Skip to content
Home » Business Continuation And Planning

Business Continuation And Planning

  • by

General Motors Recovery Plan

An Overview of General Motors

            William C. Durant spearheaded the founding of General Motors Company (GM) in 1908 with the aim of consolidating several motorcar companies. The company was formerly known as General Motors Corporation, and operates assembly and manufacturing plants as well as distribution centers in the United States, Canada, and other countries. Headquartered in Detroit, its major product lines include trucks and automobiles, engines, automotive components, and financial services. The company envisions a future where there will be zero emissions, zero congestion, and zero crashes, and is committed to being on the forefront in the realization of this future (General Motors, 2020). GM is also committed to creating an environment that welcomes everyone and makes them fell valued for not only their contribution but also who they are. It has more than 180,000 people and operates in six continents across 23 time zones speaking 70 languages. GM is the only company with a fully integrated solution for the production of self-driving cars.

            The company is exposed to a wide range of potential disasters just as it has experienced some large-scale disasters in the past. For example, its operations were adversely affected in 2011 by the devastating earthquake and tsunami in Japan, which affected supply. At the time, GM was spending at least 2% of purchase of parts budget in Japan (Bunkley, 2011). The company might not be affected by earthquakes and tsunamis only but also crises that affect information systems, business functions, the health and safety of employees, and the continuity of its operations. This document includes the Information System Contingency Plan (ISCP), Business Incident Response Plan (BIP), Occupant Emergency Plan (OEP), Continuity of Operations Plan (COOP) that should be implemented by General Motors.

Information System Contingency Plan (ISCP)

Purpose

            The purpose of this Information System Contingency Plan is to establish procedures that will be used in the assessment and recovery of the system after a disruption. The plan includes all the critical information needed for successful recovery, such as inventory information, recovery procedures, system testing, assessment procedures, and roles and responsibilities (Choi, 2018).

Roles and Responsibilities

            The plans establish the roles and responsibilities of participants in the recovery and reconstitution process. Those participating in the implementation of the plan should be trained to respond to a contingency that might affect the information system. The team together with the ISCP director will be responsible for overseeing the implementation of the plan.

Activation and Notification

            This phase defines the initial actions that should be taken when the information system disruption has been detected or has been established to be imminent. The plan could the activated when an outage indicates that the information systems will be down for more than seven hours or when the facility that houses the information system is damaged. Notification is the first step once the plan has been activated (Swanson, Bowen, Phillips, Gallup, & Lynes, 2010). Notification will be followed by an outage assessment to determine the magnitude of the damage or disruption and the expected recovery time.

Recovery

            This phase starts when the plan is activated, an outage assessment has been completed, employees and participants have been notified, and a team of participants has been mobilized. The sequence of activities at this phase include identifying the recovery location, determination of the required resources, retrieving backup and system installation media, recovering hardware as well as operating system, and recovering the system from the system installing media and backup. In the event that the crisis escalates, the management and other stakeholders should be notified.

Reconstitution

            This phase seeks to complete recovery activities and ensure that the systems starts to operate normally. The team will conduct validation data testing to ensure that databases as well as data files have been recovered. Validation functionality testing will also be conducted to establish that the functionality of the system has been tested and its readiness to normal operations has been ascertained.

Business Incident Response Plan (BIP)

Purpose

            This plan documents the criteria for managing business emergencies. It outlines the required procedures and actions for the identification response, remediation, and follow-up of business incidents.

Communications

            Effectiveness in the implementation of the plan depends on timely, accurate, and consistent communication. Both internal and external notifications shall be used for communication. Internal notifications shall involve incidents that involve confidential or restricted information, progress notification, and other notifications that contain details about the incident (Ric One, 2019). External notifications shall be used to inform external partners about the incident. the approach to notifying stakeholders depending on the nature of the business incident and urgency.

Investigation

            In cases where data should be collected in order to better understand the business incident, the team shall be responsible for the activities and reporting of the findings.

Containment

            This phase shall focus on reducing further impact of the incident on business. Both short-term and long-term containment should be employed. Short-term containment may include bringing business function to a halt or disabling an account credentials. Long-term containment follows short-term containment to further mitigate the impact.
Eradication

            This phase focuses on eliminating the emergency situation or event. Eradicating may involve a wide range of activities. Such activities should seek to focus on finding or eliminating the cause of the incident.

Recovery and remediation

            The goal of this phase is to restore the impacted business area or service and ensure that the required environmental changes have been effectively implemented to prevent the reoccurrence of the incident. It may require doing away with some processes, introducing new processes and rules, taking actions against the employee that contributed to the incident, and retraining the employees.

Lessons Learned

            Once all the above phases have been completed, the team should schedule a meeting that focuses on reflecting on events that led to the business incident and all the recovery actions taken. The team determine whether the incident resulted from a technical failure or human error, effectiveness of the remediation method, and how to improve the business.

Continuous Evaluation

            This phase involves training and testing. Training all employees or a selected section of employees in then organization could help in preventing the occurrence of a similar incident in future. It is also important to test the new plan after changes have been made based on the insights gained during refection.

Occupant Emergency Plan (OEP)

Purpose

            This plan establishes the first response procedures for people within a facility in the event that an event or threat that can potentially affect the health and safety of occupants, property, or environment. Some these events or threats include chemical release, medical emergency, bomb threat, and fire (Swanson, Bowen, Phillips, Gallup, & Lynes, 2010). The plan does not only provide procedures for evacuation but also those for shelter-in in cases where the event may require occupants to remain within the facility.

Duties and Responsibilities

            It is the responsibility of employees to report and participate in the implementation of the emergency procedures. They are also required to escort visitors, interns, potential confused individuals, and contractors out the affected building as well as account for these individuals through the management structure. The Designated Official is responsible for the development of the plan and coordination of all actions involved in the emergency situation.

Emergency Procedures

            When the emergency event occurs during working hours, all communications should be made through the Designated Official to avoid tying up phone lines as well as conflicting information, except in the event of fire. The employee who first recognizes the threat notifies other occupants and reports to the Designated Official. First aid procedures should be followed if there is a medical emergency.

Evacuation Procedure

            Either a verbal order or a fire alarm shall be used to order employees to evacuate the building. Depending on the nature of the emergency, employees shall be notified about the nature of the emergency as well as any required special precautions. If no advance information is shared to employees, employees should feel closed doors for heat to determine whether they are warm or flames are apparent outside the room, where they may be required to use windows to escape or call for help (Hawai’i National Park, 2008). If doors are safe, employees should exit the rooms and close the doors behind them. if heavy smoke or fames block the nearest path to exit, the occupant should seek another exit or get back to the room, close the door, and exit using the window. Those who cannot evacuate themselves should be evacuated to a general assembly area.

Continuity of Operations Plan (COOP)

Purpose

            The purpose of this plan is to facilitate the restoration of the company’s essential functions at an alternative site and ensure that the tasks are effectively performed within 12 hours and up to 30 days until when operations are restored. The plan does not address minor disruptions or threats that may not call for relocation to another site (Swanson, Bowen, Phillips, Gallup, & Lynes, 2010).

Readiness and Preparedness

            This phase focuses on enhancing the ability of the organization to respond to a continuity of operations event. The organization participates in the full spectrum of the activities involved to ensure that its personnel will be able to continue essential functions. To be ready and prepared, the organization has internal plans and procedures for executing the required changes. Employees are also trained to enhance their familiarity with their roles and responsibilities during the emergency.

Activation and Relocation

            This phase is concerned with the activation of the plan and all the activities involved in transferring records, personnel, equipment, and operations to an alternate facility. The decision to activate the plan and take the corresponding actions varies based on the situation. The decision to activate can be influenced by an event with warning or an event without warning. During the emergency, continuity personnel will move from the primary operating facility to an alternate facility. Those whom may not be required at the moment will be required to go home. The information provided should include the routes to be used during departure.

Continuity Operations

            After the activation of the plan, the organization will continue to operate at the primary facility until required to transfer operations to the alternate facility when essential functions will be transferred. The advance team arrives at the alternate facility to prepare the site for the arrival of the continuity personnel.

Reconstitution Operations

            This phase is concerned with the return to normal operations within 30 days. Reconstitution procedures should commence once it is ascertained that the emergency situation has ended and may not reoccur.

References

Bunkley, N. (2011, May 12). Piecing Together a Supply Chain. Retrieved from New York Times: https://www.nytimes.com/2011/05/13/business/global/13auto.html

Choi, Y. (2018). Selected Readings in Cybersecurity. Cambridge: Cambridge Scholars Publishing.

General Motors. (2020). About GM. Retrieved from https://www.gm.com/our-company/about-gm.html

Hawai’i National Park. (2008). Occupant Emergency Plan . Hawai’i : U.S. Geological Survey .

Ric One. (2019). Incident Response Plan . State of Louisiana.

Swanson, M., Bowen, P., Phillips, A. W., Gallup, D., & Lynes, D. (2010). Contingency Planning Guide for Federal Information Systems. Gaithersburg: National Institute of Standards and Technology.

error: Content is protected !!