Considering the expectations of customers on service and information availability 24x7, complete operations suspension in case of adverse events is not an option. Modern businesses have become dependent on their information systems (IS) whose incidents and failures can highly affect business operations. Ensuring continuity in IS is related to the reliable delivery information. In order to lower the negative impact of IS incidents, organizations should get prepared for them. Business continuity management (BCM) is a holistic management approach whose aim is to identify, prevent or mitigate operational risks. BCM consists of business continuity planning (BCP), contingency planning (CP) and disaster recovery planning (DRP). BCP defines the strategies that organizations should implement in order to ensure their survival when a crisis event occurs. The aim of this paper is to identify the relevant elements of continuity in IS.
Top1 Introduction
Information and knowledge are the main sources of firms’ competitive advantage in modern digital era. Customers expect service availability 24x7, therefore, system downtime is not an option. Employees, shareholders and customers expect that the services and information are available throughout the day.However, even minor disaster events or business interruptions can cause irreparable damage to the organization and its image.Especially, the business has become dependent on information technology (IT) and information systems (IS) whose incidents and failures can highly affect business operations. Organizations’ business continuity is increasingly vulnerable to IS incidents(Niemimaa, 2017). Despite all the advances in the development of IT, it is certain that it will always be subject of failures as well as attacks. Thus, organizations recognize IS continuity as a key information management issue (Järveläinen, 2013).In order to lower the negative impact of IS incidents, organizations should prepare for them. This is why the concept of business continuity management (BCM) gained in importance. It was largely neglected until the moment when the Y2K problem showed the possible impact of infrastructure flaws of information technology. The main goal of BCM is to enable organizations providing an acceptable level of services to all stakeholders, including customers and other business partners, even in the case of certain unforeseen circumstances that can happen. The process itself involves the development, maintenance, implementation and management of business continuity plans. Therefore, many scholars and practitioners agree that BCM should be an essential part of any contemporary organization’s information management(Bajgoric & Moon, 2009).
Business continuity management encourages flexibility in the business in terms of responses to operational challenges and threats by ensuring maximum operational efficiency of critical business processes. Organizational culture must encourage employees to be aware of everyday dangers and ensure that each employee is responsible for reducing the risk. Thus, King (2003) introduced a term of business continuity culture and highlighted the fact that “If you fail to plan, you will be planning to fail”.
The main objective of this chapter is to improve the understanding of continuity planning for information systems in organizations. Specifically, the aim is to identify common methodologies, risks, drivers, inhibitors as well as phases of continuity planning for information systems. In this regards, the following research questions are defined: i) What are the most common methodologies of IS continuity?; ii) What are the most common risks of IS continuity?; iii) What are the most common key drivers of IS continuity? iv) What are the most common inhibitors for IS continuity?;and v) What are the stages/phases of IS continuity planning?
In order to address these questions, a systematic literature review methodology will be employed. Similar research has been conducted by Niemimaa (2015) who reviewed the multidisciplinary literature on BC from an IS perspective guided by the question: “how organizations can prepare for and respond to IS incidents?”. His main conclusion is summarized through four themes: i) social aspects as IS continuity enabler; ii) technology as IS continuity enabler; iii) salience of IS continuity; and iv) models that improve IS continuity.
The chapter is structured as follows. First, the concept of BCM is presented prior to the presentation of the BCP. Second, systematic literature review (SLR) methodology is discussed in regard the conducted steps. Finally, results discussion is provided using narrative method (Wahono, 2015).