ICT systems are expected to be available 24/7 to internal and external users regardless of the circumstances, but the nature of uncertainty in complex and dynamic environments makes Business Continuity Planning more relevant today than ever before. Organisations providing 24/7 ICT availability become strategic dilemmas for decision makers, hence, to ensure operations, managers must balance the costs involved in providing an almost zero downtime infrastructure for information availability with the trust ICT users have on a given organization. Decision makers need to assess possible disruptions and vulnerabilities that can impact on ICT availability to all users. This chapter argues that approaches, such as virtualisation, can provide cost advantages to organizations by ensuring availability and resilience through flexible system implementation, and to achieve this objective, committed strategic managers must have arguments to defend this view.
TopBusiness Continuity Planning
Business Continuity Planning is concerned with the collection of mission critical procedures that are triggered and implemented when disaster strikes to ensure the continuance of business processes, while recovering from a given disaster (Boin & McConnell, 2007; Cerullo & Cerullo, 2004). Botha and Von Solms (2004) have defined BCP as “the complete process of developing measures and procedures to ensure an organization’s disaster preparedness” (p. 329) and hence being able to continue with business as usual under any contingency.
Strategic managers are concerned with the development of capabilities and the allocation of resources to achieve organizational objectives and ensure the ongoing survival of business operations (Woodman, 2007). However, in an increasingly complex and dynamic environment, unpredictable circumstances have sometimes devastating effects on operations and survival (Zsidisin, Melnyk, & Ragatz, 2005). Computerized systems, communications and the people that interact with these systems are all susceptible of intentional and/or unintentional damage. Business customers, suppliers, and competitors rely heavily on Information Communication Technology (ICT) systems for interaction with each other and, hence, the loss of this interaction may have dramatic consequences for the survival of any firm.
BCP, to date, has focused on the impact of catastrophic events on business’ operations following the 2008-9 global financial crisis (GFC), extreme weather conditions, high temperatures, torrential rains, and pandemics. This focus has put pressure on building resilience through duplication of physical resources. On the other hand, ICT threats, such as viruses and network failure, are more common and also have disastrous consequences because they impact on the information availability that businesses require to perform on a daily basis (Hawkins, Yen, & Chou, 2000; Cerullo & Cerullo, 2004). Ninety four per cent of the organisations, that have had to resort to the spirit and content of BCP, agree that BCPs have effectively contributed to reduce the impact of disruptions (Woodman, 2007). Still, many organizations do not have business continuity plans, or if they do have these plans, either lack continuous review processes or are unknown by, or are communicated poorly to, employees and stakeholders, and hence they engender reactive decision making approaches.