Search results

There is a noticeable confusion in the literature between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). The two expressions are very often used interchangeably especially when it comes to their application. In this paper, the differences between business continuity and disaster recovery are discussed. The disaster management cycle is also addressed in order to highlight the importance of having plans before, during and after the occurrence of an incident.

A review of the extant literature on business continuity and disaster recovery was made. A number of different views were then presented in order to provide a better understanding of the two concepts and their potential overlap/connection. The literature review was conducted in 2020 using a variety of academic resources ranging from journal articles to text books and credible Internet websites. Relevant journal articles were obtained from two primary databases: Emerald Insight and EBSCOhost. Keywords, such as DRP, continuity, disruption and BCP, were mainly used to facilitate the search for these resources and other related material.

Reviewing the literature revealed that BCP and DRP are not the same. Yet, they are used interchangeably very often in the literature. This indicates a possible relationship/overlap between the two. The relationship between BCP and DRP can be viewed from a variety of perspectives, which altogether provide a better understanding of their purposes and application.

On top of the need to differentiate between business continuity and disaster recovery, the widespread impact of the current COVID-19 crisis, especially on businesses and supply chains, has unfolded the necessity to deal with business disruptions in all their forms and the significance of quick and effective recovery. This research clarifies the purpose of BCP and the purpose of DRP and their role in combating impacts of disruptive incidents on businesses and organizations.

BCP and DRP are discussed extensively in the literature. Yet, few studies attempted to address the precise functions of the two resulting in an obvious confusion between their meaning and purpose which subsequently reduced the uniqueness of their application and the uniqueness of the application of each. Only a small minority of practitioners and academics recognise the precise differences between the two. This study aims at clarifying this misconception to a wider set of readers and interested parties.

This is an exploratory study that aims to explore the use (practice) of business continuity management (BCM) and the effectiveness of the BCM approach adopted by organizations from a variety of sectors.

The sample of this study consisted of 250 organizations from a variety of sectors: 80 industrial; 15 banking; 25 insurance; 130 services organizations. An interviewer-administered questionnaire was used to collect data.

The findings indicated that there is an increased awareness about the use of BCM across different sectors including the industrial, service, banking and insurance and that the current use of BCM is irrespective of a number of organizational characteristics.

This research investigates the current use/practice of BCM across a variety of sectors. It is therefore considered a significant preliminary study that paves the way for further future research studies related to the use of BCM in the Middle East. It also clarifies the current levels of application of BCM which subsequently facilitates and supports the wider adoption of BCM and commitment to adopt the best practices related to it across different sectors.

To the best of author's knowledge, this is one of very few studies which focus on the use/practice of BCM and approach’s effectiveness that have been conducted in the Middle East and in Jordan in particular. It reveals the extent to which BCM is being adopted across the various sectors which in turn reflects the levels of understanding and awareness of the significance of this process for today's organizations and for the continuity of their critical business functions during the occurrence of different sorts of disruptive incidents.

The paper aims at defining a systemic framework for the implementation of business continuity management (BCM). The framework is based on the assertion that the implementation of BCM should be done through the systemic implementation of an “always-on” enterprise information system.

Systems approach is used in order to design a systemic framework for the implementation of continuous computing technologies within the concept of an always-on enterprise information system.

A conceptual framework has been proposed to develop a framework for a systemic implementation of several continuous computing technologies that enhance business continuity (BC) in the form of an “always-on” enterprise information system.

The paper identifies BC as a business pressure in internet era and suggests a systemic framework for implementation.

This paper discloses the risk management response strategies and the perceived effectiveness of the strategies employed by companies operating within manufacturing clusters in Puerto Rico from 2016 until 2020, the second year of the coronavirus disease 2019 (COVID-19) pandemic.

The research design consists of questionnaire-based survey responses from companies belonging to manufacturing clusters, followed by semi-structured interviews and secondary sources of information.

The results reveal the risk responses used to manage specific risk types. Albeit respondents' dependency on an assortment of company-centric and cluster-bound risk response strategies, the perception is that the former is more effective when adequate local sources are available and the latter when the cluster has strong interconnectedness among the cluster's members.

Furthermore, there is a generalized belief that long-term cluster-bound strategies are required to complement individual companies' overall risk management strategies.

This paper demonstrated that due to the volatility, uncertainty, complexity and ambiguity (VUCA) nature of the Caribbean region, mixed risk management might result in better and more favorable long-term performance.

This paper aims to theoretically and empirically demonstrate the role played by business continuity management (BCM) to address risks such as trade conflicts and natural disasters. This paper also answers whether compliance with international standards such as the International Organization for Standardization (ISO) 22301 is adequate.

A case study of Chinese telecommunications giant Huawei is conducted to examine how a robust end-to-end BCM system has been established in two decades and in what way it has helped Huawei to efficiently maintain growth under pressure, such as being added to the “Entity List” and the pandemic.

Huawei case contributes to BCM theory in its approach to establishing the BCM system and its well-established BCM model. Huawei establishes and continually improves its BCM system by applying the Plan (establish), Do (implement and operate), Check (monitor and review) and Act (maintain and improve) cycle. Characterized as 4Ps: BCM policy, BCM process, incident management plan and business continuity plan, Huawei BCM system is shaped into a loop with end-to-end BCM process, covering all steps along its value chain – from suppliers and partners to Huawei itself and then on to its customers – with key initiatives for all domains such as R&D, procurement, manufacturing, logistics and global technical services. In practice, implementing international standards such as ISO 22301 enables Huawei to develop business continuity but not enough. Optimizing the BCM system is an ongoing effort, and BCM maturity is ever present: continually improving Huawei’s own BCM system and benchmarking against best practices available worldwide.

Apart from the case study, other methods such as counter-factual analysis can be used to further test whether Huawei’s BCM system is cost-effective. Another direction for future study is whether suggested BCM maturity levels should be supplemented into ISO 22301. In the digital age, how to use digitalization to ensure business continuity is a current issue not just for practitioners such as Huawei but also for researchers worldwide.

In practice, implementing international standards such as ISO 22301 enables Huawei to develop business continuity but not enough. Optimizing the BCM system is an ongoing effort, and BCM maturity is ever present: continually improving Huawei’s own BCM system and benchmarking against best practices available worldwide.

To the best of the authors’ knowledge, this is one of the first studies to focus on how an organization continually improves the suitability, adequacy and effectiveness of its BCM system, with special attention to standards compliance.

Previous research suggests new service development (NSD) is characterized by less stable offerings, less formal processes and is more emergent than new product development. In face of these issues, it seems managers must concern themselves more with the management of the underlying resources. To understand this distinctive nature of NSD, this study aims to investigate the relationship between NSD and operations resources.

Building on the resource and capabilities perspective, a multiple case study was designed to investigate how the NSD is influenced by and reconfigures operations resources and capabilities. Data were collected in three providers of bespoke B2B services.

The paper proposes a model of NSD composed of three stages: emergence, accommodation and consolidation. This model describes the process that takes place when providers redeploy their operations resources and capabilities to implement emerging service ideas. The findings also show the challenges associated with the reconfiguration of operations resources and capabilities and with the reconciliation of the requirements of the existing and new services.

The paper looked at services successfully implemented in knowledge‐intensive SMEs. Other studies could explore these NSD processes in other contexts and initiatives that failed.

The paper presents the risks and efforts involved in using existing resources to take advantage of emerging service ideas.

The model takes a fundamentally different perspective from many NSD models. It shifts the focus from managing the new service to managing the resources that underpin the evolving and emerging service ideas and offerings. This paper should interest people willing to understand the distinctive nature of NSD.

Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear.

The design science research process was followed and semi-structured interviews performed.

A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented.

As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews.

This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.

The purpose of this paper is to present the implementation and testing of a modified project risk management framework that integrates PMI’s framework with Monte Carlo simulation to improve the effectiveness in high-tech new product development (NPD) projects.

The modified framework considers three bodies of knowledge: project management, risk management, and Monte Carlo simulation to produce an enhance project risk management framework. Its application is shown through a case study.

Using the integrated framework in a recent case study project and prior NPD projects measures (as benchmarks), it was shown that it could help to enhance risk responses caused by task durations and costs’ uncertainties. The framework proved to be better than segregated generic best practices and was key in providing insight to the issue of early project risk assessment.

More experimental replications are required for enhancement effectiveness assertions of the framework, through the application of the framework to similar case studies. Furthermore, this could improve its reliability and soundness.

Future directions for research could include case and empirical studies that include hypothesis’s testing, and the integration of optimization procedure for improved NPD project’s planning and execution.

This paper outlines a way to close the gap of project risks management planning in NPD’s initiatives. It was motivated by a relatively new tendency in exploring integrated frameworks to deal with complex project risks issues.

La investigación presenta la implementación y demostración de un esquema modificado de gestión de riesgos para proyectos que integra el esquema propuesto por el Project Management Institute (PMI) con la simulación Monte Carlo para mejorar la eficacia de proyectos de desarrollo de nuevos productos (DNP) de alta tecnología.

El esquema modificado considera tres áreas de conocimiento: gestión de proyectos, gestión de riesgos y simulación Monte Carlo, para producir un mejor esquema de gestión de riesgos del proyecto. Su aplicación se demuestra a través de un estudio de caso.

Utilizando el esquema integrado en un reciente estudio de caso de un proyecto y previos proyectos de DNP como puntos de referencia, se demostró que el esquema podría ayudar a mejorar las estrategias de respuestas a los riesgos causados por la incertidumbre en la duración de las tareas y costos asociado a estos proyectos. El esquema ha demostrado ser más eficiente que aquellos propuestos como mejores prácticas genéricas, proporcionando un claro entendimiento sobre el tema de la evaluación de riesgos en la fase inicial de proyectos DNP.

Se requieren más repeticiones experimentales para mejorar la eficacia de las afirmaciones del esquema, a través de su aplicación a estudios de casos similares. Por otra parte, esto podría mejorar su confiabilidad y estabilidad.

Futuras investigaciones podrían incluir estudios de casos y estudios empíricos que incluyan pruebas de hipótesis e integración de procedimientos de optimización para mejorar la planificación y ejecución de proyectos de DNP.

El estudio describe una forma de cerrar la brecha en la planificación de gestión de riesgos de proyecto en la industria. Fue motivada por una relativamente nueva tendencia en la investigación de esquemas integrados para hacer frente a asuntos de riesgos en proyectos complejos.