Academia.eduAcademia.edu

Outline

Title
Abstract
Key Takeaways
Figures
Introduction
Methodology
Business Continuity Planning Methodology
Findings
Discussion
Further Research and Use of the Methodology
References

Business continuity planning methodology

Profile image of Kelvin TeoKelvin Teo
https://doi.org/10.1108/09653561011038039
visibility

description

13 pages

link

1 file

Abstract

Purpose-The purpose of this paper is to present a multi-usable business continuity planning methodology. It comprises business continuity planning on the organizational and departmental levels. Design/methodology/approach-The methodology has been developed, tested and confirmed in three comprehensive cases. Senior management, IT managers and employees in the three case organizations have participated in this action research effort during the development, implementation or training on business continuity plans and planning. Findings-The methodology has been tested and confirmed, and is suitable for explaining business continuity planning to senior managements and employees in both public and private sector organizations. Practical implications-The methodology description can be used for explaining the issues to senior managements and forms the foundation for a business continuity plan, which is part of an organization's IT-and information security program. It may also be used to explain business continuity planning to other staff in an organization. The methodology can also be used to model business continuity planning, as a basis for training planning, and as support in different training contexts to achieve individual and organizational learning on business continuity plans and activities. Originality/value-The methodology of using a staircase or capability maturity model is a commonly used concept and can be adapted to any organization.

Key takeaways
sparkles

AI

  1. The proposed methodology effectively explains business continuity planning to senior management and staff across sectors.
  2. Training and awareness at all organizational levels enhance engagement and understanding of business continuity planning.
  3. The methodology was validated through three cases, averaging an 8.06 rating on a 10-point scale.
  4. Integration of IT and information security is crucial for maintaining effective business continuity plans.
  5. Understanding one's current maturity level in business continuity planning informs necessary improvements and actions.
Figures (1)

Related papers

Reengineering the Business Continuity Planning Process
Carl Jackson

IS Management Handbook, 8th Edition, 2003

View PDFchevron_right
Developing a suitable business continuity planning methodology
Moh-Heng Goh

Information Management & Computer Security, 1996

Business continuity is both a management and an asset protection issue. The ability to maintain business continuity, or to regain it in a timely manner is the asset the plan protects. An organization such as Standard Chartered Bank that plans ahead for disaster is investing in its continuity and it is now in a better position to recover and resume operation. That is just good business sense by the management.

View PDFchevron_right
Trend of Business Continuity Plan: A Systematic Literature Review
silmie vidiya fani

Proceedings of the Proceedings of the 1st International Conference on Business, Law And Pedagogy, ICBLP 2019, 13-15 February 2019, Sidoarjo, Indonesia

Business continuity is important in every organization, both small, medium and large organizations. Threats can come at any time without warning. The role of business continuity management is needed to prepare and handle the problem. The step to complete business continuity management is the need for a business continuity plan framework. This framework will be used as a reference when the business continuity plan document will be used by the organization in handling threats or disasters. In this paper, we discuss a systematic literature review of studies related to BCP. This paper presents the trend of BCP research based on previous researches. The result shows that the research trend regarding BCP has been decreased. The flow of BCP research focused on several topics such as the BCP framework, BCP adoption and element of BCP framework.

View PDFchevron_right
Implementing business continuity management – sharing good practice from an Irish context
Monica Kelly

2011

Never has the need for robust, resilient organizations been so evident as in recent times with more and more well-established, respected organizations becoming unstable or even perishing as a result of the global recession. Added to these challenging economic times we have the demands of managing increasingly complex organizations, which are often highly dependent on sophisticated Information Systems and technology. Perrow’s Normal Accident Theory (1994) points to the fact that “no matter how hard we try there will be serious accidents because of the interactive complexity”[1] of the organizations in which we work. The introduction of BS25999, the British Standard for business continuity management, draws on international good practice in this field and brings together a clear view of what should constitute effective business continuity management for organizations across all sectors. This has provided Business Continuity Managers with a benchmark against which this aspect of their ...

View PDFchevron_right
Implementation of Business Continuity Planning Methodology in Making Business Continuity Planning Documents at PT. XYZ
Nur Amalia Agustyana

JBTI : Jurnal Bisnis : Teori dan Implementasi

PT. XYZ is a company engaged in the communication sector. As a company with a national scale, PT. XYZ has various risks that must be faced, ranging from natural disasters, human disturbances, and disruption due to technology. The existence of disruption risks can disrupt the company's operational activities. A business continuity plan document is created to find out what steps the company must take to minimize damage due to disruption. Making a business continuity plan or BCP starts from the project initiation stage, risk assessment, business impact analysis, mitigation strategy development, plan development, training, testing, auditing. The results obtained from this research are in the form of BCP documents used by PT. XYZ in response to a disturbance. With the BCP, PT. XYZ can respond to a disruption that occurs and quickly restore business operations.

View PDFchevron_right
Exploring a Multidisciplinary Assessment of Organisational Maturity in Business Continuity: A Perspective and Future Research Outlook
Henrique S. Mamede

Applied Sciences

In a competitive business landscape heavily reliant on information and communication technology, organisations must be prepared to address disruptions in their business operations. Business continuity management involves effective planning for the swift reestablishment of business processes in the short term. However, there are still obstacles to implementing business continuity plans, which can be justified by various factors. The purpose of this study is to present the perspectives and future research paths based on a systematic literature review from the peer-reviewed literature published from 1 January 2000 to 31 December 2021. This systematic literature review adheres to the guidelines established by evidence-based software engineering and leverages the Parsifal online tool. The primary research results identify and establish connections between the common components and activities of business continuity management as defined in international standards and frameworks to identif...

View PDFchevron_right
Risk Analysis in the Preparation of a Business Continuity Plan (BCP) in it Services: a Case Study of Universitas Indonesia
Betty Purwandari

Computer Science and Information Technology Trends, 2021

Based on the Horizons Scan Report 2021 by BSI, the top 6 threats to organizations today are pandemics, health incidents, safety incidents, IT and telecommunications outages, cyberattacks, and extreme weather. Universitas Indonesia (UI), as a modern, comprehensive, and open campus, strives to become a leading research university globally. As the IT service manager at UI, the Directorate of Information Systems and Technology (DSTI) has the task of strengthening service management by implementing risk management and security management in line with relevant laws and policies. The main problem for DSTI as an IT service at UI is that there are no documents related to risk management and information security management, resulting in IT services’ failure. This year, there have been four data center failures due to power and UPS problems. DSTI wants to improve IT services at UI by implementing risk management and Business Continuity Management System (BCMS). This study aims to conduct a ris...

View PDFchevron_right
Evaluation of Business Continuity Plan Maturity Level Using Business Continuity Maturity Model
Hazinah Mammi

International Journal of Innovative Computing

Business Continuity Plan (BCP) plays an important part in ensuring the business continuity of an organization in the event of major disruptions. In order to ensure the continuity of their critical business functions and critical services during and after a disaster, healthcare organizations such as hospitals, clinics, hospices and others can implement BCP models in their respective organizations to ensure their business continuity during and after disruptive incidents. After implementing BCP models in their respective healthcare organizations how can they ensure the BCP models will be useful and effective when disasters strike. Therefore, maturity models can help to analyze the maturity level of the BCP model. The higher the level of maturity of the BCP models, the higher the probability of effectiveness and usefulness of the BCP models. The goal of this research is to determine how compliance the existing maturity models for business continuity towards ISO 22301 standard and to map...

View PDFchevron_right
Interdisciplinary Review of Business Continuity from an Information Systems Perspective: Toward an Integrative Framework
Marko Niemimaa

Communications of the Association for Information Systems, 2015

Hackers, malicious users, system malfunctions, and other incidents can disrupt organizational IS and cause severe organizational losses or even impact societies as a whole. In this paper, I review interdisciplinary literature on business continuity from an information systems (IS) perspective to increase understanding on how organizations can prepare for and respond to incidents. I use a narrative review approach with descriptive elements to review 83 peerreviewed papers published between 2000-2012 across a wide array of journals and disciplines. I identify themes across the past contributions, join the currently isolated streams of literature under a concept of IS continuity, and identify research gaps in the current knowledge. The results suggest that one can understand past contributions in terms of four themes that emerged from the literature: 1) social aspects as IS continuity enabler, 2) technology as IS continuity enabler, 3) salience of IS continuity, and 4) models that improve IS continuity. To move toward an integration of the past research, and to pinpoint research gaps, I present an integrative framework. Further, the research contributes to forming an IS continuity community to facilitate cooperation and communications among scholars sharing a common interest.

View PDFchevron_right
Business Continuity Planning: A New Road to Nurture Business Growth
Dheeraj Kumar

International Journal of Computer Theory and Engineering, 2013

View PDFchevron_right

References (39)

  1. The Stairway model is extended with the new EU AEO model (Authorised Economic Operator) from end of 2007 -an organization with an AEO certificate is on level 4 or 5 in the Staircase, available at: www.tullverket.se/sokordao/a/authorisedeconomicoperatoraeo.
  2. Anderson, G. (1994), "A proactive model for training needs analysis", Journal of European Industrial Training, Vol. 18 No. 3, pp. 23-8
  3. Anttila, J., Kajava, J. and Varonen, R. (2004), "Balanced integration of information security into business management", Proceedings of the 30th EUROMICRO' 04, IEEE.
  4. Arkin, A. (1994), "Computing the future means of training", Personnel Management, August, pp. 36-40.
  5. Baldwin, T.T. and Ford, J.K. (1988), "Transfer training: a review and directions for future research", Personnel Psychology, Vol. 41, pp. 63-105.
  6. Bazerman, M.H. (2002), Judgement in Managerial Decision Making, 5th ed., John Wiley, New York, NY.
  7. CMMI (2007), Carnegie Mellon University, Pittsburgh, PA, available at: www.sei.cmu.edu/cmmi/ Dulac, N. and Leveson, N. (2004), "An approach to design for safety in complex systems", Proceedings of the International Conference on System Engineering (INCOSE '04), Toulouse, June.
  8. Dulac, N. and Leveson, N. (2005), "Incorporating safety in early system architecture trade studies", Proceedings of the International Conference of the System Safety Society (ISSC '05), San Diego, August.
  9. Fallera, P. (2004), "Disaster recovery planning -the best defense is a well managed offense", Potentials, IEEE, Vol. 22 No. 5, December.
  10. Goldstein, I.L. (1992), Training in Organizations: Needs Assessment, Development and Evaluation, Brooks/Cole Publishing Co., Monterey, CA.
  11. Grimaila, M.R. (2004), "Maximizing business information security's educational value", IEEE Security and Privacy, Vol. 2 No. 1, pp. 56-60.
  12. Gummesson, E. (2000), Qualitative Methods in Management Research, 2nd ed., Sage, Thousand Oaks, CA.
  13. Helms, R.W., van Oorschot, S., Herweijer, J. and Plas, M. (2006), "An integral IT continuity framework for undisrupted business operations", Proceedings of the 1st International Conference on Availability, Reliability and Security (ARES'06), IEEE.
  14. ISO/IEC 17799 (2005), Information Technology -Security Techniques -Code of Practice for Information Security Management.
  15. Johnson, C.W. (2006), "What are emergent properties and how do they affect the engineering of complex systems?", Reliability Engineering and System Safety, Vol. 91 No. 12, pp. 1475-81.
  16. Kajava, J., Varonen, R., Anttila, J., Savola, R. and Ro ¨ning, J. (2006), "Senior executives' commitment to information security -from motivation to responsibility", Proceedings of the International Conference on Computational Intelligence and Security, IEEE.
  17. Lam, W. (2002), "Ensuring business continuity", IT Pro IEEE, May/June.
  18. Lempinen, H. (2002), Security Model as a Part of the Strategy of a Private Hospital (in Finnish), University of Oulu, Oulu.
  19. Lierman, B. (1994), "How to develop a training simulation", Training & Development, February, pp. 50-2.
  20. Lindstro ¨m, J. and Ha ¨gerfors, A. (2009), "A model for explaining strategic IT-and information security to senior management", International Journal of Public Information Systems, Vol. 2009 No. 1.
  21. Ma, Q. and Pearson, J.M. (2005), "ISO 17799: 'Best practices' in information security management?", Communications of the Association for Information Systems, Vol. 15, pp. 577-91.
  22. Molander, C. (1990), Organization Development, Mulvie & McDougall.
  23. Reason, P. and Bradbury, H. (Eds) (2001), Handbook of Action Research: Participative Inquiry and Practice, Sage Publications, London.
  24. Roberts, W. (2006), "Business continuity planning for disasters is just good planning", Proceedings of the Military Communications Conference (MILCOM 2006).
  25. Samuelsson, S. (2002), "A study of teaching and learning environments for business games" (in Swedish), Licentiate thesis, Lulea ˚University of Technology, Lulea ˚.
  26. Samuelsson, S. (2006), "IT-based business games for experimental learning -system structure and enablers" (in Swedish), doctoral thesis, Lulea ˚University of Technology, Lulea ˚.
  27. Samuelsson, S. and Ha ¨gerfors, A. (2004), "Computer supported business games", Proceedings of the Information System research Seminars in Scandinavia (IRIS 27).
  28. Senge, P.M. (1994), The Fifth Discipline Fieldbook. Strategies and Tools for Building a Learning Organization, Currency Doubleday, New York, NY.
  29. Sipponen, M. (2007), "Information security management standards: problems and solutions", The DATA BASE for Advances in Information Systems, Vol. 38 No. 1, February.
  30. Smith, D. (2004), "For whom the bell tolls: imagining accidents and the development of crisis simulation in organizations", Simulation & Gaming, September, pp. 347-62.
  31. SSE-CMM (2003), Systems Security Engineering-Capability Maturity Model. SSE-CMM Project, v 3.0 edition.
  32. Summerville, J. (1999), "Role of awareness of cognitive style in hypermedia", International Journal of Educational Technology, Vol. 1 No. 1, July.
  33. Swanson, M., Wohl, A., Pope, L., Gance, T., Hash, J. and Thomas, R. (2002), Contingency Planning Guide for Information Technology Systems, NIST Special Publication, June, pp. 800-34.
  34. Swedish Customs Services Stairway TM model (2000), available at: www.tullverket.se/s okordao/s/servicetrappan.4.5b2d990b116c8e66b0f800050.html
  35. Swedish Emergency Management Agency (2006), "BITS -Basic Level for Information Security", available at: www.krisberedskapsmyndigheten.se/templates/Publication____1143.aspx, 2006:1
  36. Swedish Finance Inspection (2005), "Status of the finance industry's crisis management 2005:3", report from 17-March-2005 (in Swedish), Dnr 05-1249-601.
  37. Verstraeti, C. (2004), "Planning for the unexpected", IEEE Manufacturing Engineer, June/July.
  38. Villegas, J. (1996), "Simulation supported industrial training from an organisational learning perspective", doctoral thesis, Department of Computer and Information Science, Linko ¨ping.
  39. Warren, M. (1979), Traning for Results: A System Approach to the Development of Human Resources in Industry, 2nd ed., Addison-Wesley, Glen View, IL.

Related papers

Information Technology (IT) Contingency Plan as part of the Business Continuity Plan: Case of IT Services Delivery Industry
Jacob Kassema

Elsevier BV, 2019

It is not a surprising situation to see that, some of the business owners or senior executives of the institutions, for not taking into account the future of their business or institutions, by failing to look at the catastrophic risk factors that may result in their businesses or institutions to fail in fulfilling their obligations to the community. That is why, in this study as an exploratory research, the study managed to explore the importance and benefits of both business continuity and IT contingency plans of having them in place. As well as, how these plans can be established and implemented smoothly. Although, in this study have been found that all these plans has major drawback of both being a very complex processes and very costly during establishment. In this study, it has been found that business continuity and IT contingency plans, have demonstrated significant impact of their importance in safeguarding IT business infrastructure as well as other corporate resources such as human resource, data and information, finance and time. Also to act as an assurance for the resume of the business activities and operations if or when a catastrophe event happens. And in summary, this study concluded that business continuity plan through IT contingency planing have proved its importance and positive impact for many business which decided to adopt. But however, there still some small and medium enterprises (SME’s) who cannot implement such initiatives as this may result in losses through maintenance cost or during the period of establishment. But, the analysis of the advantages vs disadvantages shows that the advantages outweigh the disadvantages. And this indicates that, IT Contingency Plan plays a major role in the discipline of the business continuity management within the corporate.

View PDFchevron_right
INFORMATION MANAGEMENT TOOLS FOR IMPLEMENTING AN EFFECTIVE ENTERPRISE BUSINESS CONTINUITY STRATEGY
Klára Antlová, Jiri Motejlek, Athanasios Podaras

The current work aims to the development of the Business Continuity Testing Points method which can help both IT as well as business managers define an efficient business continuity strategy. The BCTP method stems from the UML Use Case Points theory which is a practically tested and accepted approach to SW complexity estimation. The Use Case Points methodology was selected as the theory behind the construction of the BCTP model, due to the fact that firstly, both theories share the requirement analysis task and secondly because complexity of information systems is strongly related to their recovery in cases of their unexpected failovers. In the Use Case Points theory IT analysts perform software requirement analysis by executing various business scenarios. The BCTP theory, on the other hand, is constructed to support the analysis of IT system recovery requirements, by executing multiple efficient recovery scenarios. The method is a new approach to the objective determination of the Recovery Time Effort of a business function in comparison to the Rational Time Objective and the Maximum Acceptable Outage, which are defined with regard to the Impact Value Level of the function. The most critical functions of the enterprise should be included in the Minimum Business Continuity Objective (MBCO) concept. MBCO refers to vital business functions without which the enterprise is not able to perform its basic operations. The Recovery Time Effort of a given business function is affected by multiple Technical, Environmental and Unexpected factors with precise weights and assessment values. Recovery exercises should be based on scenarios which include the unexpected factors that may delay the recovery process. The derived exercise results are proposed as drivers for the reassessment of the criticality of a business function.

View PDFchevron_right
Success Factors towards Implementation of Business Continuity Management in Organizations
Noorul Halimin Mansol

International Journal for Digital Society, 2014

In today's Information and Communication Technology (ICT) environment and with current global economics, Business Continuity Management (BCM) becomes a crucial requirement to the organization. BCM is a managerial activity that identifies potential impacts to the organization caused by the threats. However, BCM is only gets the attention when it is demanded by the regulatory compliance or the stakeholders or customers. The implementation of BCM not only involves the information technology (IT) department, but also the business areas that use the IT services. Therefore, this paper aims to explore and identify the success factors on the execution of business continuity management in the organization particularly in Malaysia. In this study, quantitative analysis has been used to explore the organization employee's view and the importance of these factors towards the successful execution of BCM to the organizations.

View PDFchevron_right
Enhancing Business Continuity and IT Capability
Lejla Turulja

2020

View PDFchevron_right
Business Continuity Management Planning Methodology
Moh-Heng Goh

This paper explains the concept of business continuity management (BCM) with the specific focus on the BCM planning process and methodology. Before entering into the maintenance phase of any BCM program, the Organization BCM Coordinator needs to ensure that the project phases of the BCM planning methodology are succinctly implemented to meet the organization’s BCM objectives. This paper is an update of an earlier paper written in 1996 incorporating the author’s subsequent experiences and implementation while he is working in the financial regulatory environment. This BCM methodology is aligned with the BCM standard ISO 22301. The intent in the following dialog is to explain the BCM planning process in greater details. Goh, M. H. (2015). Business Continuity Management Planning Methodology. International Journal of Disaster Recovery and Business Continuity, 6, 9–16. Retrieved from http://dx.doi.org/10.14257/ijdrbc.2015.6.02

View PDFchevron_right

Cited by

The moderating role of information technology governance in the relationship between board characteristics and continuity management during the Covid-19 pandemic in an emerging economy
Hamood Mohammed Al-Hattami

Humanities and Social Sciences Communications

The main aim of the current study is to investigate the relationship between governance characteristics, information technology governance, and continuity management during Covid-19 in an emerging economy. The study also examines the moderating role of information technology governance in the relationship between governance characteristics and business continuity management. The quantitative approach is used by utilising a survey questionnaire. A sample of 232 questionnaire surveys has been collected from the board of directors, top and middle management executives, external auditors, information technology experts, and some other respondents. The results were estimated using structural equation modelling. The results indicate that information technology governance has a statistically significant effect on business continuity. Board size, board independence, audit committee independence, audit committee diligence, and external audit have a statistically significant positive effect o...

View PDFchevron_right
The role of management control and integrated information systems for the resilience of SMEs
paolo roffia

Review of Managerial Science

This paper investigates the resilience of small and medium-sized enterprises (SMEs) in relation to the COVID-19 pandemic, particularly the influence exerted by certain factors related to management control, integrated information systems (enterprise resource planning [ERP]), information and communication technology (ICT) systems, and financial resources. For this purpose, leveraging from the dynamic capability theory, in late spring 2020, a questionnaire was sent to limited-liability SMEs in Verona and Vicenza provinces in Italy operating in the manufacturing, construction, and distribution sectors. Respondents were asked to answer a set of questions and to evaluate the resilience of their firms as of January 1, 2020; May 1, 2020; and one year later, as of July 2021. Using a multivariate regression model to analyze data from the 143 questionnaires received, we found a positive influence of budgeting, business continuity tools, availability of supplementary financial resources, and r...

View PDFchevron_right
Introducing Adaptive E-Business Continuity Management
Milica Labus

Advances in Intelligent Systems and Computing, 2017

Our research paper is focused on improvements to the establishment of effective business continuity management in organizations that use modern ebusiness technologies: the Internet, mobile computing, electronic services, virtual infrastructure, etc. The paper introduces a new concept, that of e-business continuity management (e-BCM), within the existing scientific field of business continuity management (BCM), and defines a comprehensive model for adaptive e-BCM adjustable to changes in the business environment of the organization. The proposed model is the result of our theoretical and practical work in the last four years, including implementation of the model in three financial organizations of various sizes. The model defines a general framework for establishment and continuous improvement of e-BCM and includes methods for defining the key components of a business continuity management system: business impact analysis, business continuity risk assessment, and business continuity plan. The results may have broad practical application in any organization that uses modern e-business technologies.

View PDFchevron_right
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved