Behaviour Perspectives as a Contribution to Business Continuity in the ICT Context

Introduction

The concept used here, continuity-by-design, derives from security-by-design. The development process integrating security-by-design aims to support a software producer in building and implementing a secure solution, taking into account potential security issues from the beginning of the development process, in order to reduce the risks associated with vulnerabilities and existing threats (Casola et al., 2018). Continuity-by-design focuses on enhancing service availability by incorporating possible controls, measures, and compliance with Business Continuity (BC) requirements throughout the product or service lifecycle.

This chapter presents a set of concerns with a view to including business continuity and resilience measures in software in the context of covid-19, as well as characterizing the domain of certification of invoicing software in Portugal.

In this perspective, the authors aim to present a research path that aims to guide producers of Invoicing Software Programs (ISP) and organizational decision-makers in identifying the issues that enhance BC in the design and implementation of an invoicing software solution.

The research was initiated with a guide to support the design of a Business Continuity Plan (BCP) in organizations with ISP (Russo, 2019). The guide addressed the main theoretical and empirical considerations that support the design of a BCP, based on a literature review, particularly in the area of Business Continuity Management (BCM).

The literature review on BC, along with the acquired knowledge, allowed for the design of a methodological approach for the systematization of BC in organizations (Russo & Reis, 2020b). The systematization involved the definition and implementation of a set of interconnected phases necessary to optimize the planning and response to disruptions in business processes, aligned with the organizational strategy and tailored to the Information and Communication Technologies (ICT) needs of the organization.

In this context, an analysis of the problem underlying the certification of ISP was conducted (Russo & Reis, 2019a), highlighting the technical requirements integrated into Portuguese tax legislation that involve BC. Constraints in their implementation were addressed, including technical issues, interpretation of tax legislation, or the selection of standards and best practices in the ICT field. This work was updated to include considerations on electronic document archiving (Russo & Reis, 2020d).

Furthermore, it became necessary to characterize the companies and invoicing in Portugal using certified ISP, aiming to improve organizations' perception of the certification process and contribute to increasing the number of certified ISPs (Russo & Reis, 2019b).

A study was conducted to characterize electronic invoicing in Portugal (Russo & Reis, 2020c), including its utilization by organizations and the communication of invoice elements to the Tax and Customs Authority (AT). The objective was to support companies in the process of implementing an ISP certified by the AT, whether through internal development or the acquisition of an ISP.

In line with this objective of supporting ISP producers and users, a set of best practices was published, including diagrams and details of various involved requirements. Topics covered included considerations on data backup policies, ISP downtime, or program access control (Russo & Reis, 2020a).

The recent simplification of fiscal legislation has created conditions for the dematerialization of documents, allowing for the possibility of waiving the use of printed invoices and encouraging the adoption of electronic invoicing and electronic document archiving systems. In this context, electronic invoicing and archiving adoption within the scope of ISP certification, can be a driving factor for entrepreneurship, innovation, and sustainability (Russo & Reis, 2021).