With the democratization of Data management through Big Data and Cloud Computing, and the proliferation of business lines into complex networks, industries are ever more subject to disasters than ever. It is practically impossible to forecast their happening and degree of damages. Consequently, companies try to collaborate in integrating risk management in their information systems against downtimes. This chapter addresses this problem by outlining and discussing insights from the extensive literature review to produce a generic approach for cross-management. A set of prerequisites of disaster planning is also provided with comparative analysis and arguments. The proposed approach is focused on risk assessment methodology based on Fuzzy Cognitive Map. The method is able to aggregate all assessment variables of the whole stakeholders involved in the business network. The key findings of this study aim to assist enterprises in improving risk readiness capability and disaster recovery. Finally, we indicate the open challenges for further researches and an outlook on our future research.
Top1. Introduction
In today’s massive digital transformation, the way we do business is mutating each day. Indeed, progresses in Big Data and Cloudified environment are affording more information than ever before (Hashem, et al. 2015). In fact, business continuity and risk management topics are propelled at the forefront of interest for both scholars and practitioners (Papadopoulos, et al. 2017).
Companies and especially sensitive industries face continually various disrupting events that could happen separately or simultaneously (Sahebjamnia, Torabi and Mansouri 2015). Each trouble might have different impact on resources, manpower, products, facilities, sites, factories, etc. Usually, two main plans are settled by organizations to prevent and face calamities: the Business Continuity Plan (BCP) (Montshiwa, Nagahira and shida 2016) and the Disaster Recovery Plan (DRP) (Al Hamed and Alenezi 2016). However, these two plans are developed separately in each information system where event happening for a company may impact all businesses of far or near connected companies around the world (Papadopoulos, et al. 2017). Actually, complex and large virtual networks of enterprises confirm today that any disaster may impact all stakeholders of the businesses chain (Noran 2014). For example, a German computer manufacturer should integrate the disaster plan of Japan zone since it subcontracts the manufacture of microprocessors to a Polish constructor who supplies to factories in the Japanese islands of Ryūkyū.
An Interesting recent survey, published by Gartner® (Gartner 2017) in (Witty 2016), revealed that nearly three from every ten companies settled a real Disaster Recovery Plan. The same investigation reported that in the occurrence of an outage; where 67% evaluate their business lose more than 20, 000 USD for every one day of interruption.
To make their energies the most useful, enterprises should consider every potential state when analyzing the possible risks (Kristo and Cingula n.d.). This means that enterprises involved in networks, supply chains, and virtual markets should consider all disaster sources of stakeholders in the entire network (Takakuwa 2013). These risks should be taken into account from somewhat routine vulnerabilities like power failures to extremely dangerous events like acts of war or terrorist attacks (Huatuco, Ullah and Burgess 2017). As the purpose of a Disaster Recovery Plan is to outline what acts will be taken in the event that an organization does experience disaster (Gasbarro, Iraldo and Daddi 2017), recovery management should cover all concepts and events in the entire network (Timperio, et al. 2016). However, the investigation of academic and industrial publications and projects highlights a clear shortage in collaboration practices, cross data management, and governance issues on risks planning from a networked enterprises perspective ((Brindley 2017), (Sarmiento, et al. 2016), (Chatterjee, Ismail and Shaw 2016)).