This case study outlines the current situation for the XYZ Training Company Ltd. XYZ accepted a proposal from D ‘n’ S Consulting, and implemented a small local area network within their Sarnia office (See Appendix A).The purpose of this exercise is to analyze the current situation at XYZ Training Company Ltd. and to make recommendations on areas that need to be considered in conducting Business Resumption Planning for the organization.
It has been 18 months since XYZ Training Company implemented its new network, and increases in productivity have been well above corporate targets, while at the same time system reliability and integrity has improved significantly.The network is functioning well, and employees are able to share documents, files, and system resources such as printers, faxes and internet services.It was decided at the implementation of the project to keep the leased data line that XYZ had been using for FAX, and convert it to a dedicated data line for the internet.Internet access has been stable, and they are quite pleased with their ISP.
XYZ has also found significant saving by moving to Voice over IP (VOIP) phones, integrated into their network.As part of their planned IT expansion, XYZ Training Co. have hired a full-time IT Administrator, who is tasked with overseeing the operation of the network, providing help and training to staff, and managing and implementing any changes to IT configuration or operation.
With regard to changes, XYZ Training Co. has also expanded its online presence with the implementation of a corporate website, as well as social media accounts on Facebook, Indeed and Twitter.They are currently working on a large project to put a number of HR processes, regulations and forms online for customers and prospective customers.To assist in this project, they have hired two contract employees who work from home.These contractors go through the large mass of files, documentation and training material, and reformat the content for online consumption.The service is currently free to all, with new content being added weekly.XYZ is planning on expanding this offering with a “premium service” on a paid subscription basis which would include such services as access to an HR consultant on an online chat, access to premium video content and live participation in video-conference events.This content is currently in the design stage.
In an additional effort to improve services and reduce costs, XYZ is looking at transitioning to cloud based delivery of a number of their services.Much of the coursework that was published via CD or DVD is now available for download via their website.This is a paid subscription service, and has proved to be quite popular, with the list of new customers growing daily.The revenue generated by this service alone has allow XYZ to hire a new content editor, as well as a new outside sales representative.New hardware has been provided to these individuals.All purchasing and installation is being done by the Systems Administrator. XYZ has also recently switched its accounting and payroll services to Inuit Corporation. These services are overseen by the office manager.
The influx of new business has left XYZ in the enviable position of growing in both size and revenue.Their investment in IT has paid huge dividends, and has paid for much of its recent expansion.As part of its new business, XYZ has landed a significant contract with the Department of National Defense, to assist in the development of new HR standards and policies in the military which are more in line with current Canadian standards.As a requirement of this contract, XYZ must conduct a business audit, and prepare a Risk Assessment of their current and planned IT services and infrastructure.As the DND is conducting a major policy and process overhaul, XYZ Training Company may have access to DND computing infrastructure, resources and information, as well as access to sensitive or classified material.
Not all has been rosy for XYZ Training Company, however.It’s involvement with the DND has caught the attention of an “anti-government, anti-military” interest group, called People Against Imperialist Nations (PAIN).PAIN appears to have a very small, but rather radical, group of followers.They operate extensively online, with a website, growing Facebook and Twitter accounts and several blogs.Recently, they staged a protest at XYZ Training Company offices.The protest was rather small (7 in all) however 2 members managed to get in to the offices and damaged a printer before police were able to remove and arrest them.
Given the requirements of the contract with the DND, XYZ has decided to take this opportunity to address the entire question of Business Continuity and Disaster Recovery.Obviously, they must look at the question of security, given the nature of the new business, but they must also look at their overall IT infrastructure and any vulnerabilities they may have.They also need to determine their priorities for systems and services, roles and responsibilities, and action plans moving forward.
Based on the success with the network installation, XYZ Training Company has reached out again and hired us to advise them.
Based on the information provided, analyze some of the issues facing XYZ Training Company.You need to address the following questions:
- What risks are they facing, with regard to potential disasters, either natural or man-made?
- What are their most immediate risks?
- What are the vulnerabilities to the business? What could prevent them from doing business?
- Based on what you know, what systems are vital to the operation of the business?What are the threats to their systems?What are the potential points of failure?
Based on the risk analysis, what recommendations would you make, with regards to improving or strengthening their systems to allow their business to continue, should any of the risks take place.What do you think their priorities should be?What kind of resources might they need – hardware, software, people, etc. (you don’t need to be so specific as to make and model of device here – it’s ok to say something like “Install a second router to provide a redundant internet link.”).
Prepare your document as a brief report to me – assume I am the Director of Consulting Services for D’n’D Consulting, our corporate name.It should be in report format, with all the requirements for a business document – title, name of the author, date written and an introductory paragraph introducing the contents.Deadline for the report is Thursday, April 15th, at 11:30PM in the dropbox provided in D2L.Any assignment received after that date/time will receive a grade of 0.
You can work collectively and discuss ideas, but everyone must submit their own original document (this does not mean taking your friends document, rearranging the bullet points, changing a few words with a thesaurus, and submitting it).