Towards a framework for business continuity management : an IT governance perspective

The concept of business continuity management has gained wide acceptance in recent years. Recent natural disasters such as the 2004 tsunami and terrorist activities such as the 911 World Trade Centre bombing, has emphasised the importance of business continuity management. Many of these events had catastrophic consequences, which left most executives faced with the challenge of improving the continuity of their organisation. Not to long ago, these executives were also faced with the challenge of managing their IT investments in such a way that it is aligned with the strategic goals of the organisation. An initiative referred to as IT governance was developed and IT governance frameworks instantly assisted executives to obtain direct business value from IT investments. The problem statement addressed in this research is the lack of a generally accepted business continuity management framework. This research aims to leverage of the success of IT governance in an attempt to establish the beginnings of a framework for business continuity management. In addition, the research also illustrates a paradigm shift where the enterprise continuity of a typical organisation has evolved from disaster recovery to business continuity management. The research approach executed is based on the interpretivism paradigm and is used to interpret the results of the research methodology and research method. The research methodology consists of a literature survey and empirical study whereas a content analysis is used as the research method.Dissertation (M.Com (Informatics))--University of Pretoria, 2007.Informaticsunrestricte

IT incidents and business impacts: Validating a framework for continuity management in information systems

Information technology (IT) incidents that make data inaccessible may cause businesses to lose customers, reputation and market position. Previous studies on information management have identified data availability as a key priority, and the literature on disaster recovery and business continuity describes ways of preparing for and avoiding IT incidents. However, no frameworks for information system continuity management (ISCM) have yet been validated. This research draws on a framework for business continuity management, and extends it to the context of information systems. The framework is validated in a survey of IT managers and chief information officers in large private and public organisations operating in Finland. The results suggest that the embeddedness of continuity practices in an organisation has perceived business impacts whereas, in contradiction of previous theory, there is no such direct relation in the case of organisational alertness and preparedness. The theoretical contribution is to validate the ISCM framework statistically. On the practical level, social factors such as committed managers and employees are influential in decreasing negative business impacts. Further research on the embeddedness of continuity practices is called for. (C) 2013 Elsevier Ltd. All rights reserved

Digital service analysis and design : the role of process modelling

Digital libraries are evolving from content-centric systems to person-centric systems. Emergent services are interactive and multidimensional, associated systems multi-tiered and distributed. A holistic perspective is essential to their effective analysis and design, for beyond technical considerations, there are complex social, economic, organisational, and ergonomic requirements and relationships to consider. Such a perspective cannot be gained without direct user involvement, yet evidence suggests that development teams may be failing to effectively engage with users, relying on requirements derived from anecdotal evidence or prior experience. In such instances, there is a risk that services might be well designed, but functionally useless. This paper highlights the role of process modelling in gaining such perspective. Process modelling challenges, approaches, and success factors are considered, discussed with reference to a recent evaluation of usability and usefulness of a UK National Health Service (NHS) digital library. Reflecting on lessons learnt, recommendations are made regarding appropriate process modelling approach and application

The Importance of Business Continuity for Making Business: The Case of Design Kitchen

Design Kitchen is a typical, small business about to secure a major deal with a prospective customer. The crux of this deal: Design Kitchen’s ability to work as a reliable subcontractor. Business continuity (BC) teaching cases usually describe a disruption that requires reaction. This teaching case elucidates the importance of BC for making business. It provides a rich description of Design Kitchen receiving an audit, and posits the task of creating a BC plan based on this audit’s findings. Completing this case, students will learn how to analyze and identify BC risks; how to craft a BC plan; and about the complications stirring when top management is not engaged in BC. While fictional, the case description presents a composite narrative based on empirical studies of several companies’ BC risks. Besides teaching BC, lecturers can use the case text for courses of information security management or business process modeling

Disaster Recovery Practices in Small Business: A Delphi Study of Factors Affecting Adoption

In response to the devastation of recent hurricanes in the Gulf Coast, this research in progress intends to identify small businesses that are at-risk of failing if they experience a data loss caused by a community-wide natural disaster. As guided by classical innovation diffusion theory, the phenomenon of adopting disaster recovery practices within small businesses is studied form the point-of-view of small businesses. Practitioner-oriented literature is reviewed to identify relevant disaster recovery practices that are classified within a risk management framework. A Delphi study is initiated among small businesses to (a) identify current disaster recovery practices employed to prevent data loss, and (b) ascertain the current levels of awareness and adoption of disaster recovery practices. The results of the review are reported along with the initial findings of a Delphi study still in progress

Business Continuity Management: A Holistic Framework for Implementation

In the last few years, different events have made organizations aware of the importance of Business Continuity Management (BCM). When first developed, BCM implementation used a traditional approach. Academically, some authors have provided frameworks for BCM implementation. However, these frameworks do not contemplate all the dimensions necessary for a holistic BCM implementation. Furthermore, globally organizations have made efforts to standardize the implementation process which resulted in the standard ISO 22301. However, standards provide only what is required for an implementation and not how to achieve this. This paper introduces the reader to BCM, the importance of BCM, and its evolution. Additionally, proposes a guide for the implementation of a holistic framework for BCM. This study applies a qualitative approach. As part of the research, a case study was performed. To gather the information, interviews were conducted. The purpose of the case study is to evaluate the BCM current state in a Latin American financial institution. Finally, an analysis of the BCM legal framework in Panama is provided. Keywords: Business Continuity Management (BCM), resilience, holistic, implementation, frameworks, standard

Organisational IS Resilience: a pilot study using Q-methodology

Organisational resilience has gained increasing attention in recent years. This paper focuses on an aspect of organisational resilience, i.e., on IS resilience. Given the potentially devastating implications of disruptions to organisations, understanding the dynamics of the successful adaption of IS within organisations indicates an important avenue for future research. In this paper, we adopt Agency theory to develop a conceptual framework, focused on decision making and planning for IS resilience. Concourse theory and Q-methodology were used to develop a Q-sort questionnaire, which was refined through interviews with researchers and IS professionals. The resulting 38 statements were then sorted by eight managers. Q-sort methodology identified three types from the data, each representing distinct collective perspectives. These types are described and discussed, along with implications of findings as well as suggestions for future research

The Essential Components of Disaster Recovery Methods: A Delphi Study Among Small Businesses

In response to the devastation of recent hurricanes in the Gulf Coast, this research identifies small businesses as being at-risk of failing if they experience a data loss caused by a community-wide natural disaster. Practitioner-oriented literature is reviewed to identify relevant disaster recovery components that are classified within a risk management framework. A Delphi study is conducted among small businesses to identify essential disaster recovery practices employed to prevent data and IS loss. The results of the review along with the findings of a Delphi study are reported and together establish a comprehensive portrait of the essential components of disaster recovery methods for small businesses in response to the threat of community-wide natural disasters