BUSINESS CONTINGENCY PLAN

BUSINESS CONTINGENCY PLAN

The Business Contingency Plan (BCP) will seek to address one factor that impacts business mining operations. Historically mining disasters have included the following listed in the chart below (Underground explosions, and collapsing ground). For the purpose of this study the focus will be the mitigation of deaths associated with explosions. This is because in the last century the United States has experienced approximately 10, 390 fatalities (420 events) of death associated with explosions. The average fatality by incident type is 24.74 (Msha.Gov, 2014).

I. Analysis of strategic pre-incident changes MOA would follow to ensure the well-being of the enterprise:

There are three primary areas that should be assessed when examining recent mine disasters. Such a comprehensive examination provides a blueprint for pre-incident changes. The first area is lack of control (i.e. employee/management training, task preparedness, and organizational rules, engineering controls). The second area is basic causes (i.e. leadership/supervision, proper maintenance, purchasing, appropriate tools, equipment, and materials). The third area is immediate causes including substandard practices and conditions (i.e. inadequate ventilation, fire & explosion hazards, inadequate warning systems, and insufficient guards or barriers (Msha.Gov, 2014). Therefore MOA is advised to examine all three areas and develop a comprehensive plan that includes training, workflow assessment, evaluation of existent resources, and removal of fire & explosion hazards.

II. Analysis of the ethical use and protection of sensitive data

In order to aptly protect sensitive information it requires an examination of five key areas including identification, classification, labeling, security, and sharing. In terms of information classification there are four recommended classifications including (public, inter-entity, company, and restricted). The sharing of public information requires minimal protocol as it is already in the public domain. However the other classifications entail data such as critical assets, key facilities, systems, financial projections, and even intellectual properties. It is recommended that MOA consider the following strategies.

• Ensure that any employee with access to sensitive data is properly trained on proper protocols, and procedures (i.e. handling, storage, transmission, distribution, replication or destruction). When possible sensitive information once properly documented should be shredded by a separate third party vendor.
• MOA should also only store hardcopy documents as long as legally required. Such documents should have appropriate labeling (i.e. a stamp that says “sensitivity information-restricted”) to discourage unnecessary duplication or access.
• When possible MOA should transition the majority of hardcopy documents to an electronic format. The documents should have a watermark indicating their sensitive nature. This information should be accessible only to those with high-security clearance. Having the majority of information in an electronic format and offsite ensures that in the unfortunate event of an explosion the company can quickly resume business.

Source: (North American Electric Reliability Corporation, 2015)

III. Analysis of the ethical use and protection of customer records

In terms of ethical use company information (i.e. vendors, clients, financial projections, and proprietary information) should be only used for company business. Also, employees with access should receive appropriate training regarding protection of customer data. This includes securing laptops and electronic devices when unattended. Also MOA should ensure that consideration is given to desktop timeout and password security and full hard drive encryption. Finally, employees should ensure appropriate caution is taken not to leave sensitive data (SD) on desks or in unattended/unlocked vehicles. In the event an employee finds there has been a breach of SD the employee should be trained and fully understand the appropriate reporting process (North American Electric Reliability Corporation, 2015).

IV. Discussion on the communication plan to be used during and following the disruption

MOA should also have an inventory recording process that includes critical asset functions and physical locations, network topology maps, exposed/unprotected assets, HAZMAT materials, and contingency facilities in the event of a disaster like an explosion (North American Electric Reliability Corporation, 2015). This top secret document/report would be the principle resource used to communicate both during and following a disruption. It would enable MOA to quickly ascertain where the risk occurred, immediate impact, and the location of contingency facilities/resources for post-disruption.

V. Discussion on restoring operations after the disruption has occurred (post-incident).

It is recommended that MOA have emergency coordination centers where all employees can gather following a major disruption/disaster. In the event that MOA has a number of mines impacted by the explosion there should be an assortment of emergency meeting points and stations. There should also be an identified emergency coordinator at each station who has been trained on the appropriate disaster protocol. The emergency diagram with critical asset and data information, will enable communications and operations processes to occur remotely when necessary (North American Electric Reliability Corporation, 2015).

References

Mining Technology. (May 16, 2014). The world's worst coal mining disasters. Retrieved from http://www.mining-technology.com/features/feature-world-worst-coal-mining-disasters-china/

Msha.Gov. (2014). The Development of Risk and Readiness Assessment Models for MSHA and Industry Consolidated Final Report. Retrieved from http://www.msha.gov/Readroom/FOIA/MSHARiskReadinessReport2014.pdf

North American Electric Reliability Corporation. (2015).

Security Guideline for the Electricity Sector: Protecting Potentially Sensitive Information. Retrieved from http://www.nerc.com/docs/cip/sgwg/Protecting%20Sensitive%20Information%20Guideline%20Draft%20Revision%208-30-11%20v04.pdf