating Environment
Startup airlines must be aware of and operate within a framework of regulations, standards and guidelines. Included here is basic information on some of the primary international agreements and programs that shape the operating environment for commercial aviation.
Learn about the " Freedoms of the Air ," a set of international rights that allow a country's airlines to enter the airspace of another country or land there.
Find out more about ETOPS , or Extended Operations, a collaborative industry/government program allowing airplanes to fly routes with longer diversion times.
Business Planning
Successful startup airlines begin with a sound business plan. This detailed planning document typically includes:
- Analysis of the market and competition
- Brand positioning
- Description of the business and opportunity
- Details about the operation
- Management team biographies
- Discussion of risks and obstacles
- Pro forma financial statements/projections
- Capitalization plan
- Brand development
- Implementation strategy.
The business plan is the fundamental starting point for working effectively with theStartupBoeing consulting team. StartupBoeing provides free review services of the business plan and corresponding financials. We offer constructive suggestions, question assumptions, and challenge the entrepreneur to prove the concept just as prospective investors might. For entrepreneurs requiring assistance in preparing the plan itself, StartupBoeing can suggest advisors worldwide who specialize in such services.
The Structural Plan
The Airline Planning Roadmap (PDF) offers a conceptual sense of the necessary steps in launching an airline from idea through launch.
Business Plan Questions (PDF) provides a list of important questions to consider when writing the business plan.
Brand Foundation Overview (PDF) provides a list of steps to take to position your emerging brand based on your market analysis and a need to differentiate from existing competitors.
Structuring the Plan
The Airline Business Plan Outline (PDF) is a tool for capturing many of the important elements for successfully starting and operating an airline. While it is not a comprehensive structure for all airline concepts, it can serve as a starting framework for a business plan.
Airplane Selection
Target markets and frequencies are determined through traffic analysis and route/schedule planning. The startup airline is now positioned to select the appropriate airplane. Included here is basic airplane data a startup-airline can use to make a preliminary aircraft selection and complete a compelling business plan.
Interactive Aircraft Comparator
In-Production Airplanes
Out of production airplanes, passenger airplanes.
- 727 (727-100/-100C/-200)
- 737 (737-200/-200C)
- 737 (737-300/-400/-500)
- 737 (737-600/-700/-800/-900ER)
- 747 (747-100/-200/-300/SP)
- 747 (747-400/-400ER)
- 757 (757-200/-300)
- 767 (767-200/-200ER/-300/-300ER/-400ER)
- 777 (777-200/-200ER/-200LR/-300/-300ER)
Freighter Airplanes
- 707-320C Freighter
- 727-100/-200 Freighter
- 737-200/-300 Freighter
- 747-200F/-200SF/-100SF
- 747 Freighter (747-400/-400ER)
- 757-200 Freighter
- DC-8 Freighter
- DC-9 Freighter
- DC-10 Freighter
- MD-11 Freighter
Boeing Converted Freighters
- 747-400 BCF
Airplane Support
Visit Boeing Support and Services to learn more about Boeing global customer support, including spares & logistics support, maintenance and engineering services, fleet enhancements and modifications, and flight operations support.
The Boeing Airport Compatibility Group assists the aviation community to address their airport-related issues regarding our airplanes, providing Boeing and McDonnell Douglas commercial airplane product information needed to promote the continued and timely development of the world's airports.
Boeing provides a variety of documents that provide Airplane Characteristics data for General Airport Planning . Sections within each document include airplane description, airplane performance, ground maneuvering, terminal servicing, operating conditions, and pavement data.
Learn more about the pallets and containers used to carry cargo on-board large Boeing aircraft, including specific designations, dimensions, descriptions and visuals.
View a glossary of airplane terms .
Airplane Sourcing
Selecting the optimal airplane based on market, network plan, traffic estimates, interior layout, economics, and performance requirements is a good start. But now the airline entrepreneur must source the airplane. Decisions must be made about lease-versus-buy and new-versus-used. Airplane availability may be a challenge. Such factors may drive the airplane selection or even change the business model.
An important first step in sourcing the airplane is to consider financing options . The two most common methods of financing airplanes are direct purchase and operating lease.
New Airplane List Pricing
Depending on current production line availability, financing, business plan, and desired launch date, a startup airline may consider purchasing a new production airplane. See more about pricing here .
Leasing New or Used Airplanes
Boeing works with major airplane leasing companies worldwide. StartupBoeing is able to match qualified startup airlines with Boeing's leasing partners.
Lease Rates
Boeing does not regularly track airplane market lease rates. However, a range of lease rates can be provided to qualified startup airlines.
Through Boeing Capital Corporation , qualified startup airlines can be matched with third party sellers/lessors of used airplanes.
Third Party Used Airplanes
Through Boeing's internal Trading Floor, qualified startup airlines can be matched with third party sellers/lessors of used airplanes. Other sources of used airplane availability include:
Operating Your Airline
Boeing offers startup airlines the industry’s largest portfolio of commercial aviation support and services essential for running a successful airline. Through Boeing Global Services startup operators have access to everything from training and interior modifications to aircraft maintenance and high-tech enhancements.
The following solutions are available to suit your specific startup plans and requirements.
Maintenance & Parts Solutions
Boeing’s Maintenance and Part solutions help you to manage maintenance, modification, repair, overhaul and upgrades of your fleet while simplifying your supply chain. One of the services most applicable to a new airline is Global Fleet Care.
Boeing’s Global Fleet Care gives you the most comprehensive maintenance program available.
Global Fleet Care can:
- Help a new entrant operator conserve startup maintenance program capital
- Provide a competitive hourly maintenance rate that reduces airline staffing requirements.
- Include initial parts provisioning
- Supply engineering services
- Provide 24/7 Customer Support and Airplane Health Monitoring
Flight Operations Solutions
Boeing’s Flight Operations Solutions provide full flight operations support that is scalable to grow as your airline expands and your operational complexity increases. From pilot training to start of operations and beyond, our suite of products will provide the highest quality tools for your crews to deliver an efficient flight operation.
Services most applicable to a new airline:
- Flight Planning
- Charts and Navigation
- Electronic Flight Bag (EFB)
- Pilot training and Simulator
- Performance Planning
Boeing Aviation Consultants
Boeing’s staff of experienced airline and consulting professionals can advise and assist with all activities associated with a new entrant airline.
Boeing’s Consultants can:
- Assist with securing an Air Operator Certificate (AOC) as well as other regulatory requirement filings
- Design and structure an efficient operations organization
- Advise in the development and regulatory approval of a maintenance program
- Design a parts optimization program
- Assist with route analysis and payload improvements
- Develop a fuel efficiency program
- Select Information Technology elements that are appropriate for the size of operation
- Prepare an airline for eventual transition to ‘smart’ airplanes
Once an airline is up and running, Boeing’s Aviation Consultants can also provide periodic, detailed operations analysis that can assist with optimizing your maintenance and fuel efficiency programs, as well as provide crew management solutions for best scheduling and utilization of crewmembers.
When you are ready to start your airline, Boeing is ready to help you every step of the way.
Boeing offers startup airlines a comprehensive array of tools and services for running a successful airline. Everything from training to interior design to financing to maintenance to high-tech enhancements and more. Available resources include:
- Aviation Partners Boeing : Fuel saving and performance enhancing Blended Winglets for a number of current production Boeing airplanes and out-of-production models
- Boeing Business Jets : Private, Business, and Government VIP configured Boeing production airplanes
- Boeing Capital Corporation : Airplane Financing
- Boeing Support and Services : Customer Support, Material Management, Maintenance Services, Fleet Enhancement, Flight Operations
- Fuel Conservation Services : Optimizing your operations to maximize airplane fuel efficiency
- Jeppesen : Aviation Training, Charts & Navigation Services, Flight Planning and Custom Services
- Training & Flight Services : Maintenance and Flight Crew Training
Becoming a Customer
Whether you are starting a new airline with Boeing aircraft, adding your first Boeing aircraft to your existing fleet, or you are new to maintaining Boeing aircraft, we have the products, services, and information resources needed to get you off the ground and keep you flying.
Relationship
Creating a business relationship with Boeing can provide access to:
- Boeing expertise
- Support services needed for the introduction, operation and maintenance of your aircraft
What do you need?
If you are a Maintenance Repair and Overhaul (MRO) or repair station, please see the Intellectual Property Management - Licensing Questionnaire .
In order to obtain Boeing goods and services, it will be necessary to enter into an agreement with Boeing and set-up an account. To begin the account set-up process, complete and submit a Boeing Customer Questionnaire . This questionnaire must be completed and submitted electronically.
Upon receipt of the completed questionnaire and based upon the information you submit, Boeing will:
- Start the process of establishing an account so your company can do business with Boeing.
- Assign your company a Boeing customer code which will identify your company within Boeing for future business transactions.
- Identify you as the owner, operator, or lessee of the aircraft.
- Supplemental Agreement for Electronic Access (SA-EA)
- Supplemental Agreement for Electronic Enabling (SA-eE)
- Provide you with certain documents at no charge when the CSGTA and its supplements are signed and appropriate insurance is obtained.
Access to Boeing Part Page
Boeing Material Services offers the advantage of buying from the original equipment manufacturer (OEM).
Boeing also provides customers with access to the aftermarket for a wider breadth of resources to locate hard-to-find parts. From single transactions to supply chain management, Boeing provides you with the right part, at the right place, at the right time. For more access information, please contact [email protected] .
Intellectual Property Management - Licensing Questionnaire
Aircraft owner/operators and third-party service providers have particular needs for OEM products and services as they support the industry. These products and services may require the use of information that is created during the development and certification of Boeing products. Comments from the industry have helped us to establish a set of Intellectual Property licensing standards that address specific requirements and establish a fair and consistent fee structure for the use of the information developed.
Take the Intellectual Property Management - Licensing Questionnaire .
Customer Services General Terms Agreement (CSGTA)
The Customer Services General Terms Agreement (CSGTA) incorporates articles applicable to various Boeing products and services into a blanket-type agreement so that, once in place, only unique terms and conditions need to be negotiated when a customer requires a specific product or service. The benefits of this approach are:
- Faster responses to requests from customers for products and services.
- A reduction in resources and effort needed to implement and manage all Customer Support related agreements for both customer and Boeing.
Some examples of the products and services covered by the CSGTA are lease of parts and tools, purchase of spare parts and standards, retrofit kit changes, repair, modification, technical assistance/consulting, training services and technical data.
Two Supplemental Agreements are associated with the CSGTA. The Supplemental Agreement to the CSGTA for Electronic Access (SA-EA) incorporates articles specific to granting you electronic access to Boeing goods and services, specifically technical data available on MyBoeingFleet.com. The Supplemental Agreement to the CSGTA for Electronic Enabling (SA-eE) incorporates articles specific to software licensing.
Part 125 Airplane Operating Certificate (AOC)
To apply for a part 125 AOC you will need to provide certain documents to your regulatory agency such as the Maintenance Planning Document (MPD), Quick Reference Handbook (QRH), and Aircraft Flight Manual (AFM). Our business operations group will help you get access to these documents on a temporary basis to help you with your AOC application.
MyBoeingFleet (MBF)
MyBoeingFleet is Boeing's secure internet portal, providing authorized customers with access to the industry's most comprehensive range of support products and services for Boeing commercial aircraft.
Aircraft owners and operators - as well as maintenance providers, leasing companies, regulatory agencies and other third party service providers - use MyBoeingFleet to order parts, collaborate with Boeing experts, and obtain essential information such as drawings, documentation, manuals, and operational data and procedures.
Owner/operators and licensed maintenance providers can also access productivity solutions such as Maintenance Performance Toolbox and Airplane Health Management.
Frequently Asked Questions
I want to start an airline. how can the startupboeing site help, example headline.
The StartupBoeing site is filled with information that will be useful in starting an airline. In starting an airline, there are specific steps that should be followed, and they are laid out in order to help you along your journey.
- Step 1: Market Analysis
- Step 2: Operating Environment
- Step 3: Business Planning
- Step 4: Airplane Selection
- Step 5: Airplane Sourcing
How can we obtain Boeing aircraft performance data for our planned operations?
The StartupBoeing team has found that this usually is not the first question to ask when starting an airline. The market opportunity and business plan will help shape what aircraft to fly. Once an understanding of the market opportunity and competitive environment are established, the StartupBoeing team can assist in providing suggestions for aircraft and ultimately performance data to fit the market opportunity.
Can Boeing lease me an aircraft?
Boeing generally does not lease aircraft. Aircraft leasing is usually done by third parties not associated with Boeing. To help you find these leased aircraft, Boeing has provided links to these parties found in the Airplane Sourcing section.
I want to buy a used aircraft from Boeing. How much does it cost?
Boeing generally does not sell used aircraft. Used aircraft are usually sold by third parties not associated with Boeing. To help you find these used aircraft, Boeing has provided links to these parties found in the Airplane Sourcing section.
Where can I find information on Boeing airplanes?
Information on passenger and freighter airplanes, along with information on cargo hold sizes can be found in the Airplane Selection section.
Where can I find a definition of aircraft terms?
A glossary of aircraft terms can be found here .
Where can I find airplane market data?
The Boeing Current Market Outlook (CMO) and World Air Cargo Forecast can be found in the Market Analysis section.
Where can I find information on business planning?
Information on business plans can be found in the Business Planning section.
Where can I find information about regulatory requirements?
Information about regulatory requirements can be found in the Operating Environment section.
This site has stepped out of a
If you're the site owner , contact us at 1-480-505-8855., if you are a visitor , please check back soon..
Security Risks for Emirates Airline: Contingency Planning
Introduction.
This paper is a contingency plan to manage information technology (IT) security risks for Emirates Airlines. The plan specifies key steps the organization could take to address such risks by specifying the policies and procedures that company employees should follow and what the airline’s management should do to maintain them. To demonstrate the merits of the contingency plan, this paper contains a hypothetical incident of an IT security breach at the airline, which will be mitigated by following the policies and procedures outlined in the plan.
The example would also include a timeline for responding to the incident and the period stipulated for undertaking recovery efforts. Lastly, this paper would outline the ethical concerns that are specific to Emirates Airline and provide an explanation of how to plan for them.
Before delving into this analysis, it is first important to address the basic segments of the contingency plan, which include the business impact analysis, incidence response plan, disaster recovery plan, and business continuity plan. These elements of analysis highlight why it is important for Emirates Airline to have the contingency plan in the first place. They also demonstrate the airline’s specific processes that would be affected by the occurrence of the IT security risks and the impact they would have on the organization.
Importance of the Contingency Plan
Many organizations today have realized that it is unrealistic to adopt a one-size-fit-all contingency plan for all types of companies (Schou & Hernandez, 2014). Therefore, a tailor-made risk management plan becomes essential to their processes because it provides a framework for addressing specific risks relating to their organizational operations. It is essential for Emirates Airline to have a contingency plan for its IT processes because most of its operations are automated.
For example, its booking and flight scheduling processes are technologically supported. Furthermore, the airline receives personal data and credit card information (from different customers), which are vulnerable to theft and sabotage. A widespread security risk would affect not only these types of data but also ground the airline’s operations.
A contingency plan would guarantee its business continuity by mitigating any catastrophic scenario that would affect the airline’s business operations. Indeed, as the Institute of Risk Management and Hopkin (2012) point out, different organizations need to plan how they would recover their key business functions in the event that something unexpected happens. The contingency plan outlined in this report has been developed through an evaluation of the company’s priorities and timescales, which were derived from assessing risks and associated data relating to Emirates key processes.
The cutthroat nature of the aviation industry and the changing customer preferences relating to flight management all play an important role in emphasizing the importance of having an effective contingency plan because the failure to do so could see the airline lose its market share and revenues in an elaborate impact assessment report described in the business impact analysis below.
Business Impact Analysis
A security breach of Emirate’s IT infrastructure could cause significant operational challenges for the company. The subsections below explain the potential impacts of such a risk.
Disruption of the Airline’s Activities
One direct cost of a security breach at Emirates Airline is the immediate disruption of the company’s services because, as mentioned in this report, most of the organization’s activities are automated. For example, passenger booking and reservation processes are vulnerable to such a risk. They could also lead to significant delays in airline scheduling and operational planning. Such an outcome may also lead to lost luggage and significant flight delays, which may ultimately cause flights to be canceled or passengers missing their flights (Andreasson, 2012).
Damage to Airline’s Reputation
An IT security breach at Emirates Airline could significantly dent the organization’s reputation. Customer inconveniences and lost time (stemming from flight mishaps or data confusion) could make customers think that the airline is incompetent, even though this may not necessarily be the case (Schou & Hernandez, 2014). Even when passengers are notified that delays were caused by security breaches, the airline could still suffer a negative image because some customers could perceive the airline’s security systems as weak. This belief may make them hesitant to share their personal data with the company in the future.
Thus, the possible lack of credibility and reliability associated with the airline’s IT infrastructure could attract negative reviews, which would ultimately have a negative impact on its image. If this impact were quantified in monetary terms, customer dissatisfaction could cost the airline millions in lost revenue (Schou & Hernandez, 2014).
Emirates airline often allows customers to key-in their credit card information and personal details on the company’s online platform. A security breach on the company’s IT infrastructure could lead to the theft of this crucial information. Such an act could lead to monetary losses for the airline and the customers as well. Indeed, as Schou and Hernandez (2014) say, cyber-enabled fraud has led to millions of dollars in losses for companies and affected persons.
The situation could be worse for Emirate’s customers because research has shown that their personal information is more valuable to cybercriminals if sold on the “dark web” (Schou & Hernandez, 2014). Intellectual property losses would have the greatest monetary impact on the airline because lost or stolen trade secrets could be worth billions. If they are duplicated, the airline, which is the owner of such property, could suffer similar economic losses.
Security risks on Emirate’s IT infrastructure could also lead to millions of dollars in paid damages to affected persons (Kosseff, 2017). Such fines may be punitive to the organization if authorities establish that the company failed to comply with data protection legislation. Several jurisdictions are considering implementing tougher measures to force companies to be vigilant about their data protection processes. Some of the proposed fines could amount to millions of dollars, thereby increasing the risk of insolvency for affected businesses (Kosseff, 2017). These possible negative impacts of security risks on Emirate’s IT processes demand an effective response to the peril. An incident response plan appears below.
Incidence Response Plan
To protect the airline’s security system against invasion.
The discovery process involves detecting suspicious activities and reporting the same. Actions may be taken at several information processing points and through different activities, including:
- Raising the alarm through the intrusion detection system.
- Notifying a firewall or system administrator (a monitoring team or manager should also be notified).
- Security personnel or an external source may also lead to the discovery of a security breach.
Notification
Upon the detection of suspicious activities, contact should be established with the incident response team to inform them of the same.
Analysis and Assessment
Assess the following factors to establish the proper response:
- Determine whether the intrusion is confirmed or perceived.
- Find out whether the intrusion has ended, or is ongoing.
- Establish what kind of information is at stake and whether it is crucial to the fundamental functioning of the airline.
- Investigate the seriousness of the breach should the attack succeed (assess the effects based on three criteria – minimum, serious or critical).
- Establish which systems are targeted and determine their physical locations.
- Find out whether the incident occurred within or outside the network.
Response Strategy
- Find out whether there is a need for an urgent response, or not.
- Establish whether the incident could be contained, or not.
- Determine whether responding to the incident will alert the attacker, or whether such a concern is important in the first place.
Containment
To prevent a further intrusion of the system by the hacker, abide by the following stipulations:
- Make sure affected systems are disconnected.
- Change passwords immediately.
- If possible, flag down suspicious IP addresses and block them.
Prevention of Future Attacks
- Understand the source of the security breach
- Closing a port on a firewall
- Patching affected systems
- Disabling infected systems until a fresh installation is done
- Reinstall a new system and back it up, but ensure the backup was done before the infection
- Change email settings to prevent future hacks from intruding the system this way
- Make sure unused services are inoperable within the system
Documentation
Document what happened in the incident, including how it occurred, the source of the breach, the kind of response undertaken, and whether it was effective or not.
Notification of External Parties
Report the incident to external parties, like the police, if there is a need to do so.
Overall Policies and Procedures
- Follow password policies, intrusion detection guidelines, and data assessment techniques.
- Ensure backup and recovery procedures are followed.
- Implement activities that are secured using firewalls and passwords.
- Notify users against unauthorized access and use of the company’s IT infrastructure systems.
- Establish the best response for an intrusion by evaluating all possible scenarios.
- Ensure all employees are educated about IT security through training seminars.
- The contact of the incident reporting personnel should be availed for all employees to see.
- Test the process.
Disaster Recovery Plan
The purpose of this disaster recovery plan is to restore the information technology systems of Emirates Airlines. The plan helps to anticipate the loss of the following system components of the airline (which may occur because of a security breach): computer room environment, hardware networks, connectivity to a service provider, software applications, and data restoration processes. The disaster recovery plan outlines what employees should do using three key strategies outlined below.
Business Continuity Planning
According to Schou and Hernandez (2014), an organization’s ability to overcome a crisis relates to its efficacy in developing a strong business continuity plan. Relative to this assertion, industry analysts claim that 2/5 of businesses that experience a significant crisis or disaster will go out of business (Institute of Risk Management & Hopkin, 2012). Therefore, it is essential to have a business continuity plan to manage such types of occurrence. Emirates Airline’s business continuity plan follows the following steps:
Prioritize Critical Organizational Processes for Restoration
Give priority to critical organizational processes for continuity because doing so is integral to minimize the impact of the breach
Ensure There Is a Relocation Site Where the Airline’s Processes Could Be Hosted
Business continuity processes should be redirected to the secondary IT processing site.
Data Backup
Data relating to the airline’s operations should always be backed up. Personnel should accord essential data the first priority for backup. Risk managers should select and configure the most advanced hardware and software backup systems periodically.
Restoration of Hardcopy Files, Forms, and Supplies
Data backup processes should support the restoration of hardcopy files, forms, and supplies.
Policies and Procedures Needed
Emirates Airline complies with all policies and procedures outlined by relevant aviation transport and safety authorities. These policies and procedures are especially important in reviewing issues relating to security breaches and the safety of customer information. However, the rules and procedures described below outline what employees should do in case there is a breach.
- Stop all affected systems and operations vulnerable to the breach to prevent any attempt to further compromise the system.
- Notify customers about the shutdown of the systems and inform them that it will be running again shortly.
- Notify the response team about the security breach.
- Activate the secondary support system to provide an alternate infrastructure for the continuation of the company’s IT systems (this step should allow for business continuity).
- Restore all associated and relevant files pertaining to the affected processes from the backup system to allow customers to use the airline’s technology-supported functions.
- Investigate the source of the security breach and possibly identify who is culpable for it.
- Notify relevant authorities about the security breach.
Processes to Utilize in Implementing Contingency Plans and its Components, Including Efforts to Maintain the Plans
The success of the above-mentioned contingency plan largely depends on the airline’s ability to formulate and maintain processes that would safeguard the policies underlying the framework. Four guidelines would help to maintain the contingency plan outlined in this report. They appear below.
- Make sure all employees are aware of the contingency plan and regularly provide them with updates to ensure they understand the latest security threats, including how to manage them.
- Undertake disaster drills to examine and evaluate how employees would react to risk. Based on the outcome of the drills, adjust the contingency plan accordingly to improve employee readiness.
- Regularly review the plan to find out whether there are areas that need improvement. Circulate the new plans to all employees and discard the old ones.
- Ensure the contingency plan is offsite to allow employees to gain access to it in case of an emergency. Keeping the plan on a cloud-based platform is the best way to manage the data management process because it prevents the destruction or loss of data. At the same time, the cloud-based platform allows for easier access to data from anywhere.
Hypothetical Incident Showing the Efficacy of the Plan
A hypothetical incident is hereby described where there is a reported incident of financial information theft, involving the loss of credit card information of 11 customers. The victims have reported to the airline that their cards were used on the company’s platform to make ticket purchases, and they have noted that hackers have made unauthorized purchases and reported the matter to the airline. This security risk will be addressed by following the steps below.
- Establish whether the credit card theft stems from the airline ticketpurchasing process or any other point of card use. If confirmed that the security breach originated from the company’s IT processes, the second step below should be followed.
- Stop all ticket purchasing processes to prevent any attempt to furthercompromise the system.
- Activate the secondary processing system to allow for business continuity.
- Restore all files and ticket processing facilities from the backup system to allowcustomers to proceed with their ticketing and flight schedule plans.
- Investigate the source of the security breach and possibly identify who isculpable for it.
Timeline for Incident Response and Recovery Efforts
The schedule below highlights the estimated time that each of the processes mentioned above would take.
Ethical Concerns Specific to Emirates Airline and Its Incident Response Personnel
The foundation of all ethical principles applicable in the formulation of this contingency plan is enshrined in the moral principles and practices that guide employee actions. This statement is premised on the principle that although human beings are part of the solution for controlling security risks, they are also part of the problem. The ethical issues below outline ethical concerns specific to Emirates Airline and its incident response personnel.
Ethical and Responsible Decision-Making
Decision-making processes surrounding the contingency plan need to be formulated by people who have integrity.
Privacy and Confidentiality
Fraudulent persons could use technology to deceive or misrepresent certain issues. The use of computers by airline passengers to book tickets and schedule flights may be a possible area of ethical concern because customers often provide personal information when performing such transactions. In case of a security breach, such personal information may be lost, hence invading the privacy of the customers and infringing on the confidentiality agreement that the airline shares with them. Thus, hackers could steal crucial information relating to the customers, such as banking details and credit information, and use them to undertake fraudulent activities (Graham, Olson, & Howard, 2016).
Emirates Airline has its unique software that allows the organization to perform certain operations. For example, its booking system and flight reservation processes are moderated using copyrighted software. An attack on the company’s information technology infrastructure could allow hackers to pirate such information because they would have gained access to copyrighted content relating to the airline’s operations.
In the event of a security breach on Emirate’s computers, customers may be subject to compensation. The compensation may be attributed to missed flights, stolen credit information, or any other damage suffered because of the inaction of the airline to protect its customers from security breaches. Notably, the airline has to be careful about the legal ramifications of the affirmative promises it makes to its customers because failing to live up to them could lead to litigation (Kosseff, 2017).
Trade Secrets
As mentioned in this paper, the airline industry is a competitive one. Trade secrets are the tools used to outwit rivals in this space. The slightest breach of a company’s computer system could lead to the leakage of these secrets. Emirates could lose significant ground in its competitive airline strategy if this happens. The damage could be much worse if an employee of the airline orchestrates the breach. Thus, it is important for the airline to safeguard its trade secrets.
How Should You Plan for These Concerns?
Planning for the ethical issues raised in this paper requires a concerted effort by all stakeholders of Emirates Airline to make sure that ethical breaches do not occur. Each ethical issue identified above attracts a unique solution that is specific to the concern raised. The table below provides a summary of how the airline should plan for each of the ethical concerns mentioned.
Andreasson, K. (2012). Cybersecurity: Public sector threats and responses . New York, NY: CRC Press.
Graham, J., Olson, R., & Howard, R. (2016). Cyber security essentials. New York, NY: CRC Press.
Institute of Risk Management., & Hopkin, P. (2012). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management . New York, NY: Kogan Page Publishers.
Kosseff, J. (2017). Cybersecurity law . London, UK: John Wiley & Sons.
Schou, C., & Hernandez, S. (2014). Information assurance handbook: Effective computer security and risk management strategies . London, UK: McGraw Hill Professional.
Cite this paper
- Chicago (N-B)
- Chicago (A-D)
StudyCorgi. (2020, November 3). Security Risks for Emirates Airline: Contingency Planning. Retrieved from https://studycorgi.com/security-risks-for-emirates-airline-contingency-planning/
StudyCorgi. (2020, November 3). Security Risks for Emirates Airline: Contingency Planning. https://studycorgi.com/security-risks-for-emirates-airline-contingency-planning/
"Security Risks for Emirates Airline: Contingency Planning." StudyCorgi , 3 Nov. 2020, studycorgi.com/security-risks-for-emirates-airline-contingency-planning/.
1. StudyCorgi . "Security Risks for Emirates Airline: Contingency Planning." November 3, 2020. https://studycorgi.com/security-risks-for-emirates-airline-contingency-planning/.
Bibliography
StudyCorgi . "Security Risks for Emirates Airline: Contingency Planning." November 3, 2020. https://studycorgi.com/security-risks-for-emirates-airline-contingency-planning/.
StudyCorgi . 2020. "Security Risks for Emirates Airline: Contingency Planning." November 3, 2020. https://studycorgi.com/security-risks-for-emirates-airline-contingency-planning/.
StudyCorgi . (2020) 'Security Risks for Emirates Airline: Contingency Planning'. 3 November.
This paper was written and submitted to our database by a student to assist your with your own studies. You are free to use it to write your own assignment, however you must reference it properly.
If you are the original creator of this paper and no longer wish to have it published on StudyCorgi, request the removal .
Don't bother with copy and paste.
Get this complete sample business plan as a free text document.
Airline Business Plan
Start your own airline business plan
Executive Summary executive summary is a brief introduction to your business plan. It describes your business, the problem that it solves, your target market, and financial highlights.">
Opportunity.
Economic growth and the requirements of redevelopment, not to mention the impending entry of several countries in the region to the European Union, are creating increased demand for air services between Western Europe and the countries of Southeast Europe and Turkey.
The market combines a variety of elements all of which demand a higher quality of air service than often currently available:
- Business travelers requiring convenience, reliability, speed, and schedules built around business needs.
- Government and international organization travelers, requiring the same elements.
- Personal and leisure travelers from the Southeast Europe/Turkey region who have the money to travel by air and who increasingly demand a higher level of service and convenience, but at an economical cost.
- The “Diaspora,” Personal and leisure travelers originally from the Southeast Europe/Turkey region, but now living and working in sizable numbers in the countries of Western Europe, with the same demands.
- Western European personal and leisure travelers, primarily traveling on the airline’s routes between Western European points.
- Seasonal (primarily summer, with some limited niche markets in the winter period) holiday travelers, primarily destined for Greece, Turkey, and the islands of the Mediterranean. Cost, reliability, convenience, and destination are their concerns.
The proposed new airline will appeal to all these distinct groups by offering better quality service (and in some cases, offering service where none now exists), at a higher level of safety, comfort, and convenience, and at reasonable fares, than currently available. The new airline also will focus on the niche markets identified in the Service Description section of this plan, enabling it to better serve and to become identified as the carrier of choice for those markets.
Competition
The overall airline industry operating between Western Europe and Southeastern Europe and Turkey consists of four primary segments:
- Established mainline European carriers (primarily Swiss International, Austrian, Lufthansa, Alitalia, Malev, Turkish) utilizing their Southeast European routes as spokes connecting to main hubs in Western Europe (or Budapest and Istanbul in the case of Malev and Turkish, respectively) and serving to feed traffic to their prime intra-European and trans-Atlantic routes (or domestic Turkish routes in the case of Turkish).
- Smaller, but generally well-established regional airlines primarily from Western Europe or the upper level of Eastern European states (primarily Swiss International, Tyrolean, and Adria) that perform essentially the same function as the mainline carriers or, in the case of carriers like Adria, link destinations in Southeast Europe to their own national capitals.
- Home-based Southeastern European carriers (such as ADA Air, Albanian Airlines, Avioimpex, Balkan Air, Hemus Air, JAT, and Tarom Airways) that often operate older, Soviet-built aircraft or turboprops, offer a generally lower level of service (though not always lower fares), and are often less highly regarded, including by travelers from Southeastern Europe. These airlines connect points within Southeast Europe, or they may connect Southeastern European destinations to major destinations in Western Europe.
- There also is a fourth segment worth noting, and that is the fairly significant charter market that exists within certain niche or seasonal markets. This market includes charter flights between Pristina and destinations in Switzerland and Germany, as well as primarily summer charters from Southeast Europe to New York and other destinations in North America. These charters are often operated by individual travel agencies or airlines, and often are categorized by a low level of service and utilization of older, often Soviet-built, aircraft. There also are the vacation charters that operate from Western Europe to Greece, Turkey, Cyprus, and the other holiday spots of Southeastern Europe and the Mediterranean.
It is anticipated that the proposed new airline would most closely fit into the second grouping above, but would compete effectively with all four main segments through a combination of a high level of safety and service, carefully selected routes, niche-market service, convenient schedules, reasonable and competitive fares, and modern, safe, comfortable aircraft. It also will offer service on under-served and unserved routes where little or no competition currently exists.
Air Leo will fill a niche in the growing air-travel and cargo markets linking Western Europe, and points beyond, to Southeastern Europe and Turkey; to achieve high, and profitable, load factors by identifying and serving key routes and city pairs currently unserved, under-served, or poorly served, and where significant unmet demand exists; and to set a new standard for air service and professionalism both within the target market region and beyond.
Expectations
Financial highlights by year.
Start your own business plan
Your business plan can look as polished and professional as this sample plan. It's fast and easy, with LivePlan.
Plan, fund, and grow.
Easily write a business plan, secure funding, and gain insights.
Achieve your business funding goals with a proven plan format.
Streamline change management. Learn how a DAP accelerates user adoption, reduces resistance & increases ROI. Join our webinar now
For Applications
- MS Dynamics
- Homegrown Applications
- Change Management
- Digital Transformation
- Business Process Compliance
- Data Quality Improvement
- Onboarding & Training
DAP Library
- DAP Downloads
- Customer Support Portal
- October 28, 2021
Aviation Digital Transformation: A Path from Recovery to Innovation
The pandemic has greatly impacted all industries. The aviation industry is one of them that has been severely affected. Developing digital capabilities can help the industry adapt to the effects of the pandemic. Most airlines have actually been open to a certain degree of transformation even before 2017. Yet, serious adjustments have to be made due to the pandemic.
A major uptake in digital technology can be advantageous for the industry and its customers. Digital technologies optimize effectiveness, lower operational costs, and enhance the passenger experience. Overall, digital technology has improved safety and lowered the workload on flight crews.
It is very clear that the emergence of the newest digital trends is revolutionizing air travel all over the world. Improving technologies in the aviation industry allows companies to exceed customer expectations and generate more revenue.
Research* says that aviation digital transformation strategies can generate an incremental value of 5 to 10 dollars per passenger per year. Too often, airlines purchase the newest software before critically evaluating their information approaches to determine which software is going to meet their specific needs – every airline is unique.
Now that the economy has been starting to open back up little by little, how can one create a path from recovery to innovation?
Aviation Digital Transformation
Since the digital revolution began about a quarter-century ago, the aviation industry has been at the forefront of digital transformation.
Companies all over the world are increasingly realizing that the key to unlocking the full potential of the aviation sector is not just to embrace digital transformation, but also to stay ahead of the curve by developing ground-breaking solutions based on new forms of innovative digital technology.
For aviation companies like airlines and airports, the goal is to create a transformation program that is tightly connected with operations. The Internet of Things is a revolutionary concept that has the potential to change operations on the ground and in the air (IoT).
IoT-based gadgets are gradually becoming a norm for improving customer experience in the aviation industry, with aircraft data management, scanners, electronic tags, and many more uses.
Digital innovation doesn’t work without a strategic foundation. Many airlines are embarking on digital transformation since it’s a hot topic right now but they have to understand that transformation doesn’t happen without a strategy.
Many airlines have siloed information strategies (a strategy for shared drives, a different strategy for flight logs, a different strategy for email, etc.) when they really need a comprehensive strategy across information, to ensure sustainable digital transformation.
Successful digital transformation always starts with understanding your overall information strategy across disciplines. It is the understanding that drives success – and the software that you invest in must support your airline’s transformation strategy.
A. Management of the Supply Chain and Streamlining Service Order Flow
Private aircraft tracking which shows when and where they are chartered, is a difficult undertaking to master. Robotic Process Automation (RPA) can help your company create an automated order flow that works in tandem with your back end.
With real-time data populating your centralized platform, the work of aircraft chartering becomes easier, ensuring that each flight is tracked efficiently while lowering the total risk of human mistakes.
It is critical to digitally keep track of your supply chain. Record service orders, repair requests and simply get a comprehensive history of service orders and estimates through the service order log by leveraging a robust supply chain management platform. This platform can connect with your business operations, adding another layer of quality to your supply chain and ensuring transparency.
B. Document Data Extraction
Workers have long been used to manually insert data from a document into a database. Document data extraction can save your employees numerous hours of effort by automatically transcribing data.
Purchase orders, client documents, customer records, and invoices can be accurately scanned for information, enhancing data validation.
With Artificial Intelligence and Machine Learning, the system’s data handling capabilities improve with use. A data extraction system also allows you to store data exactly where you need it. Processed document data can be easily integrated into numerous systems.
C. Workflow Instruments
One of the primary concerns for an aviation firm in implementing a digital transformation strategy is simplifying internal data workflows. Fortunately, new advancements in innovative technology provide numerous opportunities for streamlining internal data workflows.
With the help of current technological solutions like Enterprise Content Management, digitized data can now be handled and stored efficiently. It’s then a reasonably straightforward process to transmit that data downstream to the appropriate individuals at the appropriate time, regardless of department.
Workflow technologies, particularly cloud-based solutions, excel in providing platforms for teamwork and project management. These technologies also support management best practices such as approval routing, data validation, and data integrity checks prior to entering your ERP system.
Why a DAP Is Perfect for Aviation Digital Transformation?
The International Air Transport Association predicts that by 2035, 7.2 billion people will regularly board flights. All companies will have to go through some sort of change management at some point in their lifespan, so incorporating an innovative mindset as soon as possible will encourage change and bring in people who will also be able to pivot and thrive in that environment.
DAPs are perfect for change management because they’re a software layer integrated with applications that help users through tasks and functions. DAPs help new users quickly learn how to use your enterprise applications and returning users learn new functions. DAPs can also be used to train new employees on in-house software. DAPs are customizable and can integrate with any application, which makes them useful customer self-service software as well.
a. Achieve Overarching Goals
DAPs can transform a burdensome change process into a natural and organic process that achieves the intended goals. They help you realize this by seamlessly integrating into the normal workflow of a company and providing a step-by-step guide through the transformation.
Their potential to influence and ease this process is what makes them a cornerstone for transformation and change.
DAPs help in creating a digital transformation mindset at the organization, leading to more innovative practices and a solution-oriented approach. Using tools to assist in the aviation digital transformation process can help companies view the big picture of their analytics and what they can do to improve their products, sales, and other overarching goals.
b. Streamline business operations
An effective digital adoption platform helps end-users navigate the whole process of adopting digital technologies without being too expensive or labor-intensive. It must enable employees to find and easily implement the appropriate solutions that fit their resources and needs, while also providing transparency into all aspects of the project.
The aviation industry has been a bit slow in regard to the adoption of digital technologies, but as with all industries, this is now becoming a must-have. The implementation of a Digital Adoption Platform will ensure successful Aviation Digital Transformation .
A digital adoption platform can help you
- Speed up adoption of new technologies in the aviation industry.
- Reduce costs throughout the entire process of implementing digital solutions.
- Maximize business capabilities and provide transparency of operations.
- Create greater efficiency in the workflow of aircraft maintenance, reduce downtime loss, and improve turnaround times.
A DAP essentially fits perfectly into a company that is looking to establish its change management routine. Using the platform paves out a path for change management at your organization.
Apty DAP speeds up digital adoption significantly by helping you streamline your operations and providing a digital transformation roadmap to properly manage and implement any changes that will be happening to the operations and hierarchy within the organization.
Apty DAP is a no-code platform for measuring, taking actions, and leading the aviation digital transformation process. With Apty, users can have their full-fledged management dashboards to plan the change management process and take necessary actions. From Digital Experience Analytics to activity tracking, funnels, and sessions, everything can be handled and managed through a DAP like Apty.
*Source: Forbes
Subscribe to our Apty Blog
Join 6000+ monthly readers learning about best practices, solutions, and strategies to drive software adoption
Latest Blogs
Twitter vs tesla change management strategies: the good, the bad, and the ugly, 101 stats on digital transformation & the enterprise employee experience , ensuring data integrity & the effects of poor data quality, drive digital transformation with apty.
- Original Published On: October 28, 2021
Revanth Periyasamy
Your recommended articles.
The Enterprise Secret to Software Adoption & Digital Transformation Success
How Driving Technology Adoption Can Impact Enterprise ROI
ServiceNow Training: The Best Way to Boost your ServiceNow Adoption
3 Most Common Oracle HCM Implementation Challenges
Workday Onboarding: A Checklist for Onboarding your Employees
Employee Performance Examples: 5 Best Practices to Boost Employee Performance
Digital Adoption Done Right
- [email protected]
- [email protected]
- [email protected]
- 1524 S I-35 Frontage Road, Suite 224, Austin, TX - 78704
- MS Dynamics 365
Customer Support Center Partner Portal
Copyright © 2023. Apty. All Rights Reserved. | Privacy Policy | Terms & Conditions Made With Team Apty
Want to Learn More?
Subscribe to our Monthly Apty Newsletter to get exclusive content, digital adoption best practices, and more. It will be delivered straight to your inbox.
By clicking the button, you agree to our Terms and Conditions & Privacy Policy .
How To Update Your Business Continuity Plan in 2022
As any BC professional will tell you, a company’s business continuity plan should not be static; it should be reviewed, tested, and optimized to ensure it is fit for purpose when a threat arises. In 2021, the continuation and unpredictability of COVID-19 and the emergence of more extreme weather events and supply chain issues highlight the importance of having a solid business continuity strategy and plan to mitigate business risk. Closing out 2021 and going into 2022, it’s crucial to reflect on how well your business prevented, responded to, and recovered from the prior year’s events and update plans accordingly.
The Importance of Updating Your Business Continuity Plan
Failing to update your business continuity plan is a bit like keeping an old fire escape route posted after renovating the building. It’s not relevant, and following it will likely result in poor outcomes.
The pandemic was a catalyst for many companies to invest time and resources into business continuity planning. According to The Future of Business Continuity & Resilience Report 2021 , published by the Business Continuity Institute (BCI), seventy-nine percent of respondents stated that the appreciation of resilience rose in their organization due to the pandemic. Both high-level business leaders and team members were able to see the impact that a solid plan (or lack thereof) has on their organization.
Known threats evolve; new threats emerge
Threats are changing every day. A new cybersecurity risk will arise, or another Covid variant like Delta or Omicron will emerge. While it’s impossible to predict and plan for every change or eventuality, there are new trends that appeared in the past year that you’ll now need to consider. One example is the trend toward work-from-home/remote work. While many WFH policies were successful as a crisis management strategy, the BCI report states that ninety-four percent of respondents say that some, most, or all staff want to work from home for a proportion of time post-pandemic. This new trend will become standard for many organizations’ business operations. Still, it creates other risks to address around IT security and backup power and communications.
Updating your BC plan to protect your business
In the BCI’s Crisis Management Report 2021 , survey findings report that thirty-three percent of organizations had a crisis plan before the pandemic that was ineffective in dealing with Covid. Of these respondents, three-quarters could create a new program or modify current plans to make them relevant to COVID-19.
Updating your plan will ensure that it is relevant to changing circumstances, allowing you to speed time to recovery, which can help your organization gain or maintain a competitive advantage or, at the very least, lessen the negative financial and operational impacts.
You’ll want to review how effective your previous plan was on macro and micro levels, thinking about both world events and risks specific to your industry or business. Some key questions to ask while updating your plan are:
- What is practical to keep in our business continuity plan?
- Is there anything that is no longer relevant?
- Is our plan too rigid or vague?
- Is the company using new technology or vendors ? Have we completed our due diligence on their BC strategies?
- Did the company have significant changes to business processes or personnel?
- Have company goals or priorities changed?
While the momentum BC has gained in recent years is encouraging, the effort can’t stop just because the world is going into its third pandemic year. Enterprise business continuity plans must be forward-thinking to prepare for the next threat on the horizon.
How Frequently Should Your Business Continuity Plan Be Updated?
How frequently you update your BCP will depend on your industry and individual company purpose, operations, and risk profile. As a baseline, companies should review their plans for critical operations as needed or every six months and all other plans at least every year.
On top of completing regularly scheduled reviews, you’ll want to update your business continuity plan if any of the following occur:
- There are significant changes to the operations of your business. Examples include personnel/ownership changes, new vendors, new technology, changing operational processes/policies, etc. These are likely to come to light when completing a business impact analysis.
- A testing exercise highlights a gap in your business continuity management.
- Learnings from real-world experience.
Any time you update your plan, ensure you communicate changes and provide necessary training to appropriate stakeholders and key personnel. Improving awareness will increase the odds of proper execution.
Find out how Agility can help you with every step of the business continuity process, from planning to activation, with a personalized demo.
Lessons Learned In 2021 To Incorporate Into Your 2022 Business Continuity Plans
Throughout 2021, several threats and trends emerged. These threats and shifts include the COVID-19 virus, work-from-home policies, supply chain management, and the immediate and lasting effects of extreme weather. You should consider keeping or adding these to your 2022 business continuity plan if they’re relevant to your business.
Covid Continues
We’ve learned a lot about the COVID-19 virus and how to respond. However, the virus and the world’s handling of the pandemic will continue to evolve. It is likely that more variants, like Omicron, will emerge, which could once again affect the workplace, workforce, and supply chains despite a vaccine. Luckily, most organizations have learned from the last two years of the Covid crisis and will optimize those lessons in their 2022 BC strategy and apply certain concepts to other threats as well.
Working From Home Is Likely To Stay
Some form of remote work is the new norm for many organizations. In the 2021 BCI survey, over thirty-six percent of members state they plan to incorporate it as an option into their BC response. There are important considerations for your organization’s 2022 BC plan now that WFH is not temporary :
- Is your technology and disaster recovery plan resilient enough to prevent and respond to cybersecurity threats and data loss outside your office workplace?
- Does your BC plan include health and safety standards for homeworkers?
- Are staff well-being and mental health a part of your BC plan?
Supply Chain Resilience Is Key
Supply chains were heavily affected in 2021 due to weather, pandemic, and world economies. Remember the disruption that occurred when a container ship blocked the Suez Canal for six days, which cost an estimated $6-10 billion in global trade? Or what about the bottlenecks at the Ports of Los Angeles and Long Beach caused by an increase in demand for imports, alongside labor shortages, workplace restrictions, and infrastructure challenges? As supply chains have the potential to generate staggering disruptions, you should ensure your manufacturers and distributors also have a business continuity plan. You might want to consider backup vendors and alternate material sources. We published an article on Supply Chain & Third-Party Vendor Resilience that shares best practices to add to your 2022 plan.
Crisis Management & Resilience for Extreme Weather
To say that weather events were unpredictable might be the understatement of the year. In 2021, businesses and their employees had to endure record extreme weather events that had both immediate and lasting consequences. Nearly every month in 2021 had an unanticipated weather event:
- Record cold temperatures and snowfall leading to the Texan Power Outage
- Heatwaves and drought leading to sprawling wildfires across the globe
- Summer flooding in Western Europe and central China
- Devastating hurricanes across the Southeastern United States
- Catastrophic tornadoes in the Midwest in December
In 2022, companies should ensure their supply chains and workplaces are ready to endure severe weather. As mentioned above, don’t forget to consider homeworkers when planning for weather resilience, especially if abandoning more traditional BC work area recovery sites in favor of WFH strategies.
How To Update Your BCP
If you don’t have a business continuity plan at all, this blog post on Business Continuity Planning Do’s and Don’ts is a good introduction.
Going into 2022, here are a few important reminders for updating your BCP:
- Perform a business impact analysis to gauge how threats to your business have changed since last year. Prioritize the most significant risks to your business for the upcoming plan timeframe
- Adopt a centralized or hybrid approach for a greater chance of success. Avoid bottlenecks and silos by getting rid of purely regional or departmental-based plans.
- Remember that people are typically an organization’s greatest asset. Use a people-first approach (burnout and lack of engagement are business risks).
- If you haven’t before, involve the board and senior management in the process to get buy-in, increase awareness of business continuity’s importance, and better develop a centralized approach.
- Focus on being agile and adaptive – your BCP should not be too rigid or vague.
- Include communications and PR strategies in your plan to respond quickly and manage your reputation.
- Ensure you have the right BC leaders in place to execute your business continuity plan and adapt if necessary.
Getting Your 2022 BC Plan Started
Prepare your business for whatever 2022 throws its way. Agility Planner is an excellent place to start if you need help preparing your business continuity plan for 2022. Our software solutions provide step-by-step guidance to build your plan and simple, actionable steps to execute. Schedule your free demo to learn how our business continuity planning solutions will streamline, simplify, and support your organization’s business continuity management.
Update Your BCP
Ready to update or create your BCP? Download our 2022 How To Create a BCP checklist.
Subscribe to Our Newsletter
Get the latest business continuity news and insights
Easy business continuity management.
Let RecoveryPlanner guide you through planning and updating in the new year.
Related Content
Supply Chain Resilience Checklist
Components of Operational Resilience for Businesses
Helping a Bank Address an MRA through RecoveryPlanner
Get the Latest Business Continuity Insights
By clicking the "Subscribe" button you agree to the Terms of Use and Privacy Policy
- Mission & Vision
- IATA Management
- Governance Structure
- Strategic Partnerships Program
- Our Commitment
- IATA by Region
- Contact & Support
- Passenger Experience & Policy
- Distribution, Payment & Taxation
- Environment
- Operations & Infrastructure
- Aviation Security
- The Innovation Hub
Fly Net Zero is the commitment of airlines to achieve net zero carbon by 2050, bringing air transport in line with the Paris agreement to limit global warming to 1.5°C.
- Manuals, Standards & Regulations
- Sign up for IATA News
- Newsletters & Blogs
- Airlines magazine
- Annual Review
- Directories
- Publications Resellers
Rely on sound guidance for developing airport infrastructure that balances capacity with demand and efficiently meets user requirements while keeping up with evolving technology.
- Travel Agency Program
- Cargo Agency Program
- Data & Statistics
- Compliance Solutions
- Financial Services
- Advertising
Our solutions help your company improve its environmental footprint.
- Courses & Diplomas
- Subject Areas
- Delivery Methods
- Training Partners
- Certifications
Acquire the new skills needed to meet the challenges of the road to recovery, from safety management to emergency planning and risk management.
- Annual General Meeting
Join us in Istanbul for the World Cargo Symposium and contribute to moving Air Cargo forward
- Willie Walsh Biography
- Director General's blog
IATA Global Media Days took place 6-7 December in Geneva with some 100 journalists. Access all media material developed for this major press conference.
- Air Navigation Services
- FREIGHT FORWARDERS
- GOVERNMENTS & REGULATORS
- GROUND HANDLERS
- INDUSTRY PARTNERS
- TRAVEL AGENTS
Your pop-ups are not enabled
Emergency planning and response for airlines (classroom).
Did you know that in the past 4 years, 822 participants from 99 countries have taken this course with IATA?
About the course
4-day (32 hours) classroom course.
Airlines must have the ability and the capacity to respond to a disaster (e.g. aircraft accidents, non-aircraft occurrences) or a crisis with knowledgeable, trained and skilled persons with appropriate qualifications on the managerial and expert/specialist level. This course gives you the skills you need to take on a leadership role in an airline emergency response organization. Learn about the design, implementation and optimization of an Emergency Response Plan (ERP) according to industry practice and regulatory requirements. To ensure readiness and cooperation among all staff, review training methods that will help you deliver ERP exercises, and rally support from involved parties.
Course code : TALP-04
Course format
- This classroom course provides 4 days (32 hours) of instruction delivered by an official IATA Instructor.
- Take this course at an IATA Training Center, Regional Training Partner , or on-demand as in-house training .
- Student performance will be based on an assessment .
Prerequisites
- Recommended level is Intermediate.
- The recommended level of language proficiency is ICAO Operational Level 4 for courses in English or the equivalent level for other languages.
Are you looking for an awareness course on airport emergency response? Check out the IATA - Airport Emergency Response Awareness e-learning course.
How to register
- When you click the Register button, you will be directed to log in to your Training Account .
- Register early and save up to 25% at our Training Centers! Please read the Terms and Conditions for the early bird discount .
In-house training
Singapore Training Center Information
4 additional classes are scheduled
Buenos Aires Training Center Information
This class is offered in cooperation with Turkish Airlines Aviation Academy (TKAA). A regional price applies to residents of Türkiye. Please refer to TKAA for the final price.
Registration
For information regarding registration and course payment please contact:
- E-mail: [email protected]
- Tel: +90 (212) 463 63 63 / 12360 / 14257 / 13101
Turkish Airlines Aviation Academy (TKAA) Ataturk Airport; Gate B 34149 Yesilkoy Istanbul Türkiye
Please check if you are eligible to travel to Canada before you complete your registration .
The IATA Training Center in Montreal is ACCET Accredited
Visa-exempt foreign nationals who fly to or transit through Canada will need an Electronic Travel Authorization (eTA). Exceptions include U.S. citizens and travelers with a valid visa. Do you need an eTA ? Apply for your eTA (a CAD 7 fee applies).
Please note that travelers or if you are booking for someone else, are responsible to request their visas through varying designated channels (consulates and/ or third party companies) in due time.
A regional course fee (15% discount) is applied to course participants residing in Canada who attend classes at the Montreal Training Center. To claim the discount, enter YMQ-LOCAL in the promotional code field during your registration. The discount will be deducted automatically from the course price.
These regional discounts will be applied in addition to any qualifying early bird promotion .
As per the detailed procedure on our tax page , non-Canadian residents do not pay sales taxes if they advise us prior to their purchase.
Montreal Training Center information
What you will learn
On completion of this course you will be able to:
- Plan, develop and execute an emergency plan, plus coordinate the parties and processes involved
- Advocate for the role and responsibilities of the emergency planning specialist within an airline
- Follow ICAO, the National Transportation Safety Board and State regulations
- Train airline staff for an emergency response or other crisis situation
- Identify and outline areas for improvement in an emergency response situation
Course content
The key topics that are covered during this course include:
- Emergency response organization and network
- Airline responsibilities and compliance (SMS, FAP, IOSA)
- Alarm and notification
- Emergency response plan
- Station emergency response planning
- Special assistance team basics / Humanitarian Response incl. Inquiry / Family Assistance Center
- Go-Team organization
- Crisis communication basics
- Command center missions
- Emergency response facilities
- Emergency response plan implementation: instruction, training and exercises
- Emergency response exercise
- Business Continuity Planning
Who should attend
This course is recommended for:
- Emergency Response Planners and deputies
- Chief Operating Officers, Emergency Directors and coordinators of emergency command centers
- Go-Team Leaders
- Flight Operations Managers and Ground Operations Managers with a leading role in an Emergency Response
- Station Managers, Special Assistance Team Managers and company spokespersons
Certificate awarded
An IATA Certificate of Completion is awarded to participants obtaining a grade of 70% or higher on all exercises and exams. A special distinction is awarded to participants obtaining a grade of 90% or higher.
Related Links
We use cookies to give you the best experience on our website. We also use cookies for advertising purposes. Please see our privacy policy and cookies policy for complete information.
Business Continuity Plan: A Complete Guide
Featured Bonus Content: Get The Checklist For Business Continuity Planning And Implementation for FREE! Click Here To Download It.
Unplanned downtime costs business enterprises billions of dollars annually. According to IDC , infrastructure failure can cost a large company an average of $100,000 per hour.
However, critical application failure can ramp up the amount to between $500,000 and $1 million every hour. While your costs may not be on this scale, unplanned downtime costs time and money for every business, no matter what the size.
Most enterprises have realized that to remain afloat and thrive despite the numerous potential threats calls for the creation of effective and reliable infrastructure. This essentially means infrastructure that supports growth while protecting company data and critical applications.
Unexpected events and situations test your company’s capabilities and competitiveness. If your business can manage crises effectively, it will not only survive, but its reputation and market value will soar. A business continuity plan is the key to making this a reality.
Chapter 1: What is a Business Continuity Plan?
Chapter 2: benefits of a business continuity plan, chapter 3: what are the main business continuity plan goals, chapter 4: what major business threats do business continuity plans mitigate, chapter 5: features of a business continuity plan, chapter 6: effective business continuity tools, chapter 7: how to create a business continuity plan that works, chapter 8: common challenges faced when creating and implementing business continuity plans, chapter 9: smoothen your business continuity planning and implementation with sweetprocess.
A business continuity plan (BCP) is a document that details how company operations will continue after an unforeseen service disruption. When carried out effectively, the plan enables an organization to respond swiftly and efficiently when unpredictable events occur.
This comprehensive plan contains contingencies for every aspect of the business that the disruption might impact. They include developing alternative business processes, protecting assets, improving human resources, and safeguarding business partners.
The BCP creates a system designed to help businesses prevent and recover from potential threats. It ensures that personnel and company assets remain safe and capable of functioning quickly during a disaster.
The business continuity plan:
- Provides a summary of critical business processes plus communication strategies.
- Contains a checklist comprising supplies, equipment, data backups, and backup locations.
- Identifies plan administrators, key personnel, provides emergency responders’ contact details, and backup site providers.
- Offers detailed strategies on how to maintain both short- and long-term business operations.
Here is a short video explaining what business continuity planning is all about:
Why a Business Continuity Plan is Important
Any business can suffer from disasters of varying magnitudes, from a minor breakdown to a catastrophic cyber attack. Thus, business continuity plans are crucial in allowing a company to continue operating despite threats and disruptions that could result in revenue loss, higher costs, and low profitability.
Failure to plan can spell disaster for your business. Not only can it cost you loyal clients, but your company might fail to recover from a disaster. Having an established BCP assists in reducing downtime, which helps attain sustainable improvements in business continuity, resiliency, security, crisis management, disaster recovery, and regulatory compliance.
In addition, a good BCP integrates all the key aspects of your business. As such, it:
- Protects your data
- Safeguards your brand
- Helps retain customers
- Keeps your business running
- Helps minimize operating costs
The Difference Between a Business Continuity Plan and a Disaster Recovery Plan
A disaster recovery plan forms a crucial part of the business continuity plan. It’s one of the integral steps necessary in safeguarding a business against contingencies. Hence, it contains strategies for managing disruptions to IT infrastructure like servers, networks, computers, and mobile devices.
The key difference between the two plans is that a BCP focuses on keeping your business open and operational during unfavorable circumstances. Conversely, disaster recovery aims to restore full functionality (data access and IT infrastructure) as soon as possible after a disaster.
An effective disaster recovery plan should include how to re-establish employee productivity and the systems and processes necessary to meet key business needs. As such, it needs to outline manual workarounds so that normal operations can continue until regular computer systems get reinstated.
Other types of BCPs include crisis management plans, crisis communication plans, and emergency response plans.
Business Continuity Plan Misconceptions
It seems fairly obvious that all businesses should have workable continuity plans. However, the reality is that several misconceptions hamper business continuity planning by generating confusion that could limit a plan’s effectiveness. Some of the most common misconstructions include the following:
1. The company is insured.
Many business owners believe that as long as they have insurance, they are covered in case of any losses. While this is true to some extent, insurance alone is not enough as a business continuity strategy. Proper insurance coverage forms an essential part of a BCP, but it cannot cover everything, such as loss of market share, customers, or delays in launching new products.
2. We have a disaster recovery plan.
A disaster recovery plan and BCP are not synonymous. The former is reactive, responding after an event has occurred. It forms part of a BCP and handles the safety and restoration of critical personnel and operational procedures after a disastrous occurrence.
On the contrary, a BCP is a proactive plan designed to prevent and alleviate risks resulting from disrupted business operations. It details the exact steps to be undertaken before, during, and after the event to maintain the organization in a financially viable position.
3. We have no time to create a continuity plan.
This perspective is wrong. Any time you spend creating and maintaining a BCP is time spent investing in your business. In the event of an interruption, your business will continue incurring fixed costs even if you are not open for business.
Therefore, the sooner you can resume normal operations, the faster you can have a successful recovery. Simply put, your business cannot afford to not have a BCP.
4. Our employees already know what to do in an emergency.
When disaster strikes, even the best employees might not know what to do. Without a system, each would respond in their own way, adding more confusion. Besides, relying on them to make correct decisions during an emergency is extremely risky because they have limited or no time to think or collaborate with colleagues.
Following a well-documented BCP ensures that all employees are trained to follow a safe, systematic, and timely recovery. In addition, identifying critical functions beforehand enables you to build a better plan before a crisis. You’ll also be able to execute it better during a crisis.
BCP plans should ideally assign particular recovery activities to specific employees, who then receive training on the required procedures. Expecting all personnel to learn every step in the BCP could again create chaos during a crisis.
5. Testing a business continuity plan is unnecessary.
You need to test your business continuity plan to make certain it has no weaknesses, so check for flaws and missing steps. Besides, without regular testing, you cannot tell whether it will work when the need arises. Some might argue that testing is challenging and costly. However, a BCP that’s hard to understand or implement is already a source of concern.
An ideal continuity plan should have clear recovery steps for each particular operation. Such a plan is easy to test, and this should be undertaken two to four times annually, depending on the amendments to the BCP or turnover on key roles.
BCPs should be an integral part of standard business operations. To maximize your continuity plans and eliminate any misconceptions, involve all your employees and ensure you cover every business aspect.
Modern businesses are increasingly aware of their vulnerability to business continuity threats. Today’s threats take many forms, ranging from crippling cyber-attacks, natural disasters, and malicious damage to accidents and unintended consequences brought on by hyper-convergence.
These vulnerabilities require a proactive approach that can offer ample protection plus a strategy to withstand disruptive incidents, such as provided by a BCP. The plans typically include ways to defend against those risks, protect critical applications and data, and recover from security breaches in a controlled, measured manner.
Below are the many benefits of having a business continuity plan :
- Saves money since your business continues running during and after a disaster
- Ensures safety of all stakeholders
- Boosts your brand’s reputation
- Accelerates disaster recovery effort
- Smoothens business operations
- Minimizes disruption after a disaster
- Builds customer trust
- Helps you comply with regulatory requirements
- Protects you against unwarranted risks
- Gives you valuable business information
Let us explore some of these benefits briefly:
It Saves You Money
A business that stays closed is bound to suffer revenue loss. The longer the interruption, the more substantial the losses become. Besides, missed supply deadlines and failure to honor service level agreements (SLAs) can translate to extra fees or fines for non-compliance with regulations.
Fortunately, when your business continues running during and after a disaster, you get to save money and mitigate financial risks. Note that small businesses can also incur heavy losses after an unexpected downtime, where one hour can cost a minimum of $100,000, according to a 2019 ITIC survey .
Ensures Safety of all Stakeholders
A BCP can help keep employees and customers safe. It allows your business to continue running in the midst of a crisis while ensuring the environment is safe for both workers and clients. You will also have an uninterrupted flow of information going out to all stakeholders.
Training staff on how to respond in case of an accident or how to implement evacuation procedures also keeps everyone safe during a disaster. To prevent serious or fatal injuries, your company should have a way of sending out alerts during emergencies. Colleagues need to be able to check in too, confirming they are safe.
A fall-back plan is invaluable as it eliminates distractions that arise during emergencies. People worry about their safety and that of other colleagues and friends, leading to anxiety and a lack of focus.
Boosts Your Brand’s Reputation
A company that’s well-prepared to handle unexpected disruptions has no fear of appearing incompetent, bungling over what steps to take, or miscommunicating during a crisis. A BCP helps ensure a smooth recovery while safeguarding your brand value and the stellar reputation you’ve built over time. Furthermore, how your business responds to a crisis can affect its reputation for years.
But that’s not all. Business continuity also provides your company with a competitive edge. This is because businesses that pursue business continuity are among the first to get back on their feet after an unfortunate event.
Smoothens Business Operations
A business continuity plan offers you a blueprint that makes it easier to execute business operations, increasing your chances for success. Additionally, it helps to ensure your company continues functioning smoothly after a disaster.
Workers receive access to files, applications, and any other resources they might need, and the firm continues providing products or services, thereby reducing or eliminating downtime.
Also, a strong continuity system identifies and trains crisis response managers, ensuring people are equipped to take charge and assign tasks to the team.
Builds Customer Trust
Being transparent about ongoing business continuity efforts communicates powerfully to your customers. It informs them that their needs are important, and you are putting things in place to ensure you are always available, always there for them.
Showing such high commitment to business continuity helps build confidence amongst both clients and business partners. Customers are assured of continued access to your services.
Helps You Comply With Regulatory Requirements
Having an emergency action plan (EAP) is a standard business requirement. Your business can find itself playing host to auditors at any time with non-compliance resulting in a hefty fine.
Adopting a system of business continuity standards helps your business become compliant with industry regulations. Compliance also provides your stakeholders with proof that you’re running the business responsibly.
Gives You Valuable Business Information
Since business continuity planning entails putting your business under a microscope, the process helps you better understand your business processes.
Business continuity activities help produce lots of valuable company data on business operations, such as critical business units and crucial tasks, giving you a rough idea of the financial impact of a disruption.
With this information, you can focus resources on critical functions and find solutions to operational inefficiencies, thereby improving your processes and making your company more resilient. You can also use the data to plan strategic activities that propel your business forward.
The first step in business continuity planning should be to identify your objectives. These provide a guideline for what the plan aims to accomplish. They pinpoint the areas that need to be addressed during the document’s creation, giving all stakeholders a clearer picture of the plan’s scope and purpose.
The primary goal of having a business continuity plan is to enable a company to continue supporting critical functions during a crisis while minimizing revenue losses. This allows the enterprise to run on limited resources or restricted access to the physical office while pushing to resume normal operations as soon as possible.
Here are the most common goals of a business continuity plan :
- Guide recovery teams
- Assess risks
- Analyze the potential impact of disruption
- Reveal prioritized emergency communications
- Identify disaster recovery teams
- Give step-by-step recovery procedures
- Show where specific critical assets and data are located
- Pinpoint weaknesses and suggest solutions
- Point out preventative measures
Let us explore these goals a little further:
Guide Recovery Teams
Offering guidance to recovery teams is a fundamental goal of the BCP. This is not a document to be left gathering dust. Instead, the BCP template should provide step-by-step instructions for your recovery teams during an actual emergency, disruption, or disaster.
Assess Risks
Another key aim of creating a BCP is to establish the potential threats to your business operations. Your plan should also outline the various disasters that could disrupt the business, leading to downtime.
Analyze Potential Impact of Disruption
A business impact analysis helps a company project the potential impact a disruption would have on daily operations. This captures the financial impact on the organization too, in terms of operational losses. The information received helps the business continuity planning team determine restoration timelines and prioritize the order of events.
Reveal Prioritized Emergency Communications
Business continuity planning enables your company to have ready answers to pertinent questions during an emergency. These include queries such as who informs personnel, communicates with customers, or talks to media people. It also means that recovery teams understand and appreciate their roles regarding all emergency communications.
Identify Disaster Recovery Teams
Identifying and assigning a business continuity team is essential to your continuity plan’s success. The team is tasked with coordinating and implementing the plan. The plan should contain information on the team members, their contact details, show the management structure, and detail the roles to be played by each team member.
Give Step-by-Step Recovery Procedures
Your BCP will offer the exact steps to be followed in the recovery process. In the event of a disaster, your employees are unlikely to remember exactly what they need to do. While the disaster recovery team might have a general idea, having the document on hand will ensure that the team follows the precise protocols.
Show Where Specific Critical Assets and Data Are
A crucial goal of an IT BCP is to locate the storage point of critical data, backup resources like workstations or devices, plus other company assets. This ensures the recovery teams can commence recovery procedures without any confusion, even without key IT personnel.
The team also needs to identify where to move operations, how to do that, and the resources to employ. Your plan will also contain information on backup office space, if any, or how to secure one on short notice.
Pinpoint Weaknesses and Suggest Solutions
The BCP is a dynamic document that requires regular evaluation to address any weaknesses or loopholes. Since business continuity planning is an ongoing process, regular reviews allow for assessing any new risks. During the evaluation, pinpoint any scenarios that would expose operations to threats and suggest workable solutions to immediately address the situation.
Point out Preventative Measures
A BCP helps reassure all stakeholders that the company is doing all it can to prevent potential disruptions. To this end, it describes the tools, technologies, and protocols already established to ward off or alleviate the effects of an unfavorable occurrence.
Businesses the world over are grappling with numerous threats that target their day-to-day operations . While some of the threats are natural and beyond human control, others are accidental, and a few are intentional, resulting from malicious attacks.
Being in the know about possible threats to your business continuity is key to creating a comprehensive business continuity plan that can effectively mitigate the threats. Also, knowing the current trends can help you monitor, identify likely threats, and prepare better for any eventuality.
Below are some of the top business threats in today’s business environment:
- Natural calamities
- Cyber attacks and data breaches
- Disease outbreaks and pandemics
- Human error (such as gas leaks, chemical explosions, fire, oil spills, or damage to machines)
- Deliberate sabotage
- Reputation and scandalous issues
- Critical utility outages
- Political change or unrest
- Supply chain disruption
- Lack of key skills
- Regulatory changes
- Terror attacks
Let’s examine some of the key threats:
Natural Calamities
Losing access to your business premises because of a fire or flood means losing your entire company data. That is, if you have no cloud storage or if your disaster recovery strategies are not as efficient as required. Keeping an off-site copy of critical business data means that your employees continue working uninterrupted in the unfortunate event of a natural calamity.
Cyber Attacks and Data Breaches
Cyber attacks and data breaches take many forms, including ransomware, malware, phishing attacks, or an attack targeting network security vulnerabilities. All companies are vulnerable to such attacks, as shown by the recent attack on Goggle . Your BCP should offer security guidelines on how to prevent and cope with a cyber attack.
Disease Outbreaks and Pandemics
Widespread lockdowns over the last two years due to the COVID-19 pandemic have brought into sharp focus the need for businesses to remain open and operational at all times.
Deliberate Sabotage
Burglary or vandalism aimed at disrupting your business poses a substantial risk to on-site data. This is not restricted to your office premises, though, as it can occur wherever your employees work from—public places or at home. Deliberate sabotage could also take the form of data breaches through hacking. Customers’ data could be at risk here, leading to reputational damage in the event of a severe breach.
Critical Utility Outages
Power, water, communication, and internet outages can cause significant disruptions. Some could result from human error, deliberate action, or inadequate planning. Regional power outages can be quite devastating since they can cause a total loss of essential services. This will, in turn, affect your ability to function or implement recovery strategies as most depend on the internet.
Political Change or Unrest
Political change or unrest can cause major disruptions to businesses. For instance, political change in the UK due to Brexit means that businesses need to plan how to deal with the repercussions of the UK leaving the EU.
Supply Chain Disruption
Many organizations that rely on digital applications for critical business processes lack viable backup solutions, while others rely on a single vendor or supplier. As a result, disruptions can cause severe adverse impacts on effective business processing, leading to costly losses.
Lack of Key Skills
Having improperly trained personnel means that you lack specialized people to perform critical tasks during an emergency. If the people assigned to carry out specific duties are also not trained sufficiently, this can only worsen the situation.
Merely having a business continuity plan is not enough. An effective plan must restore regular operations as soon as possible. Every minute lost to downtime translates to revenue loss, unhappy customers who might shift to the competition, negative brand impact, and lost productivity, among others.
There are several critical components without which a BCP might fail to achieve a successful recovery after an unplanned disruption. So, what elements should characterize an ideal business continuity plan?
They include:
- Purpose and scope
- Impact analysis
- Risk assessment and mitigation
- Data and applications
- Organization
- Policy information
- Glossary of terms
- Schedule for plan reviews
- Contact information
- Service level agreements
- Identification of critical functions
Let’s unpack some key features next:
Purpose and Scope
Defining the purpose and scope of your plan is the first step in creating a BCP plan. Large organizations consist of several subsidiaries, and each might have different needs. You can choose to have a BCP covering each location or create one that focuses on a specific portion of the business.
Impact Analysis, Risk Assessment, and Mitigation
These processes involve identifying, appreciating, and assessing the risks that might affect your organization’s operations, such as natural disasters, cyber threats, and outages. They also identify how to cushion yourself against the likely after-effects such as financial loss, property damage, business interruption, or penalties.
Raising staff awareness about your BCP is important in helping them to appreciate their role in responding to disasters. Regular training sessions are therefore necessary, while staff inductions should include lessons on business continuity. The training can enhance overall company resilience.
Once your BCP is complete, you need to test it regularly. Routine testing helps you ascertain whether the plan adequately suits your needs, identify loopholes, improve processes, anticipate changes, and carry out necessary updates. It entails tabletop testing, walkthroughs, emergency enactments, and practice crisis communication, allowing you to see how personnel react in stressful conditions.
Contact Information
This is the contact details of all stakeholders, key personnel and backup, service providers, emergency responders, backup site operators, and facility managers.
Service Level Agreements (SLAs)
You need to include SLAs in your BCP. This is because some applications or processes might have a low tolerance for data loss. Examples include:
- Recovery Point Objective (RPO): Outlines the amount of data your business can afford to lose in a downtime.
- Maximum Tolerable Period of Disruption (MTPD): The point where your organization’s viability will be placed at risk if crucial activities cannot resume.
- Recovery Time Objective (RTO): The desired timeline for resuming a crucial activity after a disruption.
Identification of Critical Functions
This process helps to reveal the systems and processes that are crucial in maintaining and keeping the business afloat during an unexpected disruption. They are also the kind of processes that would deliver the most harm to the business overall in terms of revenue loss, dented reputation, or the company’s ability to operate.
Therefore, you might want first to establish your company’s primary priorities and focus your recovery efforts there. These may include information security, core functions, data protection, and access management.
As we have seen, businesses contend with a wide array of threats that can bring their operations to a halt at a moment’s notice. Consequently, companies need to prepare for any eventuality by acquiring effective business continuity tools that can lessen disruption, enabling them to sustain operations despite the interruption.
That said, it’s essential to get proper tools, as this facilitates efficient execution of your plan and allows for a swift and organized response in a crisis. Proper tools also ensure you keep communicating and operating without interruptions or losing vital data. In other words, business continuity tools are complementary software for your BCP.
To help you identify the best tools for your business, here’s a list of essential business continuity tools to implement alongside your BCP:
- Communication software
- BCP creation tools
- Tools to help with documentation
- Backup tools
- Software for internal auditing
- Disaster recovery tools
- Physical tools
- Other tools
Here’s a breakdown of the business continuity tools:
Communication Software
Effective communication is vital in maintaining operational stability. As such, you need to perform regular tests on your company’s crisis communication systems to determine whether there are any issues.
Streamline your communication by using tools that facilitate internal and external communication. You need secure and direct messaging to personnel, recovery teams, shareholders, and suppliers to promote trust and maintain control of assets. Ideal tools here include Convene App and Flock .
Mass communication tools like Crises Control or InformaCast are also suitable for emergencies. They are excellent for alerting all concerned parties about an emergency speedily and efficiently.
Business Continuity Plan Creation Tools
There are tools designed specifically to build data-based BCPs. Such one-stop-shop preparatory solutions help you develop comprehensive plans that streamline the process of company data collection and evaluation.
The tools assist in analyzing data, identifying risks, testing, and administrative activities, making it easier for you to manage your business continuity program. Examples include Orbit4BC and ResilienceONE .
Tools to Help With Documentation
You can create your BCP on word processing software like Microsoft Word. Swift and secure access to the BCP in an emergency is a major consideration and Dropbox or Google Docs are cloud-based solutions that can help make this possible.
However, a better solution is to go for a robust tool that allows you to build an easy-to-read document that’s customizable to your company’s needs. An excellent tool here is SweetProcess .
Backup Tools
Backup solutions allow data storage in off-site locations, facilitating business continuity. They provide data protection, replication, access, recovery, migration, automatic backups, and information management.
They also enable virtual storage, optimize efficiency across networks and allow for the continuous availability of key data, ensuring business continuity. Good examples include Altaro VM Backup and Unitrends .
Software for Internal Auditing
One way to make your business continuity planning effective is to evaluate your assets thoroughly. This helps to uncover any vulnerabilities, pain points, and irregularities in the infrastructure.
The goal of carrying out an internal audit of your BCP is to assess its scope. The audit also evaluates how outlined procedures can safeguard the company in a crisis. You can perform the internal audit manually by evaluating the processes and confirming their relevance. However, for a more comprehensive audit, opt for specialist BCP auditing applications like Onspring and Open-AudIT .
Disaster Recovery Tools
Safeguarding IT assets during a disaster is fundamental to any viable business continuity program. This might entail data recovery, data backup, infrastructure reinstallation, or creating a cloud environment that simulates corporate assets to provide essential services.
Disaster recovery tools focus on mitigating interruptions on IT infrastructure. They help restore crucial systems quickly, enabling your company to resume core operations while minimizing losses. Recommended tools include Azure Site Recovery and Ekco Protect .
Physical Tools
These too can alleviate the effects of certain disasters, thus promoting business continuity. Fire suppression tools like extinguishers and fire exits help safeguard computer equipment and data from fire while backup power sources support companies through power outages.
Other Tools
These include:
- Cold site : a basic structure where staff can work after a disaster.
- Hot site : a secondary business location that always maintains up-to-date data copies.
- Point-in-time copies : These make copies of the complete database regularly.
- Instant recovery copies : These take snapshots of whole virtual machines, enabling data restoration from the backups.
- Virtualization : This is a method of backing up a viable replica of a company’s total computing environment.
Business continuity tools are meant to make your business continuity program more efficient. Put simply, they are not a fix for a poorly-designed BCP. When selecting your tool, always start by identifying your need, i.e., documentation or data recovery, then look for the tool that best addresses it.
Creating an effective BCP is no walk in the park. It needs to be a well-thought-out document given its critical role in running a resilient business. Here are the steps you need to take:
Determine Your Approach
Decide how your company plans to manage its response to disruptions, the plan’s coverage, and the type of plans to use depending on your firm’s size and complexity.
Build a Team
Create a core team tasked with preparing the BCP and training the support team. Pick key staff in IT, security, finance, and communications. Have a contact list detailing the names, titles, and contact details of the key people in the BCP. Finally, clearly outline their roles and responsibilities so everyone understands what’s expected of them in a crisis and establish proper communication channels.
Gather the Necessary Information
This involves getting all the information necessary to perform the next step—risk analysis. Use your team here to get as much information as possible.
Do a Business Impact Analysis (BIA)
Business impact analysis helps you pinpoint threats to your operations, staff, financial well-being, and reputation. It allows you to determine and prioritize processes bearing the highest impact on the company’s finances and operations. Determine what activities need immediate resumption, the timelines, performance level, and resources needed.
Conduct a Gap Analysis to Identify the Resources Needed
Your BIA might have uncovered the variance between the resources at hand and what is required for recovery. Conducting a gap analysis establishes the gap between current resources and recovery requirements, recovery options, and the strategies agreed upon. After the analysis, you can investigate and execute recovery strategies.
Point Out Your Brand’s Critical Functions
Your company’s critical functions help to maintain essential services during a crisis. You want to prioritize them by starting your recovery efforts here. They might include data protection, access management, order fulfillment, inventory management, customer service, and e-commerce platform functionality.
Assess Risk and Consider Mitigation Strategies
Evaluate the risks that pose the highest threat to your organization and brainstorm potential mitigation strategies. Mitigation activities should aim at reducing the severity of an interruption and should address emergency response, resource management, staff communications, and public relations.
Establish a Business Continuity Process
The BIA results will inform the business continuity requirements. The continuity process covers prevention, response, and recovery strategies. It entails identifying backup suppliers, establishing safety protocols, alternate work locations, work-at-home strategies, outsourcing, and the use of manual working procedures.
Create the Plan Structure
Start by collecting all the information required to respond to an interruption, then write down step-by-step procedures. These are the tasks and processes that staff must perform to keep your business in operation. Create a simple plan outlining the minimum resources necessary for business continuance, potential relocation sites, and the staff and resources required to achieve this.
Implement and Train
Once your plan is ready, implement it. Conduct training for the planning team to familiarize themselves with their roles and obligations and for the rest of the staff to learn what to do in an emergency.
Test and Optimize Frequently
Testing your BCP is essential as it enables you to validate it as well as identify gaps. Continuous improvement happens when you establish your findings via a live exercise then act upon them. Conduct annual tests and exercises or after a significant change to ensure relevant, complete, and accurate procedures.
A BCP is an invaluable document in protecting your company and minimizing disruptions. Unfortunately, it’s not very easy to develop one due to the many challenges encountered. One way to overcome the obstacles is to appreciate their existence, then formulate strategies to resolve them. Here is a list of the most common challenges.
The process can be highly complex
Creating a BCP can seem overwhelming, especially in a large organization with complex systems and processes. As the business owner, you need to create individual plans for subsidiaries in different locations or a plan that addresses the entire organization. Planners also need to be familiar with basic business continuity planning concepts.
Planning and implementation can be expensive
This is because you need to avail resources that are necessary but not currently available, or hire a consultant to assist. Implementation also entails buying business continuity solutions and templates , which tend to be pricey.
Poor staff involvement may slow down the process
All staff need to have a fair understanding of the BCP. To ensure their commitment, involve them in the planning process and provide training. This will inform them what they need to do in a crisis.
Lack of executive support can be a critical issue
If management is not keen to invest in a BCP, you might not get the resources you need to craft a concrete plan. To get their buy-in, tell them the benefits of having one and the potential damage that lack of a BCP can cause. You can use real case studies.
Insufficient technology can make the plan ineffective
A BCP relates, to a large extent, to technical issues like technology failure, data loss, and communication breakdown. Resolving these challenges requires specific tools and the budget to acquire the same. Try to get comprehensive tools that cover more than one function or process to maximize your technology.
Not routinely testing, even after top-notch planning, can reduce impact
Routine testing using different scenarios helps you determine your BCP’s viability, identify inherent weaknesses and areas for improvement.
Lack of constant training reduces the long-term effect
Constant training is necessary as the BCP keeps changing with new updates or new threats arise. Besides, new employees need to be put on board with the program.
Reliance on outdated templates can hinder the ability to mitigate new threats
Templates make creating a BCP easier, but they must add value and be customizable to the organization. Otherwise, the plan will be riddled with irrelevant material; hence, it might be hard to read and not actionable. Any tool used should not dictate what’s to be included in the program. Rather, it should complement the BCP.
A plan that’s too generic may not work for your business
This happens when planners fail to incorporate existing strategies well or are unaware of them. Every business is unique, so create a plan that suits your company’s specific circumstances in terms of the business environment, potential threats, and critical business operations.
Lack of focus can hinder the creation process
A BCP can lose focus and become ineffective if recovery requirements are poorly defined. The plan should describe the recovery process clearly, the people involved, recovery performance levels, and how to operate during recovery.
Creating a plan for the wrong audience may decrease efficiency
Assigning the task of documenting the BCP or delegating business continuity activities to unqualified people is the root of this challenge. The core planning team should have experienced team leaders, key staff in each department, and subject matter experts to guide the process.
Are you wondering how you can smoothen your business continuity planning and implementation? Look no further. SweetProcess is an invaluable tool that can take the headache out of developing and implementing your BCP. Read the below case studies to get an idea of what SweetProccess can do.
How Streamlining Business Operations Helped Create a Safer Environment Post-COVID Shutdown
Dr. Olesya Salathe, dentist, and Alex Jacks, office manager, proprietors of The Dentist Off Main , had a passion for providing excellent dental services to their patients but encountered one problem. With COVID-19, the duo needed to ensure the clinic offered maximum safety . They desired to streamline their business operations, but using Word documents wasn’t helpful.
Thankfully, they discovered SweetProcess, which enabled them to operate safely post COVID restrictions and boosted their staff’s efficiency. It helped create effective documentation for patient care, eased employee training and onboarding, and created an accessible knowledge base.
Dr. Olesya’s recommendation? Find key team members on your team. “You can’t do it alone. You can start identifying the most problems and start with that process first.”
Texas DFPS Streamlines Its Operations to Process 40,000+ Requests Annually
Justin Compton, manager II, and Heather MacLean, management analyst II, from the Texas Department of Family and Protective Services , process 40,000+ record requests annually.
The sheer volumes demand accurate documentation, but after trying different basic workflow software, it was clear their work required a more effective system like SweetProcess. This system eliminated complexity, streamlined operations, and simplified workflow, making the agency more efficient. Heather confesses:;
“I really like SweetProcess because it lets you build a process machine. It lets you plug everything in so that it’s all cohesive and yet independent.”
The key challenge was the information was kept in different places, making access difficult and complex. Also, updating the manuals was cumbersome and took too long, a major setback for an agency required to make quick decisions on custody or childcare. SweetProcess sorted all that. It also made employee training easier and created a remotely accessible knowledge base with controlled access.
Atlantic Sapphire Transfers Operational Knowledge Between Facilities by Documenting Business Processes
Stanley Kolosovskiy’s job as technology process coordinator was to ensure that Atlantic Sapphire’s business operations were optimized. But despite his IT background, he struggled to use the existing software to create an effective workflow system for his colleagues and boost their performance.
The Denmark-based salmon-farming company was opposed to environmental pollution resulting from air freighting salmon in non-sustainable packaging, preferring to distribute them by road transportation instead.
However, producing salmon locally and sustainably meant strict adherence to operational procedures. The employees needed standard operating procedures to guide them in performing tasks. Stanley sourced a better alternative and found SweetProcess, a more intuitive, easy-to-use software that fostered an eco-friendly environment, expediting their move to the United States.
SweetProcess streamlined process documentation, made employee onboarding straightforward, and decentralized the company’s knowledge base. Stanley was pleased.
“I just want to implement more SweetProcess everywhere because this means everybody knows what’s going on. Everybody has the right training…incorporating data collection…and being able to get more reports out of the data that’s collected.”
You too can streamline your procedures, making it easier to resume normal operations after an interruption. Sign up for the SweetProcess free trial and experience how it works. No credit card required!
Conclusion: Create the Shield Your Business Needs to Survive for Generations
Today’s businesses boast digitally interconnected networks that demand uninterrupted connectivity to run operations. This means that whenever connectivity gets disrupted, business halts. This state of affairs is both expensive and unsustainable. It can also cost you your business since availability, reliability, and strong security are all key in running a successful business.
Fortunately, SweetProcess can help keep your business open during and after a crisis by ensuring all critical processes keep running. Join the free trial (no credit card required) and see the impact SweetProcess can make. Don’t leave without downloading the free Business Continuity Planning and Implementation Checklist below!
Related Posts:
Get Your Free Systemization Checklist
Leave a Reply Cancel reply
Your email address will not be published. Required fields are marked *
An official website of the United States government
The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
- Publications
- Account settings
- My Bibliography
- Collections
- Citation manager
Save citation to file
Email citation, add to collections.
- Create a new collection
- Add to an existing collection
Add to My Bibliography
Your saved search, create a file for external citation management software, your rss feed.
- Search in PubMed
- Search in NLM Catalog
- Add to Search
Airline business continuity and IT disaster recovery sites
Affiliation.
- 1 Gulf Air - Information Technology, PO Box 338, Bahrain.
- PMID: 26897619
Business continuity is defined as the capability of the organisation to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Business continuity is fast evolving to become a critical and strategic decision for any organisation. Transportation in general, and airlines in particular, is a unique sector with a specialised set of requirements, challenges and opportunities. Business continuity in the airline sector is a concept that is generally overlooked by the airline managements. This paper reviews different risks related to airline processes and will also propose solutions to these risks based on experiences and good industry practices.
Similar articles
- Resiliency scoring for business continuity plans. Olson A, Anderson J. Olson A, et al. J Bus Contin Emer Plan. 2016;10(1):31-43. J Bus Contin Emer Plan. 2016. PMID: 27729099
- The synergy needed for business resilience. Kachgal JA. Kachgal JA. J Bus Contin Emer Plan. 2015 Autumn;9(1):10-7. J Bus Contin Emer Plan. 2015. PMID: 26420390
- Implementing business continuity management systems and sharing best practices at a European bank. Aronis S, Stratopoulos G. Aronis S, et al. J Bus Contin Emer Plan. 2016 Spring;9(3):203-17. J Bus Contin Emer Plan. 2016. PMID: 26897617
- Post-event reviews: Using a quantitative approach for analysing incident response to demonstrate the value of business continuity programmes and increase planning efficiency. Vaidyanathan K. Vaidyanathan K. J Bus Contin Emer Plan. 2017 Jan 1;11(2):107-16. J Bus Contin Emer Plan. 2017. PMID: 29256379 Review.
- A metrics framework to get and keep management engaged. Ream S, Mathew S. Ream S, et al. J Bus Contin Emer Plan. 2018 Jan 1;11(4):298-308. J Bus Contin Emer Plan. 2018. PMID: 30670131 Review.
- Search in MeSH
LinkOut - more resources
Full text sources.
- Ingenta plc
- MedlinePlus Health Information
- Citation Manager
NCBI Literature Resources
MeSH PMC Bookshelf Disclaimer
The PubMed wordmark and PubMed logo are registered trademarks of the U.S. Department of Health and Human Services (HHS). Unauthorized use of these marks is strictly prohibited.
- WEATHER ALERT Flood Warning Full Story
Passenger dies after severe turbulence impacts business jet flight; Plane forced to land
A business jet was buffeted by severe turbulence caused a rare passenger death and forcing the aircraft to divert to a Connecticut airport.
WINDSOR LOCKS, Connecticut -- A business jet was buffeted by severe turbulence over New England, causing a rare passenger death and forcing the aircraft to divert to Bradley International Airport in Connecticut, officials said Saturday.
Five people were aboard the Bombardier executive jet that was shaken by turbulence late Friday afternoon while traveling from Keene, New Hampshire, to Leesburg, Virginia, said Sarah Sulick, a spokesperson for the National Transportation Safety Board.
The extent of the damage to the aircraft was unclear and the NTSB did not provide details including whether the victim was wearing a seatbelt.
The jet is owned by Conexon, a company based in Kansas City, Missouri, according to a Federal Aviation Administration database. The company, which brings high-speed internet to rural communities, declined comment Saturday.
RELATED: 7 hospitalized after Lufthansa flight experiences 'significant turbulence,' diverted to Virginia
NTSB investigators were interviewing the two crew members and surviving passengers as part of a probe into the deadly encounter with turbulence, Sulick said. The jet's cockpit voice and data recorders were sent to NTSB headquarters for analysis, she said.
Turbulence, which is unstable air in the atmosphere, remains a cause for injury for airline passengers despite airline safety improvements over the years.
Earlier this week, seven people were hurt badly enough to be transported to hospitals after a Lufthansa Airbus A330 experienced turbulence while flying from Texas to Germany. The plane was diverted to Virginia's Washington Dulles International Airport.
But deaths are extremely rare.
ALSO SEE: 5 hospitalized after plane hits turbulence on United Airlines flight
"I can't remember the last fatality due to turbulence," said Robert Sumwalt, a former NTSB chair and executive director of the Center for Aviation and Aerospace Safety at Embry-Riddle Aeronautical University.
Turbulence accounted for more than a third of accidents on larger commercial airlines between 2009 and 2018, according to the NTSB.
The Associated Press contributed to this report.
Passenger knew he had explosive in his luggage, FBI agent says
Flight makes emergency landing after passenger tries to breach cockpit
Flight attendant goes viral for helping a nervous passenger
Transportation watchdog to investigate flight cancellations and delays
Top stories.
Man shoots, seriously injures NW Side home invader: Chicago police
ATM thieves use glue and 'tap' function to drain accounts at Chase
Customers duck for cover as armored truck driver robbed
Indiana man charged with aunt's fatal stabbing: police
- 19 minutes ago
Disability rights activist Judy Heumann dies at 75
- 2 hours ago
LIVE | Sunday Mass at Holy Name Cathedral
- 21 minutes ago
4K people expected to participate in Chicago Polar Plunge
CPD issues alert after series of River North restaurant burglaries
IMAGES
VIDEO
COMMENTS
Our Business Continuity Plan (BCP) Assuming a Large-Scale Earthquake Hits Tokyo provides the necessary policy, system, etc. and other basic matters to continue air transportation services including reservation and information services and payments and settlements, which are important duties of JAL Group, so as to continue sound business …
Part 1 - Business Continuity Planning at Airports | Operational and Business Continuity Planning for Prolonged Airport Disruptions |The National Academies Press Operational and Business Continuity Planning for Prolonged Airport Disruptions (2013) Chapter: Part 1 - Business Continuity Planning at Airports « Previous: Front Matter Page 1
An ongoing management process to ensure continuity of core business processes in the event of a crisis to minimize interruption and adverse impact to the organization. It has two components: and Emergency Response Plan, and Business Continuity Plan. Emergency Response Plan: A plan to manage the immediate response (minutes to hours) to a crisis.
This analysis demonstrates the fact there is no one-size-fits-all approach to business continuity and disaster planning for the airline industry. Regardless of the disaster type, accurate,...
Every American Airlines, Envoy, PSA and Piedmont team has a comprehensive contingency plan to respond to lengthy onboard ground (tarmac) delays at U.S. airports. Each plan: Ensures we'll have adequate resources available to meet your needs Names a control person to coordinate local teams and communicate with central operations centers
Step 2: Identify key products, services, or functions. Step 3: Establish the business continuity plan objectives. Step 4: Evaluate the potential impact of disruptions to the business and its workers. Step 5: List actions to protect the business. Step 6: Organize contact lists.
This morning, the Federal Aviation Administration's (FAA) system for alerting pilots and airports of real-time hazards, called NOTAM (Notice to Air Missions), went offline around 3:28AM EST. While flights have slowly resumed to normalcy, this recent event is a further example of a breakdown in incident response, business continuity, and disaster recovery planning in the airline industry.
Business Continuity Plan. The business continuity plan is a combination of findings from the performed BIA and the recovery strategies established by the organization. A BCP plan typically includes 4 key components: scope & objectives, operations at risk, recovery strategy, and roles and responsibilities. 6. Training.
A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps: Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
3.3 How the airline company will be started Step1: Creating A Business Plan The first step before starting an airline company is to create a business plan for airlines company. Bruce studied several examples of business plans for airlines and developed his start an airline business plan himself.
Contingency Planning & Crisis Management. Our Organisation. Aviation safety and security is of paramount importance to CAAS. To ensure the continued safety of passengers in times of sudden and unforeseen events or incidents, CAAS oversees the business continuity and crisis management plans for the aviation sector.
Business Plan Questions (PDF) provides a list of important questions to consider when writing the business plan. Brand Foundation Overview (PDF) provides a list of steps to take to position your emerging brand based on your market analysis and a need to differentiate from existing competitors. Structuring the Plan. The Airline Business Plan ...
Business continuity in airline sector is a concept which is generally overlooked by the airline managements. An airline's business processes are generally segregated in different business units, namely Operations, Sales, Technical, Finance and Administration. These units are then further divided into sub units and further.
Emirates Airline's business continuity plan follows the following steps: Prioritize Critical Organizational Processes for Restoration Give priority to critical organizational processes for continuity because doing so is integral to minimize the impact of the breach Ensure There Is a Relocation Site Where the Airline's Processes Could Be Hosted
Start your own airline business plan Air Leo Executive Summary Opportunity Market Economic growth and the requirements of redevelopment, not to mention the impending entry of several countries in the region to the European Union, are creating increased demand for air services between Western Europe and the countries of Southeast Europe and Turkey.
BUSINESS CONTINUITY PLANNING. Response Plan identified critical airport services and operations. Promoted similar BCP planning with all airport partners (airlines, retail operations, etc) Established supplies that would be necessary for short term (<24 hours) isolation at airport.
Maximize business capabilities and provide transparency of operations. Create greater efficiency in the workflow of aircraft maintenance, reduce downtime loss, and improve turnaround times. Conclusion A DAP essentially fits perfectly into a company that is looking to establish its change management routine.
Lessons Learned In 2021 To Incorporate Into Your 2022 Business Continuity Plans Throughout 2021, several threats and trends emerged. These threats and shifts include the COVID-19 virus, work-from-home policies, supply chain management, and the immediate and lasting effects of extreme weather.
Business Continuity Planning Who should attend This course is recommended for: Emergency Response Planners and deputies Chief Operating Officers, Emergency Directors and coordinators of emergency command centers Go-Team Leaders Flight Operations Managers and Ground Operations Managers with a leading role in an Emergency Response
A business continuity plan (BCP) is a document that details how company operations will continue after an unforeseen service disruption. When carried out effectively, the plan enables an organization to respond swiftly and efficiently when unpredictable events occur. This comprehensive plan contains contingencies for every aspect of the business that the disruption might impact.
Business continuity in the airline sector is a concept that is generally overlooked by the airline managements. This paper reviews different risks related to airline processes and will also propose solutions to these risks based on experiences and good industry practices. MeSH terms Air Travel
ICAO
WINDSOR LOCKS, Connecticut -- A business jet was buffeted by severe turbulence over New England, causing a rare passenger death and forcing the aircraft to divert to Bradley International Airport ...