Contingency Planning

184 downloads 0 Views 351KB Size Report
In 2004, Microsoft [23] in its approach to risk management and contingency .... Product. Storage tanks. Pipeline. Material flow. Information flow. LEGENDA ... http://www.bsi.de/english/publications/bsi_standards/standard_1003_e.pdf ... Proceedings of the fourth International Conference on Autonomous Agents AGENTS'00,.
Contingency Planning: A literature review Leão José Fernandes a, Francisco Saldanha da Gama b a b a

CLC – Companhia Logística de Combustíveis, sa., EN 366, Km 18, Aveiras de Cima, 2050-125 Azambuja, Portugal CIO/DEIO - Faculty of Science of the University of Lisbon, Block C6, Piso 4, 1749-016 Lisbon, Portugal

Fernandes is an Information Systems Manager for CLC, a strategic Portuguese oil and gas

storage and transport company constituted by the energy groups GalpEnergia, British Petroleum and Repsol. He holds a Masters degree in Operations Research from the University of Lisbon and a MBA in E-Business from the Lusófona University. Besides having global experience in Portugal, Netherlands and India, he has specialized in Information systems management and the Oil and Gas industry. b

Saldanha da Gama is a Professor at the Department of Statistics and Operations Research,

Faculty of Science, University of Lisbon. He holds a PhD degree in Statistics and Operations Research from the University of Lisbon. Besides research and planning in the telecom industry, he has lectured at University courses, oriented Master and Doctoral thesis, written several publications in international journals, proceedings and technical reports, and also organized the European Winter Institute in 2007.

Contingency Planning: A literature review Abstract In any large organization, it is essential to have mechanisms that ensure constant operation. This is the reality faced everyday by the large logistics companies operating worldwide. When there is an unexpected disruption, an appropriate contingency plan can make a huge difference. The definition of an optimal contingency plan is a complex problem involving diverse resources of which the following be highlighted: systems, equipment, spare parts, services and specialized manpower. The contingency solution involves alternative processes and recovery strategies so that in the case of a contingency, all the necessary resources are available in order to bring the system back to normal operation using the minimum resources and in the least possible time. In this paper we survey the existing literature concerning contingency planning. In particular we focus on different fields of activity pointing out the corresponding (specific) features. The extensive literature is organized into various topics including business continuity plans, contingency planning, project management, millennium bug, terrorism threats, government bodies, military and space missions, informatics resources, norms, standards and implementation methodologies. A general guidance model for contingency planning is also reviewed.

Keywords: Information Systems, Contingency Planning, Business Continuity. Introduction Frenetic globalization has reorganized the global economy into giant supply chain networks which are characterized by constant mutation and innovation in their quest for survival. In these complex structures, fighting new threats or adapting to new oportunities is a constant business reality. In the face of extreme situations, as in accidents or disasters, the urgency to return to normal conditions within the shortest time is crucial to the survival of those affected. Faced with the threat to their own survival, companies rarely accept delays in reestablishment from disruptions even if it is due to an accident or unexpected fact. Recovery and resumption procedures, best known as contingency plans have emerged to remedy from post-disaster situations. The ultimate goal in the event of a disaster is to avail of the appropriate resources to ensure quick restoration to normalcy.

There are different areas of interest for contingency plans. We find good examples in the areas of planning for health systems, organizing of major events, urban infrastructure emergencies, systems equipment and automated process failures, terrorism combat plans, military operations and in natural and environmental disasters like droughts, tsunamis, earthquakes, floods and spills. A mediatic and current example concerns the health systems, particularly in the context of combating pandemics and epidemics, which include recent phenomena such as SARS, and avian flue. The contingency plan for pandemic influenza prepared by the Ministério de Saúde do Brazil [24] in 2005, involved a network of laboratories, the basic health care services, a network of specialized assistance, including hospital structures, vaccine acquisition, marketing, distribution and utilization facilities, besides the surveillance in ports, airports and country borders. Major events like Olympic Games, cultural exhibitions and international summits, and concentration of facilities and infrastructures are commonplace and can gather tens of thousands of people. Various situations such as kidnapping, bomb threatening, disturbances caused by marginal gangs, fires, explosions, natural disasters and use of weapons require the development of emergency plans. The plan prepared by Illinois State Police [17] in 1999, contains contingency plan objectives, security guides, crisis management plans as well as standardized codes of alert. Known uncertainties such as the Year 2000 challenge, or unexpected ones like the 9/11 attack on the World Trade Center in New York, require very detailed contingency plans. Formiga [11] in 2006, shows dramatic changes in contingency planning after September 11. While formerly disaster recovery essentially focussed on Information Technology, the new circumstances changed its scope even including partner companies and suppliers. In the case of strategic businesses, the scope covers all businesses in that industry. Contingency planning thus covers failures of critical systems, equipment, automated processes, energy, communications, suppliers and personnel. Turbulence characterizes today’s business environment that is subject to fierce competition and requires rapid response to crises. As the size and number of companies depending on a critical structure increases, the impact of a crisis also upshoots, leveraging the value of contingency plans to combat disruptions. The cost to implement and trigger a contingency plan can be high, but the impact of its absence is prohibitive. Furthermore, the contingency plan total costs grow considerably as we move from a small contingency, company, industry, national and up to an international contingency. Not all the contingencies are necessarily linked but when that happens, a small contingency if not curtailed in time, can create a snowball effect and rapidly trigger a greater crisis.

We will briefly review contingency planning in specific areas of traditional business where these concepts are more developed before switching to its application in supply chain networks.

Business Continuity Plans We distinguish between two concepts found in the literature that create some ambiguity, namely the Contingency Plans (CP), and Business Continuity Plans (BCP). A CP is an operational procedure to restore the operation of a business process or a system, which is facing a situation of contingency. A BCP has a broader scope in the wake of a very critical situation where the survival of the company is at stake. The BCP typically includes the CP. The Business Continuity Institute [5] on its website publishes regularly important guides and content promoting skills, courses and certifications in business continuity. One example of a planning process is that proposed by the Business Continuity FFIEC [8], which advocates: 

Development of a project for the preparation of the business continuity plan, including the assumptions and responsibilities;



Vulnerability Analysis and Business Impact Analysis;



Devising strategies for recovery based on a scenario of the disruption of a process or in the absence of a critical resource;



Identification and acquisition of resources to support the plan after justifying its cost;



Definition of procedures for response to the emergency, particularly immediate actions to be implemented when a disaster strikes;



Definition of procedures for recovery operations, such as the necessary steps to ensure that the organization recovers operation;



Development of the business continuity plan based on the information found in previous steps and production of the specific documentation;



Training employees on their responsibilities in the event of a disaster;



Test the plan for business continuity. Here one could use some known techniques, for example walkthroughs and minidrills;



Systematic and regular updating of the business continuity plan. A crisis is not a normal situation and as such, the working conditions are not ideal. Rather,

in a crisis, the conditions are adverse. The nervousness, the inexperience and the complexity of the problem aggravate the situation requiring that everything must be thought of in advance in order to

guarantee a successful recovery. Contingency planning aims to reduce the chances of failure in a business and its continuity, reduce risks to the business and reduce possible damage to the brand in terms of its reputation. All this in a crisis. Time is a critical factor for the reaction to a crisis and must be realized within the acceptable window of tolerance. The DTC (design-to-criteria) sequencing used by Raja et al [26] in 2000 implements a hierarchical network model that uses a structure to collect information with precise definition of objectives through quantitative analysis of characteristics such as the quality of the solution or time. Given the complexity of contingency planning, the work addresses the use of decision-making Markovianos to combine factors such as relationships between tasks, deadlines, availability of alternatives, and design criteria. They compare design-to-criteria techniques, the Markovian decision process, and contingency planning, identifying certain characteristics favourable to contingency planning: methods prone to failure, task sequences with alternative routes, exception methods, dependency between methods of good performance and between critical methods. They conclude that the construction of an optimal planning generator using a structure TAEMS, (Task Analysis, Modeling and Environment Simulation, Decker [7] 1996), is a NP-Hard problem. Huang et al [15], in 2005, used the CPN (coloured Petri networks) technique for automatic recovery from failures. In distribution networks with various alternatives, the generation of contingency plans is achieved through detection, isolation and recovery from failures, using artificial intelligence systems associated with an inference model built from Colored Petri networks. In 2006, Horling et al. [14] considers again the technical planning of design-to-criteria (DTC) projects, which uses a descriptive language to represent a hierarchical network of tasks TAEMS (Task Analysis, Modeling and Environment Simulation language), which describes alternatives to achieve the goals. This model can decide in real time, the best alternative based on a structure that contains information about task-to-task relationships, sequencing restrictions, time restrictions, dynamic constraints of time and resource use restrictions. The model incorporates some techniques that help the planning process, including the generation of plans candidates to be implemented; generation of contingency or alternative plans; new plans according to the DTC; use of alternative plans for specific predefined methods; new plans with acceptable quality reduction, identifying cost and duration of the solution, and learning through former efficient solutions. In 2005, Felstead [9] stressed the need to spend more time planning for contingencies, in order to reduce risk and assist its management, particularly in priority projects whose goal is

compliance with deadlines. The time factor is critical in the identification, quantification and monitoring of risks in projects in which the compliance dates is representative. In order to manage the risks, one should initially begin by identifying and quantifying the risk factors or events. Next, we should use a method for analyzing the risks and then define the contingencies. The author states that the organizations and their stakeholders do not give due attention to risk management. Therefore, the management bodies should ensure their involvement in the decision-making and planning process to enforce the overall commitment of all stakeholders with a contingency plan. In 2002, the National Institute of Standards and Technology [25] in their detailed template for contingency plans, refers to the legislation related to the issue, and proposes an organization to the contingency team. The contingencies are sub-divided into 4 phases: Response, Resumption, Recovery and Restoration. This resource contains a list of documentation that should be kept outside the premises, which includes detailed documentation of systems, configurations, permits, contingency plans and information for recovery. The recommended strategies address critical issues such as electricity, diversification of connectivity and storage outside the premises. In the comprehensive list of terms and definitions, are addressed important issues such as sensitive information, confidentiality, security, agreements and contracts. In 2005, JP Morgan Chase Treasury Services [20] address the problem of contingencies under a different angle. It indicates four vulnerable points in companies, including the availability and orientation of employees, the physical installation and transportation, electricity and, finally, telecommunications. In the same year, Bliss [2] addresses many aspects associated with risks. Identifies criteria to classify impacts, classifies risks in terms of severity, and discusses techniques of treatment and/or response to the risks. These techniques include prevention, reduction, transfer, deferral, or acceptance of risk. It covers relevant information in the area of risk management, and refers to the database of the Joint Information Systems Committee (JISC) InfoNet, based in the United Kingdom.

Known Unknowns Towards the end of the 20th century, the computer industry made the biggest impact in raising awareness of the organizations to the importance of contingency plans. The problem at hand was the Millennium Bug (Y2K). In 1999, Day [6] identified millions of software, computers, communication systems and electronic equipment with 2-digit real time clock (RTC) that could

have this problem. Given the short time that organizations in general had, and given the limited human resources in the area of information technology that the consultancy firms had to develop its consistency, companies had to create contingency plans, identifying all vulnerable systems, giving priority to the most critical systems. Many industrial companies analyze failures of processes to identify vulnerabilities in the manufacturing process. The control systems in many factories are highly integrated. The states of a system in many points can be used to calculate the optimal operating conditions. Indeed, the complexity of a system can cause problems because a failure in one part of the system can quickly spread to other areas. To prevent potential problems in contingency scenarios of the managers might consider lowering the level of automation, moving from an integrated manner to the way automated and, finally, for the control manual. The scenarios of contingency depend on the seriousness of the problem and the appropriateness of measures of recovery. The worst scenario arises in the case of a serious problem in that the measure of recovery is inadequate. In this case, the strategy will be more secure switch to manual operation and use of low-tech means. Following the attacks of September 11, 2001, contingency planning have a high priority for organizations after the attacks affected thousands of major companies. According to Arnold [1], the impacts and economic losses of these terrorist attacks were immense. As a direct result, only in aviation 100000 people lost their jobs. The Comdisco, company for recovery of data, received 91 disaster declarations 76 of which simultaneously involving major banks and insurance companies, that resulted in its own bankruptancy in the same year. Companies with destroyed infrastructure, required to restore and rebuild their operations in order to continue their business. Many companies had to change their location to vicinities of New York and implement their operations from scratch.

Information Systems In 2004, Microsoft [23] in its approach to risk management and contingency plans uses the concept of the Declaration of risk, condition and consequence to safety. If (condition) Threat of an agent using a tool, a technique or a method to exploit a vulnerability, then (consequence) loss of confidentiality, integrity or availability of an asset may result in an Impact. The condition provides a description of an existing state or a possible threat that is considered harmful. The consequence describes the undesirable loss of confidentiality, integrity or availability of an asset. In 2002 IBM Global Services [16], strengthened its offer of Disaster Recovery and

Business Continuity. With 120 rehabilitation centres around the world, the company warns that panic is the immediate reaction to disaster: "If there is no plan, people are lost." The prolongation of a situation could mean the closure of the unit or the company. Hence, today businesses consider contingency planning as an important business process, accepting it as an investment in safety. More recently, White [28] 2005 relating to risk management, addresses the duality between opportunities and risks. This gives rise to the concept of Enterprise Systems Engineering (ESE), which recommends aggressiveness towards acceptance of opportunities and risks, as the highest risk is in not seeking opportunities. Kuras and White [22], 2005, relativize the different types of uncertainty in the following order: risk, opportunity, inaccessibility and unknown. The article refers to Garvey’s [12], 2005 interpretation of risk, which believes that: There is no risk if the risk never happens regardless of its result or the risk occurs without consequences or the risk happens for sure. In the latter case the risk becomes an Issue, hence it must be eliminated. The Bundesamt fur Sicherheit in der Informationstechnik (BSI [4]), the British Standards Institute (BS) and International Standards Organization (ISO) have emerged as references for safety of Information Systems. The Standard BS7799 was published by the British Standards (BS [3]) in 1995 and later replaced in 2000 by ISO 17799 Information Technology Security (ISO [18]), which implemented the PDCA (Plan, Do, Check, Act) model. Later, British Standards defined BS7799-2 (BS [3]) on Information Security Management Systems in 2002, which was replaced by ISO 27001 Information Security Management System (ISO [19]) in October 2005.

Contingency theory in Supply Chains One may ask: Why link contingency planning to Supply Chain Management? The evolution of supply chains has deemed its complexity. It is known that Supply Chain dynamics and individual members are more fault-prone than previously assumed. This results from interaction between the various autonomous members that leads to innumerous states on the local as well as the supply chain level. Hence the existence of possible risks has to be assumed thus resulting in the development of proactive and reactive risk management as a relevant success factor in supply chain management. Kleindorfer and Saad [21] in 2005 identify two broad categories of risks that affect supply chain design and management: (1) risks arising from the problems of coordinating supply and demand, and (2) risks arising from disruptions to normal activities. Their paper analyses the later

category of risks, related with natural disasters, strikes, economic disruptions, and to acts of purposeful agents including terrorists. On analyzing contingency planning, Kleindorfer and Saad (2005) observe the emergence of a two-fold approach, based on two levels of management systems: “operational risk management,” that attend to the traditional tasks of identification, assessment, management and emergency response; “Enterprise Risk Management (ERM)” that is providing new visibility and coordination at the most senior levels of management on risks that may have significant consequences for the financial viability of the company. Stonebraker et al [27] in 2004 present an evolutionary model relationing four historical phases for supply chain development as illustrated in figure 1. The model highlights the initial tendency for differentiation followed by a subsequent twist to integration. The later comes within the sphere of contingency planning as refered to by the author who emphasizes on three integrative mechanisms: standardization of policies, rules and procedures; compatible communication formats; and processes to coordinate across different organizational components.

Differentiation

+

Decentralization Specialization

Phases of Supply Chain Technology Phase I – Traditional Manufacturing/Distribution Models Phase II – Integrated JIT Models Phase III – Flexible and Concurrent JIT Models Phase IV – Agile Supply Chain Mnagement Models

+ +

Integration Formalization Collaboration

Figure 1. An integrative model of supply chains (Source: Stonebraker et al [27], 2004) Fernandes [10] in 2007 salients the importance of Contingency Planning in the Petroleum Supply Chain. In Europe, the Petroleum industry has long begun a supply chain policy that has lead to of lean strategic structures in order to achieve higher efficiency. In Portugal, the major petroleum companies, GalpEnergia, BP and Shell (now Repsol), created CLC a strategic Oil & Gas storage and transportation company. The suppliers, company and clients facilities, systems and processes are intrinsically interlinked to form an extended Petroleum Supply Chain as shown in figure 2. In

the case of its disruption, it immediately affects the countrywide petroleum supply chain, escalating to a crisis situation in a matter of hours. A prolongation of the situation can bring various sectors of the economy to a standstill. Due to the companies strategic positioning, the Administration has directed efforts of contingency planning in three folds: Operational Contingency Plan; Information Systems Contingency Plan, Avian Flu related Contingency Plan. 1

Suppliers 2 3 4

Shipper 1 2

Brokers

Jetty

Procurement Dept.

Storage Dept. Crude Storage Operations Dept. CDU

Logistics & Sales

Refinary processes

Blend tanks

Storage Dept. Product Tanks

Petrogal Refinery

Operations Dept. Pipeline

Logistics Dept.

Product Storage tanks

Bottle filling CLC

Transport Clients LEGENDA Material flow

Client’s Customers

Information flow

Figure 2. The Petroleum Supply chain in Portugal A Supply Chain Event Management (SCEM) is a related concept that is used to trigger contingency planning. The thesis presents some real case examples of contingency planning as presented in table 1.

Table 1. Examples of Contingencies in the Petroleum Supply Chain Disruption Mode

Description

Contingency measure

Supply side

Product shortage can lead to

Use contingency measures including inter-

unmatched orders resulting

company exchanges of product. Optimize

lower profits

replenishment schedules to prioritize stocking of the product in shortage. Other strategic reserve capacity measures.

Supply side

Product out of specification

Order immediate suspension of receival of

can block upto 25 million

contaminated lote. Expediate stock to

storage capacity per tank.

industries with lower product specification needs. Suply demand from alternate facilities. Meet with suppliers and clients to redesign contingency plan

Transportation

Facilities

Rupture in Pipeline can lead

Suply demand from alternate facilities. Switch

to prolonged inoperation of

to alternate mode of transport. Design

the supply chain

contingency plan with suppliers and clients

Safeguard system out of

Switch to manual mode operation. Activate

order leading to unsafe

strict manual checks. Order immediate repair

operation

services. Evaluate potential dangers and alternative renovation requirements.

Information

Failure of information

Activation of redundant systems. Identify

Systems

systems leading to

problem area and action maintenance contract.

indisponibility of customer

Gather sourcing information for alternate

order services

system in worstcase cenario.

Comunications

Comunication infrastructure

Activate backup by PSTM lines. Localize

failure

failure due to fiber optic

interruption and source immediate mantence

interruption

team. Activate other alternate measures.

Exceptional

Demand over capacity due

Optimize replenishment schedules. Optimize

demand

to increased air traffic or

and increase production shifts. Activate

heating necessity due to

alternative supplies.

harsh winter

Contingency planning in supply chains is strongly referred to by Hale et al [13] in 2005. The paper refers to the efforts made by Organizations in the United States of America, namely those of the Federal Emergency Management Association (FEMA), Disaster Research Center (DRC) and Council of Logistics Management (CLM). Since 2001, there have been innumerous references to disaster planning within supply chains in four of the top journals namely: Journal of Business Logistics, International Journal of Physical Distribution & Logistics Management, International Journal of Logistics Management, and Supply Chain Management Review.

Conclusions The literature reviewed, clearly demonstrates the importance of contingency planning in Supply Chain Management as well as in traditional business. The documenting standards found in the literature are not optimal resulting in static, descriptive and non-funtional plans. They could benefit from a flexible structure thereby permitting constant improval and greater efficiency to the planning process. This suggests ample scope for research on an optimal structure and considerations for a broader usage of these plans. Although Contingency plans are effectively a sound investment for probable failures, there appears to be a shift, especially in supply chains to resilient building. Resilient organizations also use the concepts of contingency planning to identify vulnerabilities throughout the supply chain and use flexibility to patch existing gaps turning the entire system more robust. This method is especially more effective in the case of low frequency high impact failures, where supply chains can have an overall lift in risk management through flexible, standardized and integrated design.

References [1]

Arnold, R.L., Disaster Recovery Journal, October 2001, Attack on America: recovery from Sept.11 Events is slow process, http://www.drj.com/special/srl.html

[2]

Bliss, J., Risk Management and Contingency Planning, Arts and Humanities Data Service, 2005, http://ahds.ac.uk/creating/information-papers/risk-management

[3]

BS, British Standards, The BS7799 / BS 7799 Security Standard, 1999, http://www.thewindow.to/bs7799/

[4]

BSI, BSI-Standard 100-3: Risk Analysis based on IT-Grundschutz, 2005, http://www.bsi.de/english/publications/bsi_standards/standard_1003_e.pdf

[5]

Business Continuity Institute, To promote the art and science of business continuity management, 2007, http://www.thebci.org/

[6]

Day, C.W., Are You Ready for Y2K? American School & University 71 (1999), 70-71.

[7]

Decker, K., TAEMS: A framework for environment centered analysis & design of coordination mechanisms, in G. O’Hara and N. Jennings, Foundations of distributed artificial Intelligence, 1996, Willey Inter-Science, Chapter 16, 429-448.

[8]

Federal Financial Institutions Examination Council (FFIEC), Business Continuity Planning, 2004, http://www.ffiec.gov/ffiecinfobase/booklets/bcp/bus_continuity_plan.pdf

[9]

Felstead, C., The Challenge of IT Fixed End Projects – New Risk Management Strategies, Project Management Institute Global Congress, Singapore, 21-23, February 2005.

[10] Fernandes, L.J., Um modelo de planeamento preventivo correctrivo e de contingência em Sistemas de Informação – Aplicação a um Parque de Combustíveis, MSc Thesis, 2007.

[11] Formiga, A., Estratégia para a Continuidade de Negócio (Business Continuity Plan – BCP), CESCE SI, Lisboa, 2006, http://www.idc.pt/resources/PPTs/2006/Business_Continuity/5.CESCE.pdf

[12] Garvey, P., Probability methods for cost uncertainty analysis – A systems engineering perspective, Marcel Decker, Inc., New York, 2005.

[13] Hale, T., Moberg, C.R., Improving supply chain disaster preparedness, International Journal of Physical Distribution & Logistics Management, Emerald Group, Vol. 35, No. 3, 2005, 195-207

[14] Horling, B., Lesser, V., Vicent, R., Wagner, T., The Soft Real-Time Agent Control Architecture, Autonomous Agents and Multi-Agent Systems 12 (2006), 35-91.

[15] Huang, M.Y., Chen, C.S., Lin, C.-H., Innovative service restoration of distributed systems by considering short-term load forecasting of service zones, International Journal of Electric Power & Energy Systems 27 (2005), 417-427.

[16] IBM Global Services, Business Continuity & Recovery Services, Integrated Technology Services Newsletter Special Edition, 2002, http://www-5.ibm.com/services/pt/its/newsletters

[17] Illinois State Police, Safe Schools: Unified Emergency Contingency Plan for Schools, 1999, http://edres.org/eric/ED433598.htm

[18] ISO, Norm ISO 17799, 2000, http://www.computersecuritynow.com [19] ISO, Norm ISO 27001, 2005, http://www.27001-online.com [20] JP Morgan Chase Treasury Services, Wake-Up Call: Hurricanes Prompt Financial Community to Re-think Business Continuity, 2005, http://www.jpmorganchase.com

[21] Kleindorfer, P.R., Saad, G.H., Managing Disruption Risks in Supply Chains, Production and Operations Management, Vol 14, No. 1, Spring 2005, pp 53-68.

[22] Kuras, M.L., White, B.E., Engineering enterprises using complex-system engineering, INCOSE 2005 Symposium, 10-15 July 2005, Rochester, New York, EUA.

[23] Microsoft, Compreendendo a Disciplina de Gerenciamento de Riscos, 2004, http://www.microsoft.com/brasil/security/guidance/prodtech/win2000/secmod134.mspx

[24] Ministério de Saúde do Brasil, Plano de preparação brasileiro para o enfrentamento de uma pandemia de influenza, 2005, http://dtr2001.saude.gov.br/influenza/docs/flu1.pdf

[25] National Institute of Standards and Technology (USA), Contingency Plan Template, 2002, http://csrc.nist.gov/fasp/FASPDocs/contingency-plan/contingencyplan-template.doc

[26] Raja, A., Lesser, V., Wagner, T., Toward robust agent control in open environments, Proceedings of the fourth International Conference on Autonomous Agents AGENTS’00, Barcelona, Spain, 3 Junho, 2000, 84-91.

[27] Stonebraker, P.W., Afifi, R., Towards a contingency theory of supply chains, Management Decision Journal, Emerald Group, Vol. 42, No. 9, 2004, 1131-1144

[28] White, B.E., Enterprise Opportunity and Risk, Mitre Corporation, Technical paper, 2006, http://www.mitre.org/work/tech_papers/tech_papers_06/05_1262/05_1262.pdf