Search results

1 – 9 of 9
Article
Publication date: 25 May 2021

Ihab Hanna Sawalha

There is a noticeable confusion in the literature between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). The two expressions are very often used…

Abstract

Purpose

There is a noticeable confusion in the literature between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). The two expressions are very often used interchangeably especially when it comes to their application. In this paper, the differences between business continuity and disaster recovery are discussed. The disaster management cycle is also addressed in order to highlight the importance of having plans before, during and after the occurrence of an incident.

Design/methodology/approach

A review of the extant literature on business continuity and disaster recovery was made. A number of different views were then presented in order to provide a better understanding of the two concepts and their potential overlap/connection. The literature review was conducted in 2020 using a variety of academic resources ranging from journal articles to text books and credible Internet websites. Relevant journal articles were obtained from two primary databases: Emerald Insight and EBSCOhost. Keywords, such as DRP, continuity, disruption and BCP, were mainly used to facilitate the search for these resources and other related material.

Findings

Reviewing the literature revealed that BCP and DRP are not the same. Yet, they are used interchangeably very often in the literature. This indicates a possible relationship/overlap between the two. The relationship between BCP and DRP can be viewed from a variety of perspectives, which altogether provide a better understanding of their purposes and application.

Practical implications

On top of the need to differentiate between business continuity and disaster recovery, the widespread impact of the current COVID-19 crisis, especially on businesses and supply chains, has unfolded the necessity to deal with business disruptions in all their forms and the significance of quick and effective recovery. This research clarifies the purpose of BCP and the purpose of DRP and their role in combating impacts of disruptive incidents on businesses and organizations.

Originality/value

BCP and DRP are discussed extensively in the literature. Yet, few studies attempted to address the precise functions of the two resulting in an obvious confusion between their meaning and purpose which subsequently reduced the uniqueness of their application and the uniqueness of the application of each. Only a small minority of practitioners and academics recognise the precise differences between the two. This study aims at clarifying this misconception to a wider set of readers and interested parties.

Details

International Journal of Emergency Services, vol. 10 no. 3
Type: Research Article
ISSN: 2047-0894

Keywords

Article
Publication date: 4 September 2020

Ihab Hanna Sawalha

This is an exploratory study that aims to explore the use (practice) of business continuity management (BCM) and the effectiveness of the BCM approach adopted by…

Abstract

Purpose

This is an exploratory study that aims to explore the use (practice) of business continuity management (BCM) and the effectiveness of the BCM approach adopted by organizations from a variety of sectors.

Design/methodology/approach

The sample of this study consisted of 250 organizations from a variety of sectors: 80 industrial; 15 banking; 25 insurance; 130 services organizations. An interviewer-administered questionnaire was used to collect data.

Findings

The findings indicated that there is an increased awareness about the use of BCM across different sectors including the industrial, service, banking and insurance and that the current use of BCM is irrespective of a number of organizational characteristics.

Practical implications

This research investigates the current use/practice of BCM across a variety of sectors. It is therefore considered a significant preliminary study that paves the way for further future research studies related to the use of BCM in the Middle East. It also clarifies the current levels of application of BCM which subsequently facilitates and supports the wider adoption of BCM and commitment to adopt the best practices related to it across different sectors.

Originality/value

To the best of author's knowledge, this is one of very few studies which focus on the use/practice of BCM and approach’s effectiveness that have been conducted in the Middle East and in Jordan in particular. It reveals the extent to which BCM is being adopted across the various sectors which in turn reflects the levels of understanding and awareness of the significance of this process for today's organizations and for the continuity of their critical business functions during the occurrence of different sorts of disruptive incidents.

Details

Continuity & Resilience Review, vol. 2 no. 2
Type: Research Article
ISSN: 2516-7502

Keywords

Article
Publication date: 25 February 2014

Nijaz Bajgoric

The paper aims at defining a systemic framework for the implementation of business continuity management (BCM). The framework is based on the assertion that the…

3534

Abstract

Purpose

The paper aims at defining a systemic framework for the implementation of business continuity management (BCM). The framework is based on the assertion that the implementation of BCM should be done through the systemic implementation of an “always-on” enterprise information system.

Design/methodology/approach

Systems approach is used in order to design a systemic framework for the implementation of continuous computing technologies within the concept of an always-on enterprise information system.

Findings

A conceptual framework has been proposed to develop a framework for a systemic implementation of several continuous computing technologies that enhance business continuity (BC) in the form of an “always-on” enterprise information system.

Originality/value

The paper identifies BC as a business pressure in internet era and suggests a systemic framework for implementation.

Details

Kybernetes, vol. 43 no. 2
Type: Research Article
ISSN: 0368-492X

Keywords

Article
Publication date: 15 September 2022

Shumei Chen and Jia Xu

This paper aims to theoretically and empirically demonstrate the role played by business continuity management (BCM) to address risks such as trade conflicts and natural…

Abstract

Purpose

This paper aims to theoretically and empirically demonstrate the role played by business continuity management (BCM) to address risks such as trade conflicts and natural disasters. This paper also answers whether compliance with international standards such as the International Organization for Standardization (ISO) 22301 is adequate.

Design/methodology/approach

A case study of Chinese telecommunications giant Huawei is conducted to examine how a robust end-to-end BCM system has been established in two decades and in what way it has helped Huawei to efficiently maintain growth under pressure, such as being added to the “Entity List” and the pandemic.

Findings

Huawei case contributes to BCM theory in its approach to establishing the BCM system and its well-established BCM model. Huawei establishes and continually improves its BCM system by applying the Plan (establish), Do (implement and operate), Check (monitor and review) and Act (maintain and improve) cycle. Characterized as 4Ps: BCM policy, BCM process, incident management plan and business continuity plan, Huawei BCM system is shaped into a loop with end-to-end BCM process, covering all steps along its value chain – from suppliers and partners to Huawei itself and then on to its customers – with key initiatives for all domains such as R&D, procurement, manufacturing, logistics and global technical services. In practice, implementing international standards such as ISO 22301 enables Huawei to develop business continuity but not enough. Optimizing the BCM system is an ongoing effort, and BCM maturity is ever present: continually improving Huawei’s own BCM system and benchmarking against best practices available worldwide.

Research limitations/implications

Apart from the case study, other methods such as counter-factual analysis can be used to further test whether Huawei’s BCM system is cost-effective. Another direction for future study is whether suggested BCM maturity levels should be supplemented into ISO 22301. In the digital age, how to use digitalization to ensure business continuity is a current issue not just for practitioners such as Huawei but also for researchers worldwide.

Practical implications

In practice, implementing international standards such as ISO 22301 enables Huawei to develop business continuity but not enough. Optimizing the BCM system is an ongoing effort, and BCM maturity is ever present: continually improving Huawei’s own BCM system and benchmarking against best practices available worldwide.

Originality/value

To the best of the authors’ knowledge, this is one of the first studies to focus on how an organization continually improves the suitability, adequacy and effectiveness of its BCM system, with special attention to standards compliance.

Details

Chinese Management Studies, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1750-614X

Keywords

Abstract

Details

Change and Continuity Management in the Public Sector: The DALI Model for Effective Decision-Making
Type: Book
ISBN: 978-1-78973-168-2

Article
Publication date: 14 June 2013

Juliana Bonomi Santos and Martin Spring

Previous research suggests new service development (NSD) is characterized by less stable offerings, less formal processes and is more emergent than new product…

2855

Abstract

Purpose

Previous research suggests new service development (NSD) is characterized by less stable offerings, less formal processes and is more emergent than new product development. In face of these issues, it seems managers must concern themselves more with the management of the underlying resources. To understand this distinctive nature of NSD, this study aims to investigate the relationship between NSD and operations resources.

Design/methodology/approach

Building on the resource and capabilities perspective, a multiple case study was designed to investigate how the NSD is influenced by and reconfigures operations resources and capabilities. Data were collected in three providers of bespoke B2B services.

Findings

The paper proposes a model of NSD composed of three stages: emergence, accommodation and consolidation. This model describes the process that takes place when providers redeploy their operations resources and capabilities to implement emerging service ideas. The findings also show the challenges associated with the reconfiguration of operations resources and capabilities and with the reconciliation of the requirements of the existing and new services.

Research limitations/implications

The paper looked at services successfully implemented in knowledge‐intensive SMEs. Other studies could explore these NSD processes in other contexts and initiatives that failed.

Practical implications

The paper presents the risks and efforts involved in using existing resources to take advantage of emerging service ideas.

Originality/value

The model takes a fundamentally different perspective from many NSD models. It shifts the focus from managing the new service to managing the resources that underpin the evolving and emerging service ideas and offerings. This paper should interest people willing to understand the distinctive nature of NSD.

Details

International Journal of Operations & Production Management, vol. 33 no. 7
Type: Research Article
ISSN: 0144-3577

Keywords

Article
Publication date: 10 August 2020

João Serrado, Ruben Filipe Pereira, Miguel Mira da Silva and Isaías Scalabrin Bianchi

Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to…

Abstract

Purpose

Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear.

Design/methodology/approach

The design science research process was followed and semi-structured interviews performed.

Findings

A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented.

Research limitations/implications

As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews.

Originality/value

This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.

Details

Digital Policy, Regulation and Governance, vol. 22 no. 3
Type: Research Article
ISSN: 2398-5038

Keywords

Article
Publication date: 12 March 2018

Mathew Nicho

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of…

1923

Abstract

Purpose

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

Design/methodology/approach

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

Findings

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

Originality/value

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

Details

Information & Computer Security, vol. 26 no. 1
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 6 June 2016

Jorge Ayala-Cruz

The purpose of this paper is to present the implementation and testing of a modified project risk management framework that integrates PMI’s framework with Monte Carlo…

2190

Abstract

Purpose

The purpose of this paper is to present the implementation and testing of a modified project risk management framework that integrates PMI’s framework with Monte Carlo simulation to improve the effectiveness in high-tech new product development (NPD) projects.

Design/methodology/approach

The modified framework considers three bodies of knowledge: project management, risk management, and Monte Carlo simulation to produce an enhance project risk management framework. Its application is shown through a case study.

Findings

Using the integrated framework in a recent case study project and prior NPD projects measures (as benchmarks), it was shown that it could help to enhance risk responses caused by task durations and costs’ uncertainties. The framework proved to be better than segregated generic best practices and was key in providing insight to the issue of early project risk assessment.

Research limitations/implications

More experimental replications are required for enhancement effectiveness assertions of the framework, through the application of the framework to similar case studies. Furthermore, this could improve its reliability and soundness.

Practical implications

Future directions for research could include case and empirical studies that include hypothesis’s testing, and the integration of optimization procedure for improved NPD project’s planning and execution.

Originality/value

This paper outlines a way to close the gap of project risks management planning in NPD’s initiatives. It was motivated by a relatively new tendency in exploring integrated frameworks to deal with complex project risks issues.

Propósito

La investigación presenta la implementación y demostración de un esquema modificado de gestión de riesgos para proyectos que integra el esquema propuesto por el Project Management Institute (PMI) con la simulación Monte Carlo para mejorar la eficacia de proyectos de desarrollo de nuevos productos (DNP) de alta tecnología.

Diseño/metodología/enfoque

El esquema modificado considera tres áreas de conocimiento: gestión de proyectos, gestión de riesgos y simulación Monte Carlo, para producir un mejor esquema de gestión de riesgos del proyecto. Su aplicación se demuestra a través de un estudio de caso.

Resultados

Utilizando el esquema integrado en un reciente estudio de caso de un proyecto y previos proyectos de DNP como puntos de referencia, se demostró que el esquema podría ayudar a mejorar las estrategias de respuestas a los riesgos causados por la incertidumbre en la duración de las tareas y costos asociado a estos proyectos. El esquema ha demostrado ser más eficiente que aquellos propuestos como mejores prácticas genéricas, proporcionando un claro entendimiento sobre el tema de la evaluación de riesgos en la fase inicial de proyectos DNP.

Limitaciones/implicaciones

Se requieren más repeticiones experimentales para mejorar la eficacia de las afirmaciones del esquema, a través de su aplicación a estudios de casos similares. Por otra parte, esto podría mejorar su confiabilidad y estabilidad.

Implicaciones prácticas

Futuras investigaciones podrían incluir estudios de casos y estudios empíricos que incluyan pruebas de hipótesis e integración de procedimientos de optimización para mejorar la planificación y ejecución de proyectos de DNP.

Originalidad/valor

El estudio describe una forma de cerrar la brecha en la planificación de gestión de riesgos de proyecto en la industria. Fue motivada por una relativamente nueva tendencia en la investigación de esquemas integrados para hacer frente a asuntos de riesgos en proyectos complejos.

1 – 9 of 9