Case Study: Comair

Comair is a subsidiary of Delta Air Lines. The airline experienced an IT incident on

December 24, 2004, when the company’s crew-scheduling system failed. Federal Aviation
Administration (FAA) safety regulations limit the number of hours any aircrew member can
work in a twenty-four hour period. The scheduling system ensures compliance with the
strictly enforced regulation and an airline cannot operate without its crew-scheduling
system. December is the busiest month for US airlines because of the holidays and airlines
were operating at full capacity. The United States experienced bad weather during December
of 2004. Airlines had to cancel and reschedule many flights, including ninety percent of
all flights between December 22 and December 24.

Comair purchased its crew-scheduling system from an external vendor. No one at the airline
knew that the system was only capable of handling a maximum of thirty-two thousand changes
per month. The system abruptly stopped functioning at about 10 pm on Christmas Eve after
the airline exceeded the monthly capacity of the system. The airline’s IT-team made a quick
assessment and thought that the problem can be resolved by re-booting the system, but they
were unable to restart the system. The logical next step was to re-install the entire
system as quickly as possible and the IT-team had the system online late on Christmas Day.
At that stage, the crews and aircraft were widely dispersed and Comair had problems to
assemble them where needed. The airline was only able to resume normal operations on
December 29. As the company struggled to recover from the disaster, nearly two-hundred
thousand stranded Comair passengers roamed airport terminals throughout the US. Airlines
were fully booked for the holiday travel season and there were few alternatives flights.
During this period, camera crews from local and international television news outlets
followed passengers, broadcasting their and Comair’s distress to the American public.

The US Secretary of Transportation announced an investigation shortly after the incident

and the company’s CEO resigned a week later. The estimated loss in revenue as a direct
result of this incident amounted to 20 million US dollar in addition to the damage to the
company’s reputation, its management and its customers. The loss from this single incident
was nearly as high as the firm’s entire 25.7 million dollar operating profit for the
previous quarter.

The company had delayed the replacement of the scheduling system several times before it
failed. The system had been running for years, the likelihood of a complete systems failure
was low and the business decision to delay was rational despite the outcome. That the
system failed at a point in time when its failure was maximally damaging to the company and
its customers was extremely bad luck, but difficult to predict. However, more was involved
than an unfortunate decision to defer an upgrade. Comair lacked a viable plan for the
immediate recovery of this critical business process. Its executives failed to plan for
such a high-impact failure, however unlikely it seemed. When the software went down, there
was no backup system to put into immediate service and the third-party vendor was not
available on call or ready to step in. The airline also did not have a manual backup plan
in the event that the system might not be available. Therefore, apart from the computer
system failure, senior management at Comair did not understand or manage the business
consequences of Information Technology risk.