Friday, 26 June 2015

Suppliers at risk from their couriers

Our offices are located in a busy part of town which happens to be part of a UNESCO World Heritage Site. The place is in the bottom of charming countryside river valley with hills either side. There's a mix of businesses and homes surrounding us. It is a very friendly sort of place and people leave their building's back doors unlocked, the front doors are locked to keep the tourists out. As with most businesses we have courier delivery and collection of various packages. If anyone is not at home/office one of the neighbours will always take in a parcel. Pretty much all of the couriers cope with this environment extremely well.

The better couriers will send an SMS text message to accurately predict when when they anticipate delivery. Others will attempt to deliver with no notification. If no one is available to receive the package, the driver will leave a note and either return the package to base or lodge it with a neighbour. In the case of the return to base, they'll attempt redelivery at a later date. This system works.

However our experience with UPS couriers is rather different. They don't advise in advance of a delivery. They make one attempt to deliver a package. If that doesn't work, they don't attempt to leave it with a neighbour nor do they return it to base. No, UPS take it upon themselves to deposit the parcel some hours later at a "nearby" collection point and leave a note through your door to that effect. The onus is then on the addressee to go an collect the parcel. It would be helpful if the delivery attempt note gave an address where you should go collect. In our case it was the name of a newspaper shop we'd never seen before. We had to use Google to track it down. The collection point was over 2.1 Kilometres away up the hillside approximately 200 metres higher. A good job we have a car to travel to it. It is not an easy walk. Disabled, or elderly people might find that a bit inconvenient to reach.

Someone in UPS seems to think they can save money by only attempting just one delivery before forcing the customer to collect from another location. It is a small wonder for us to discover their CEO's annual "compensation" doubled in 2014 to $8.4 Million. Perhaps funded by halving service levels?

The downside for our suppliers is that if they use UPS as a "logistics partner" we regard them as having an unreliable supply chain. Consequently that supplier is then blacklisted as a "only use in last resort." If they re-think their choice of courier then we might continue to do business with them, but meanwhile the business relationship is damaged.

In our case we contacted our supplier (Epson) to see if they could assist. The message was "you are on your own we won't help". Of course any phone calls to request assistance attract a premium rate call charge.

On a lighter vein, this Youtube video made me smile.

Of course it is easy to find other people with bad feelings about UPS. Here's one, but perhaps reading this in the USA and here in the UK I should count myself lucky.

Edit: 30/6/2015 I've just received a call from Estonia (about 2800KM distant).. It was the UPS Customer Services. The gentleman was polite, had good English but he had a noticeable heavy Russian/Eastern European accent. He wanted to discuss what had happened. The direction of the conversation was that the delivery problem was down to the delivery service specified by Epson. Let's just say it set my BS antennae quivering. He could offer no real reason for the unsatisfactory delivery, but said my views would be noted and brought to the attention of management. Having had the responsibility of managing several international help desk teams, I realise it means nothing will happen and the issue will be lost in a pile of statistics. So far as I'm concerned it was no answer to my complaint.

Saturday, 20 June 2015

Wall reinforcement - Intrusion protection

One more interesting find at the IFSEC 2015 was Avertic Armour. They provide a high strength woven mesh which helps protect against power drill attacks and cutting disk attacks. You embed the mesh in the walls of the object to wish to protect. The strands of the mesh rapidly clog any cutting tool which is used to attempt to break through the wall.

This armour technology has its origins in the protective clothing worn by forestry workers to protect their bodies from chain saw injuries. If the moving saw chain comes in contact with the protective clothing the strong threads are not cut but entangle the saw mechanism causing the motor to stall.

If you wished to protect the doors and/or walls of a data centre you'd probably use this material in conjunction with other security strengthening measures such as expanded steel mesh, perhaps a ballistic layer, and a vibration sensor for an alarm system. The lightweight Avertic Armour in one or more layers would greatly delay intruders wishing to break through by denying the use of powered cutting disks to cut through other reinforcements such as steel.

A Data Centre without fire risk?

An interesting system at IFSEC 2015 was Wagner's Oxyreduct system. This system can be used to protect Data Centre rooms, vaults, document storage rooms from fire. It works by increasing the proportion of nitrogen in the atmosphere until the oxygen proportion is 15% rather than the normal 20%.  At the 15% level there's insufficient oxygen to support normal combustion. They are classed as Hypoxic Air Fire Prevention systems. In classic fire risk training you learn about the Fire Triangle; you need all three sides Oxygen, Fuel, Heat to sustain combustion. Remove one of the sides and fire will not take hold. This technique takes out the oxygen side of the triangle.

I was invited into a demonstration room by the salesman where the Oxyreduct system was controlling the atmosphere. In a classic sales type of demonstration he handed me a cigarette lighter then asked me to try to set fire to his jacket. I couldn't get a flame from the lighter, even though it had worked just fine outside the room. 

Fundamental to the system is a nitrogen concentrator unit which extracts nitrogen from the atmosphere. This nitrogen is then pumped into the room to be protected and the oxygen level monitored to be maintained at the magical 15% level. You don't need to hold compressed nitrogen in cylinders or store liquid nitrogen.

Obviously the cost of installation and operation needs to be considered but I can see this could be a highly effective system in a data centre environment. Most fire suppression system react after a fire has started. Those types of systems can cause the shut down of a room and may cause some damage themselves. Oxyreduct is definitely worth a look! 

You'd need to be sure the room to be protected is effectively gas tight and good air movement within the room to help maintain the oxygen/nitrogen balance. You'd need to ensure the gas porosity of the building structure such as walls does not exceed the capability of the system unit to provide nitrogen. If people routinely work in the room you'd need provision to replenish oxygen depleted by their breathing. 

Perhaps a simple blood oxygen saturation monitor (Oximeter) might be needed to reassure workers, particularly any person who has a compromised respiratory system. Here's some Health and Safety guidance and Wikipedia information here. In any event it might be wise to limit staff exposure to 2 hours in the reduced oxygen environment. Normally the 15% oxygen is fine for healthy workers, but some countries such as the USA OSHA Regs might prevent the use of such a system providing less than 19.5% Oxygen. Some other standards which apply are VdS 3527en and BSI: PAS 95:2011

I'd consider deploying this as a primary system with an alternate backup fire suppression system, such as high pressure water mist as a backup, but that it all depends on the safety/risk benefit cost equation. If someone wedges a door open or otherwise defeats the gas tightness of the protected area the Oxyreduct system, as with any other gas based system, would become ineffective.

Here's a video:

There's some general information on these hypoxic systems here.

Friday, 19 June 2015

Hilti Firestop range of products - filling the gap

I regularly visit the annual security exhibition IFSEC based in the UK. It is one of the few I consider worth investing a day's time plus the travel expense. Much of it is endless rows of CCTV cameras and door locks, but there are some gems of information. One of those nuggets of information was the Hilti range of fire stop products. They were actually part of the associated FIREX exhibition in the  same Excel hall.

The Firestop system is a range of putties, mastic, blocks which can be used to build intumescent seals for the wall penetrations of power cables, data cables and pipes. If a fire occurs outside of a data centre room the compounds swell into a smoke, fire and heat resistant foam. If the system is used around a pipe as a fire collar it will swell and seal the pipe preventing access by the fire. There's a pdf copy of the technical manual here.

The Firestop putty-like block systems are easily re-penetrable. This allows you to run extra data/power cables through the fire barrier after the original construction without compromising the fire protection. When we audit data centres we often find the fire protection has been compromised during operational life by subsequent installations and upgrades. The Hilti system would appear to facilitate later installations.

Here's a Youtube video showing installation.

If you have 10 minutes to spare here's a video which demonstrates the need to use appropriate fire stop measures.

Saturday, 23 May 2015

BT Dark Fibre

It is interesting to note that Ofcom, the UK telecoms regulator, is opening discussion/consultation with a view to opening British Telecoms (BT) fibre network to competitors for business network links. Essentially Ofcom is tired of the excuses from BT OpenReach and its failure to deliver installs in a timely manner.

This could see some real competition in the business telecoms industry. It will be a bit like the shake up of telecoms in the City of London back in the mid 1980s. It is a £2 Billion market at risk.

The consultation closes 31st July 2015.

Sunday, 17 May 2015

Project Milestone Deliverables and Due Dates have not been documented - Early warning Signs of Project Failure

It is possible to plan a project and its project activities in detail without setting Milestone points in the plan. Provided that all of the activities are completed on time and to requirement it is possible to complete the project successfully on time, with full functionality and to budget.

However, most projects are so complex or undefined in the early stages it is not possible to rely on a finely detailed plan. The beast is too complex and people outside of the project office, such as the stakeholders can find it difficult to accurately understand the real level of progress. A mix of problems and delays can lead to serious project damage before anyone in power has realised there's a problem.

One effective way of dealing with complexities is to group important items at set a marker date or "Milestone" by which the group of activities must be completed. You also need to define in advance some "deliverables" for each milestone so you can assess whether or not the Milestone date has been met. Without a list of deliverable features/actions it is not possible to challenge the assertion by the project team that a Milestone has been met.

When you define a milestone you are declaring an easily understood and obvious measure of progress. The milestones are generally those which a business manager would understand. The deliverables need to be tangible items/services/facilities which can be independently verified as "delivered". When a Milestone has been reached, the project team and stakeholders can decided whether sufficient progress has been made or whether some variation is necessary for the project. If a Milestone  and its deliverables move past the due date it is cause for concern.The most difficult case is to realise that the organisation needs to abandon the project or consider some other serious variation to the project plan of resources.

If the project team does not have documented clear milestones which are subject to review it is probably a sign that there is insufficient control and the project may drift off course.

Friday, 15 May 2015

Project Stakeholders not interviewed for requirements - Early warning signs of project failure

When checking the health of a project you need to establish that all stakeholders have been interviewed to establish their requirements of the project. If these interviews have not taken place it is an indicator of potential project failure. It can lead to incomplete functionality and function creep.

The interview results should be documented and signed off by the Project Manager and the Stockholder.  The process should ensure "informed consent" so the Stakeholder understands the process and the implications of the information he/she is providing. The interview process should provide iterative feedback where the analyst double-checks the information gathered.

It is helpful to have a structured process for the interview to establish full information and also the level of confidence in the data provided.

The documented requirements should be cross referenced to the proposed functionality, projected delivery time-scale, performance and reliability projections to enable the Stakeholder's   understanding of whether what is proposed will meet his/her requirements.

The project team should also document any requirements expressed by the Stakeholder which will not be met by the project. These gaps should be discussed with and signed off by the stakeholder.