See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/230807504

Contingency planning – a literature review

Conference Paper · October 2008

CITATIONS READS

4 37,596

2 authors:

Leão J Fernandes Francisco Saldanha-da-Gama

University of Lisbon University of Lisbon
15 PUBLICATIONS   172 CITATIONS    78 PUBLICATIONS   4,700 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Uncapacitated p-hub median problems View project

Downstream Oil Supply Chain Management View project

All content following this page was uploaded by Leão J Fernandes on 13 June 2014.

The user has requested enhancement of the downloaded file.

 Contingency Planning: A literature review

Leão José Fernandes a, Francisco Saldanha da Gama b

a
CLC – Companhia Logística de Combustíveis, sa., EN 366, Km 18, Aveiras de Cima, 2050-125 Azambuja, Portugal
b
CIO/DEIO - Faculty of Science of the University of Lisbon, Block C6, Piso 4, 1749-016 Lisbon, Portugal

a
Fernandes is an Information Systems Manager for CLC, a strategic Portuguese oil and gas

storage and transport company constituted by the energy groups GalpEnergia, British Petroleum
and Repsol. He holds a Masters degree in Operations Research from the University of Lisbon and a
MBA in E-Business from the Lusófona University. Besides having global experience in Portugal,
Netherlands and India, he has specialized in Information systems management and the Oil and Gas
industry.

b
Saldanha da Gama is a Professor at the Department of Statistics and Operations Research,

Faculty of Science, University of Lisbon. He holds a PhD degree in Statistics and Operations
Research from the University of Lisbon. Besides research and planning in the telecom industry, he
has lectured at University courses, oriented Master and Doctoral thesis, written several
publications in international journals, proceedings and technical reports, and also organized the
European Winter Institute in 2007.
 Contingency Planning: A literature review

Abstract
In any large organization, it is essential to have mechanisms that ensure
constant operation. This is the reality faced everyday by the large logistics companies operating
worldwide. When there is an unexpected disruption, an appropriate contingency plan can make a
huge difference. The definition of an optimal contingency plan is a complex problem involving
diverse resources of which the following be highlighted: systems, equipment, spare parts, services
and specialized manpower. The contingency solution involves alternative processes and recovery
strategies so that in the case of a contingency, all the necessary resources are available in order to
bring the system back to normal operation using the minimum resources and in the least possible
time.
In this paper we survey the existing literature concerning contingency planning. In
particular we focus on different fields of activity pointing out the corresponding (specific) features.
The extensive literature is organized into various topics including business continuity plans,
contingency planning, project management, millennium bug, terrorism threats, government bodies,
military and space missions, informatics resources, norms, standards and implementation
methodologies. A general guidance model for contingency planning is also reviewed.
Keywords: Information Systems, Contingency Planning, Business Continuity.

Introduction
Frenetic globalization has reorganized the global economy into giant supply chain
networks which are characterized by constant mutation and innovation in their quest for survival. In
these complex structures, fighting new threats or adapting to new oportunities is a constant business
reality. In the face of extreme situations, as in accidents or disasters, the urgency to return to normal
conditions within the shortest time is crucial to the survival of those affected. Faced with the threat
to their own survival, companies rarely accept delays in reestablishment from disruptions even if it
is due to an accident or unexpected fact. Recovery and resumption procedures, best known as
contingency plans have emerged to remedy from post-disaster situations. The ultimate goal in the
event of a disaster is to avail of the appropriate resources to ensure quick restoration to normalcy.
 There are different areas of interest for contingency plans. We find good examples in the
areas of planning for health systems, organizing of major events, urban infrastructure emergencies,
systems equipment and automated process failures, terrorism combat plans, military operations and
in natural and environmental disasters like droughts, tsunamis, earthquakes, floods and spills.
A mediatic and current example concerns the health systems, particularly in the context of
combating pandemics and epidemics, which include recent phenomena such as SARS, and avian
flue. The contingency plan for pandemic influenza prepared by the Ministério de Saúde do Brazil
[24] in 2005, involved a network of laboratories, the basic health care services, a network of
specialized assistance, including hospital structures, vaccine acquisition, marketing, distribution and
utilization facilities, besides the surveillance in ports, airports and country borders.
Major events like Olympic Games, cultural exhibitions and international summits, and
concentration of facilities and infrastructures are commonplace and can gather tens of thousands of
people. Various situations such as kidnapping, bomb threatening, disturbances caused by marginal
gangs, fires, explosions, natural disasters and use of weapons require the development of emergency
plans. The plan prepared by Illinois State Police [17] in 1999, contains contingency plan objectives,
security guides, crisis management plans as well as standardized codes of alert.
Known uncertainties such as the Year 2000 challenge, or unexpected ones like the 9/11
attack on the World Trade Center in New York, require very detailed contingency plans. Formiga
[11] in 2006, shows dramatic changes in contingency planning after September 11. While formerly
disaster recovery essentially focussed on Information Technology, the new circumstances changed
its scope even including partner companies and suppliers. In the case of strategic businesses, the
scope covers all businesses in that industry. Contingency planning thus covers failures of critical
systems, equipment, automated processes, energy, communications, suppliers and personnel.
Turbulence characterizes today’s business environment that is subject to fierce competition
and requires rapid response to crises. As the size and number of companies depending on a critical
structure increases, the impact of a crisis also upshoots, leveraging the value of contingency plans to
combat disruptions. The cost to implement and trigger a contingency plan can be high, but the
impact of its absence is prohibitive. Furthermore, the contingency plan total costs grow considerably
as we move from a small contingency, company, industry, national and up to an international
contingency. Not all the contingencies are necessarily linked but when that happens, a small
contingency if not curtailed in time, can create a snowball effect and rapidly trigger a greater crisis.
 We will briefly review contingency planning in specific areas of traditional business where
these concepts are more developed before switching to its application in supply chain networks.

Business Continuity Plans

We distinguish between two concepts found in the literature that create some ambiguity,
namely the Contingency Plans (CP), and Business Continuity Plans (BCP). A CP is an operational
procedure to restore the operation of a business process or a system, which is facing a situation of
contingency. A BCP has a broader scope in the wake of a very critical situation where the survival
of the company is at stake. The BCP typically includes the CP.
The Business Continuity Institute [5] on its website publishes regularly important guides
and content promoting skills, courses and certifications in business continuity. One example of a
planning process is that proposed by the Business Continuity FFIEC [8], which advocates:
 Development of a project for the preparation of the business continuity plan, including the
assumptions and responsibilities;
 Vulnerability Analysis and Business Impact Analysis;
 Devising strategies for recovery based on a scenario of the disruption of a process or in the
absence of a critical resource;
 Identification and acquisition of resources to support the plan after justifying its cost;
 Definition of procedures for response to the emergency, particularly immediate actions to
be implemented when a disaster strikes;
 Definition of procedures for recovery operations, such as the necessary steps to ensure that
the organization recovers operation;
 Development of the business continuity plan based on the information found in previous
steps and production of the specific documentation;
 Training employees on their responsibilities in the event of a disaster;
 Test the plan for business continuity. Here one could use some known techniques, for
example walkthroughs and minidrills;
 Systematic and regular updating of the business continuity plan.
A crisis is not a normal situation and as such, the working conditions are not ideal. Rather,
in a crisis, the conditions are adverse. The nervousness, the inexperience and the complexity of the
problem aggravate the situation requiring that everything must be thought of in advance in order to
guarantee a successful recovery. Contingency planning aims to reduce the chances of failure in a
business and its continuity, reduce risks to the business and reduce possible damage to the brand in
terms of its reputation. All this in a crisis. Time is a critical factor for the reaction to a crisis and
must be realized within the acceptable window of tolerance.
The DTC (design-to-criteria) sequencing used by Raja et al [26] in 2000 implements a
hierarchical network model that uses a structure to collect information with precise definition of
objectives through quantitative analysis of characteristics such as the quality of the solution or time.
Given the complexity of contingency planning, the work addresses the use of decision-making
Markovianos to combine factors such as relationships between tasks, deadlines, availability of
alternatives, and design criteria. They compare design-to-criteria techniques, the Markovian
decision process, and contingency planning, identifying certain characteristics favourable to
contingency planning: methods prone to failure, task sequences with alternative routes, exception
methods, dependency between methods of good performance and between critical methods. They
conclude that the construction of an optimal planning generator using a structure TAEMS, (Task
Analysis, Modeling and Environment Simulation, Decker [7] 1996), is a NP-Hard problem.
Huang et al [15], in 2005, used the CPN (coloured Petri networks) technique for automatic
recovery from failures. In distribution networks with various alternatives, the generation of
contingency plans is achieved through detection, isolation and recovery from failures, using
artificial intelligence systems associated with an inference model built from Colored Petri networks.
In 2006, Horling et al. [14] considers again the technical planning of design-to-criteria
(DTC) projects, which uses a descriptive language to represent a hierarchical network of tasks
TAEMS (Task Analysis, Modeling and Environment Simulation language), which describes
alternatives to achieve the goals. This model can decide in real time, the best alternative based on a
structure that contains information about task-to-task relationships, sequencing restrictions, time
restrictions, dynamic constraints of time and resource use restrictions. The model incorporates some
techniques that help the planning process, including the generation of plans candidates to be
implemented; generation of contingency or alternative plans; new plans according to the DTC; use
of alternative plans for specific predefined methods; new plans with acceptable quality reduction,
identifying cost and duration of the solution, and learning through former efficient solutions.
In 2005, Felstead [9] stressed the need to spend more time planning for contingencies, in
order to reduce risk and assist its management, particularly in priority projects whose goal is
compliance with deadlines. The time factor is critical in the identification, quantification and
monitoring of risks in projects in which the compliance dates is representative. In order to manage
the risks, one should initially begin by identifying and quantifying the risk factors or events. Next,
we should use a method for analyzing the risks and then define the contingencies. The author states
that the organizations and their stakeholders do not give due attention to risk management.
Therefore, the management bodies should ensure their involvement in the decision-making and
planning process to enforce the overall commitment of all stakeholders with a contingency plan.
In 2002, the National Institute of Standards and Technology [25] in their detailed template
for contingency plans, refers to the legislation related to the issue, and proposes an organization to
the contingency team. The contingencies are sub-divided into 4 phases: Response, Resumption,
Recovery and Restoration. This resource contains a list of documentation that should be kept
outside the premises, which includes detailed documentation of systems, configurations, permits,
contingency plans and information for recovery. The recommended strategies address critical issues
such as electricity, diversification of connectivity and storage outside the premises. In the
comprehensive list of terms and definitions, are addressed important issues such as sensitive
information, confidentiality, security, agreements and contracts.
In 2005, JP Morgan Chase Treasury Services [20] address the problem of contingencies
under a different angle. It indicates four vulnerable points in companies, including the availability
and orientation of employees, the physical installation and transportation, electricity and, finally,
telecommunications.
In the same year, Bliss [2] addresses many aspects associated with risks. Identifies criteria
to classify impacts, classifies risks in terms of severity, and discusses techniques of treatment and/or
response to the risks. These techniques include prevention, reduction, transfer, deferral, or
acceptance of risk. It covers relevant information in the area of risk management, and refers to the
database of the Joint Information Systems Committee (JISC) InfoNet, based in the United Kingdom.

Known Unknowns
Towards the end of the 20th century, the computer industry made the biggest impact in
raising awareness of the organizations to the importance of contingency plans. The problem at hand
was the Millennium Bug (Y2K). In 1999, Day [6] identified millions of software, computers,
communication systems and electronic equipment with 2-digit real time clock (RTC) that could
have this problem. Given the short time that organizations in general had, and given the limited
human resources in the area of information technology that the consultancy firms had to develop its
consistency, companies had to create contingency plans, identifying all vulnerable systems, giving
priority to the most critical systems.
Many industrial companies analyze failures of processes to identify vulnerabilities in the
manufacturing process. The control systems in many factories are highly integrated. The states of a
system in many points can be used to calculate the optimal operating conditions. Indeed, the
complexity of a system can cause problems because a failure in one part of the system can quickly
spread to other areas. To prevent potential problems in contingency scenarios of the managers might
consider lowering the level of automation, moving from an integrated manner to the way automated
and, finally, for the control manual. The scenarios of contingency depend on the seriousness of the
problem and the appropriateness of measures of recovery. The worst scenario arises in the case of a
serious problem in that the measure of recovery is inadequate. In this case, the strategy will be more
secure switch to manual operation and use of low-tech means.
Following the attacks of September 11, 2001, contingency planning have a high priority for
organizations after the attacks affected thousands of major companies. According to Arnold [1], the
impacts and economic losses of these terrorist attacks were immense. As a direct result, only in
aviation 100000 people lost their jobs. The Comdisco, company for recovery of data, received 91
disaster declarations 76 of which simultaneously involving major banks and insurance companies,
that resulted in its own bankruptancy in the same year. Companies with destroyed infrastructure,
required to restore and rebuild their operations in order to continue their business. Many companies
had to change their location to vicinities of New York and implement their operations from scratch.

Information Systems
In 2004, Microsoft [23] in its approach to risk management and contingency plans uses the
concept of the Declaration of risk, condition and consequence to safety. If (condition) Threat of an
agent using a tool, a technique or a method to exploit a vulnerability, then (consequence) loss of
confidentiality, integrity or availability of an asset may result in an Impact. The condition provides a
description of an existing state or a possible threat that is considered harmful. The consequence
describes the undesirable loss of confidentiality, integrity or availability of an asset.
In 2002 IBM Global Services [16], strengthened its offer of Disaster Recovery and
Business Continuity. With 120 rehabilitation centres around the world, the company warns that
panic is the immediate reaction to disaster: "If there is no plan, people are lost." The prolongation of
a situation could mean the closure of the unit or the company. Hence, today businesses consider
contingency planning as an important business process, accepting it as an investment in safety.
More recently, White [28] 2005 relating to risk management, addresses the duality between
opportunities and risks. This gives rise to the concept of Enterprise Systems Engineering (ESE),
which recommends aggressiveness towards acceptance of opportunities and risks, as the highest risk
is in not seeking opportunities. Kuras and White [22], 2005, relativize the different types of
uncertainty in the following order: risk, opportunity, inaccessibility and unknown. The article refers
to Garvey’s [12], 2005 interpretation of risk, which believes that: There is no risk if the risk never
happens regardless of its result or the risk occurs without consequences or the risk happens for sure.
In the latter case the risk becomes an Issue, hence it must be eliminated.
The Bundesamt fur Sicherheit in der Informationstechnik (BSI [4]), the British Standards
Institute (BS) and International Standards Organization (ISO) have emerged as references for safety
of Information Systems. The Standard BS7799 was published by the British Standards (BS [3]) in
1995 and later replaced in 2000 by ISO 17799 Information Technology Security (ISO [18]), which
implemented the PDCA (Plan, Do, Check, Act) model. Later, British Standards defined BS7799-2
(BS [3]) on Information Security Management Systems in 2002, which was replaced by ISO 27001
Information Security Management System (ISO [19]) in October 2005.

Contingency theory in Supply Chains

One may ask: Why link contingency planning to Supply Chain Management? The
evolution of supply chains has deemed its complexity. It is known that Supply Chain dynamics and
individual members are more fault-prone than previously assumed. This results from interaction
between the various autonomous members that leads to innumerous states on the local as well as the
supply chain level. Hence the existence of possible risks has to be assumed thus resulting in the
development of proactive and reactive risk management as a relevant success factor in supply chain
management.
Kleindorfer and Saad [21] in 2005 identify two broad categories of risks that affect supply
chain design and management: (1) risks arising from the problems of coordinating supply and
demand, and (2) risks arising from disruptions to normal activities. Their paper analyses the later
category of risks, related with natural disasters, strikes, economic disruptions, and to acts of
purposeful agents including terrorists. On analyzing contingency planning, Kleindorfer and Saad
(2005) observe the emergence of a two-fold approach, based on two levels of management systems:
“operational risk management,” that attend to the traditional tasks of identification, assessment,
management and emergency response; “Enterprise Risk Management (ERM)” that is providing new
visibility and coordination at the most senior levels of management on risks that may have
significant consequences for the financial viability of the company.
Stonebraker et al [27] in 2004 present an evolutionary model relationing four historical
phases for supply chain development as illustrated in figure 1. The model highlights the initial
tendency for differentiation followed by a subsequent twist to integration. The later comes within
the sphere of contingency planning as refered to by the author who emphasizes on three integrative
mechanisms: standardization of policies, rules and procedures; compatible communication formats;
and processes to coordinate across different organizational components.

Differentiation

+ Decentralization
Specialization

Phases of Supply Chain Technology

Phase I – Traditional Manufacturing/Distribution Models
Phase II – Integrated JIT Models +
Phase III – Flexible and Concurrent JIT Models
Phase IV – Agile Supply Chain Mnagement Models

Integration
+ Formalization
Collaboration

Figure 1. An integrative model of supply chains (Source: Stonebraker et al [27], 2004)

Fernandes [10] in 2007 salients the importance of Contingency Planning in the Petroleum
Supply Chain. In Europe, the Petroleum industry has long begun a supply chain policy that has lead
to of lean strategic structures in order to achieve higher efficiency. In Portugal, the major petroleum
companies, GalpEnergia, BP and Shell (now Repsol), created CLC a strategic Oil & Gas storage
and transportation company. The suppliers, company and clients facilities, systems and processes
are intrinsically interlinked to form an extended Petroleum Supply Chain as shown in figure 2. In
the case of its disruption, it immediately affects the countrywide petroleum supply chain, escalating
to a crisis situation in a matter of hours. A prolongation of the situation can bring various sectors of
the economy to a standstill. Due to the companies strategic positioning, the Administration has
directed efforts of contingency planning in three folds: Operational Contingency Plan; Information
Systems Contingency Plan, Avian Flu related Contingency Plan.

Suppliers
1 2 3 4

Brokers Shipper
1 2

Jetty

Procurement Storage Dept.

Dept. Crude
Storage

Operations Dept.
Refinary Blend
CDU
processes tanks

Logistics & Storage Dept.

Sales Product Petrogal
Tanks Refinery

Operations Dept.

Pipeline

Product Bottle
Logistics Storage tanks filling
Dept.
CLC

Transport
Clients
LEGENDA

Material flow

Client’s Customers Information flow

Figure 2. The Petroleum Supply chain in Portugal

A Supply Chain Event Management (SCEM) is a related concept that is used to trigger
contingency planning. The thesis presents some real case examples of contingency planning as
presented in table 1.
 Table 1. Examples of Contingencies in the Petroleum Supply Chain
Disruption Mode Description
Supply side Product shortage can lead to
unmatched orders resulting
lower profits
Supply side Product out of specification
can block upto 25 million
storage capacity per tank.
Transportation Rupture in Pipeline can lead
to prolonged inoperation of
the supply chain
Facilities Safeguard system out of
order leading to unsafe
operation
Information Failure of information
Systems systems leading to
indisponibility of customer
order services
Comunications Comunication infrastructure
failure failure due to fiber optic
interruption
Exceptional Demand over capacity due
demand to increased air traffic or
heating necessity due to
harsh winter
Contingency measure
Use contingency measures including inter-
company exchanges of product. Optimize
replenishment schedules to prioritize stocking
of the product in shortage. Other strategic
reserve capacity measures.
Order immediate suspension of receival of
contaminated lote. Expediate stock to
industries with lower product specification
needs. Suply demand from alternate facilities.
Meet with suppliers and clients to redesign
contingency plan
Suply demand from alternate facilities. Switch
to alternate mode of transport. Design
contingency plan with suppliers and clients
Switch to manual mode operation. Activate
strict manual checks. Order immediate repair
services. Evaluate potential dangers and
alternative renovation requirements.
Activation of redundant systems. Identify
problem area and action maintenance contract.
Gather sourcing information for alternate
system in worstcase cenario.
Activate backup by PSTM lines. Localize
interruption and source immediate mantence
team. Activate other alternate measures.
Optimize replenishment schedules. Optimize
and increase production shifts. Activate
alternative supplies.
 Contingency planning in supply chains is strongly referred to by Hale et al [13] in 2005.
The paper refers to the efforts made by Organizations in the United States of America, namely those
of the Federal Emergency Management Association (FEMA), Disaster Research Center (DRC) and
Council of Logistics Management (CLM). Since 2001, there have been innumerous references to
disaster planning within supply chains in four of the top journals namely: Journal of Business
Logistics, International Journal of Physical Distribution & Logistics Management, International
Journal of Logistics Management, and Supply Chain Management Review.

Conclusions
The literature reviewed, clearly demonstrates the importance of contingency planning in
Supply Chain Management as well as in traditional business. The documenting standards found in
the literature are not optimal resulting in static, descriptive and non-funtional plans. They could
benefit from a flexible structure thereby permitting constant improval and greater efficiency to the
planning process. This suggests ample scope for research on an optimal structure and considerations
for a broader usage of these plans.
Although Contingency plans are effectively a sound investment for probable failures, there
appears to be a shift, especially in supply chains to resilient building. Resilient organizations also
use the concepts of contingency planning to identify vulnerabilities throughout the supply chain and
use flexibility to patch existing gaps turning the entire system more robust. This method is
especially more effective in the case of low frequency high impact failures, where supply chains can
have an overall lift in risk management through flexible, standardized and integrated design.

References

[1] Arnold, R.L., Disaster Recovery Journal, October 2001, Attack on America:
recovery from Sept.11 Events is slow process, http://www.drj.com/special/srl.html

[2] Bliss, J., Risk Management and Contingency Planning, Arts and Humanities Data Service,
2005, http://ahds.ac.uk/creating/information-papers/risk-management

[3] BS, British Standards, The BS7799 / BS 7799 Security Standard, 1999,
http://www.thewindow.to/bs7799/
[4] BSI, BSI-Standard 100-3: Risk Analysis based on IT-Grundschutz, 2005,
http://www.bsi.de/english/publications/bsi_standards/standard_1003_e.pdf

[5] Business Continuity Institute, To promote the art and science of business continuity
management, 2007, http://www.thebci.org/

[6] Day, C.W., Are You Ready for Y2K? American School & University 71 (1999), 70-71.

[7] Decker, K., TAEMS: A framework for environment centered analysis & design of
coordination mechanisms, in G. O’Hara and N. Jennings, Foundations of distributed
artificial Intelligence, 1996, Willey Inter-Science, Chapter 16, 429-448.

[8] Federal Financial Institutions Examination Council (FFIEC), Business Continuity

Planning, 2004, http://www.ffiec.gov/ffiecinfobase/booklets/bcp/bus_continuity_plan.pdf

[9] Felstead, C., The Challenge of IT Fixed End Projects – New Risk Management Strategies,
Project Management Institute Global Congress, Singapore, 21-23, February 2005.

[10] Fernandes, L.J., Um modelo de planeamento preventivo correctrivo e de contingência em

Sistemas de Informação – Aplicação a um Parque de Combustíveis, MSc Thesis, 2007.

[11] Formiga, A., Estratégia para a Continuidade de Negócio (Business Continuity Plan –
BCP), CESCE SI, Lisboa, 2006,
http://www.idc.pt/resources/PPTs/2006/Business_Continuity/5.CESCE.pdf

[12] Garvey, P., Probability methods for cost uncertainty analysis – A systems engineering
perspective, Marcel Decker, Inc., New York, 2005.

[13] Hale, T., Moberg, C.R., Improving supply chain disaster preparedness, International Journal of
Physical Distribution & Logistics Management, Emerald Group, Vol. 35, No. 3, 2005, 195-207

[14] Horling, B., Lesser, V., Vicent, R., Wagner, T., The Soft Real-Time Agent Control
Architecture, Autonomous Agents and Multi-Agent Systems 12 (2006), 35-91.

[15] Huang, M.Y., Chen, C.S., Lin, C.-H., Innovative service restoration of distributed systems by
considering short-term load forecasting of service zones, International Journal of Electric
Power & Energy Systems 27 (2005), 417-427.
 [16] IBM Global Services, Business Continuity & Recovery Services, Integrated Technology
Services Newsletter Special Edition, 2002, http://www-5.ibm.com/services/pt/its/newsletters

[17] Illinois State Police, Safe Schools: Unified Emergency Contingency Plan for Schools, 1999,
http://edres.org/eric/ED433598.htm

[18] ISO, Norm ISO 17799, 2000, http://www.computersecuritynow.com

[19] ISO, Norm ISO 27001, 2005, http://www.27001-online.com

[20] JP Morgan Chase Treasury Services, Wake-Up Call: Hurricanes Prompt Financial
Community to Re-think Business Continuity, 2005, http://www.jpmorganchase.com

[21] Kleindorfer, P.R., Saad, G.H., Managing Disruption Risks in Supply Chains, Production and
Operations Management, Vol 14, No. 1, Spring 2005, pp 53-68.

[22] Kuras, M.L., White, B.E., Engineering enterprises using complex-system engineering,
INCOSE 2005 Symposium, 10-15 July 2005, Rochester, New York, EUA.

[23] Microsoft, Compreendendo a Disciplina de Gerenciamento de Riscos, 2004,

http://www.microsoft.com/brasil/security/guidance/prodtech/win2000/secmod134.mspx

[24] Ministério de Saúde do Brasil, Plano de preparação brasileiro para o enfrentamento de

uma pandemia de influenza, 2005, http://dtr2001.saude.gov.br/influenza/docs/flu1.pdf

[25] National Institute of Standards and Technology (USA), Contingency Plan Template,
2002, http://csrc.nist.gov/fasp/FASPDocs/contingency-plan/contingencyplan-template.doc

[26] Raja, A., Lesser, V., Wagner, T., Toward robust agent control in open environments,
Proceedings of the fourth International Conference on Autonomous Agents AGENTS’00,
Barcelona, Spain, 3 Junho, 2000, 84-91.

[27] Stonebraker, P.W., Afifi, R., Towards a contingency theory of supply chains, Management
Decision Journal, Emerald Group, Vol. 42, No. 9, 2004, 1131-1144

[28] White, B.E., Enterprise Opportunity and Risk, Mitre Corporation, Technical paper,
2006, http://www.mitre.org/work/tech_papers/tech_papers_06/05_1262/05_1262.pdf

View publication stats