The need for a developed Business Continuity Plan

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The need for a developed Business Continuity Plan"

Transcription

1 J Ö N K Ö P I N G I N T E R N A T I O N A L B U S I N E S S S C H O O L JÖNKÖPING UNIVERSITY The need for a developed Business Continuity Plan Paper within Bachelor Thesis in Informatics Author: Peter Gneist Robert Kiersz Omid Osman Tutor: Jörgen Lindh Jönköping June 2009

2 Abstract In order for an organization to stay as resilient as possible a Business Continuity Plan (BCP) can be of importance. Today many advanced technologies are being implemented into organizations which are leading to a higher degree of risks and vulnerabilities. Organizations therefore need to focus on identifying problems in order to work more efficiently in order to succeed with their business. The report is using the framework of Business Continuity Planning approach and is emphasizing on how to prepare a plan in order to make organizations more resilient. The research is conducted in a deductive way which includes testing theories and their propositions against data which have been collected. Therefore the theories found from the literature were applied on a case and appropriate data was collected to suit our purpose. Moreover, problems were analyzed and suggestions proposed of how to deal with them. Many critical organizational components were revealed but the main findings can be summarized as how organizations can identify and evaluate problems. This is an important part of the BCP and is of need when preparing the plan. Other important suggestions which need to be considered when preparing the plan is to; obtain top management support, assigning a steering committee, a clear communication strategy and a documentation plan. i

3 Table of Contents Abstract... i 1 Introduction Background Problem Discussion Research Questions Purpose Perspective Delimitations Definitions Interested parties Methodology Scientific approach Research philosophy Research approach Research strategies Time horizon Literature search strategy Literature review Reliability and validity Generalizability Objectivity Data collection techniques Defining research ideas Observation strategy Interview strategy Analyzing techniques of interviews Questionnaire strategy Analyzing techniques of questionnaire Theoretical Framework Steps in creating a successful Business Continuity Process Training Risk Management Soft systems methodology Reflections from the theoretical framework Empirical findings Case observation Interviews Interview Interview Interview Interview Analysis ii

4 5.1 Categorization of problems Risk Evaluation Problem relation analysis Suggested components to become resilient Conclusion Fulfilling the purpose Future research References Appendix Appendix Appendix Appendix Appendix Appendix Appendix iii

5 1 Introduction Business survival depends on the assured continuity of core business activities and supporting services: business continuity (BC) (Morwood, 1998) Today most organizations are exposed to some kind of risks that can damage their business in different ways and threaten its survival. Therefore it can be vital to organize a plan to prevent the risks, to be able to recover from disasters, and to minimize the damage when a risk occurs as well. The approach of business continuity management (BCM) will be used in this report to work as a framework. Today more and more organizations are using a BCM approach due to the large amount of risks existing but at the same time many are not putting enough efforts in BCM as they should. The BCM covers numerous of organizational issues. However, this research paper will mainly focus on the working processes around IT/IS. Since an IT system can be very complex many organizations fail in identifying existing vulnerabilities. A system related problem can be devastating for an organization since IT is in many cases closely aligned with the business. When a system is down for a longer period of time, the business might stop functioning properly and in the long run this can lead to a major catastrophe. According to Doughty (2000), statistics indicate that having the IT system down for more than 5 days would put 90 percent of all organizations out of business within a year. Implementing and using a contingency plan, as the Business Continuity Plan (BCP), can help the organization to understand the risks and vulnerabilities associated with the IT system and at the same time provide solutions to deal with these issues. Critical components in the perspective of IT issues are not only IT components itself but also people, equipment, location, data and communication networks which can make the plan rather comprehensive (McCrackan, 2004). The plan can even, if implemented properly, lead to a more efficient and profitable organization in the long run (Reuvid, 2006). Impact and risk analysis is a part of the BCP and an important tool which will be handled in our research. 1.1 Background The perceived level of threats and risks has increased since the start of the computer era. This has put the business continuity management processes at a higher level of priority in order to become more preventive and resilient towards organizational wounds. The main purpose of BCM is to ensure that the organization has a response to major disruptions that threaten its survival (Reuvid, 2006). A threat towards the organization can occur from many different sources, everything from unintentional causes to intentional causes. Therefore a BCM approach takes into account a large range of aspects which are caused by several different factors. Analyzing the risks and threats can lead to a more cautious way of working with less disruptions and a more resilient organization. Identifying requirements and knowing how to deal with disruptions can also eliminate inefficient ways of working. Having a BCM that benefits an organization will assure that there is a more stable business environment. The BCM is a concept which has been written a lot about in recent years and 1

6 many different authors provided a high number of different ideas which can be useful for an organization. Implementing a BCM approach can though require essential changes in the organizations structure and culture, due to the need of alignment between business processes and the BCM (McCrackan, 2004). Hence, a BCM approach can be very time consuming and require lots of resources in order to be implemented in the business. Preparing a business continuity approach involves the construction of a Business Continuity Plan (BCP). The BCP goes through the steps required in order to deal with the issues around continuity management. Complex IT infrastructures within businesses can be very vulnerable and have to be managed very thoroughly to eliminate and deal with its risks. Some organizations or departments might become extensively damaged when their computers are down. There is not always room for a system downtime; the business can lose customers to their competitors while it is down. This in turn can lead to decrease in profits. An example is the case of Union Bank of Switzerland, when their computers crashed for only several minutes they experienced losses that could fund their entire network a number of times. The Executive Vice President of the Bank argues that the bank would collapse in case the computer systems would be down for more than 2 days (Doughty 2000). Processes around IT/IS can have many vulnerabilities and risks which might need to be considered and dealt with. A resilient IT infrastructure is of great importance to stay competitive. A well formulated guide specified for processes around IT/IS can lead to a better work efficiency is therefore of huge interest. 1.2 Problem Discussion Today s organizations have to compete in an ever growing and faster moving economy. Generally, managers have to make complex decisions much faster and mistakes can have huge impacts on an organization s performance and overall well being. Due to the fact that more and more critical and value producing business processes are based on information technology, it is crucial for organizations to ensure a high level of system reliability and availability. Morwood (1998) argues in the same direction when he says that business survival is depending on the assured continuity of core business activities and supporting services. However, problems with information technology and information systems are just a matter of time. In order to respond to the occurring problems in the best way, every organization would need to have a Business Continuity Plan. Unfortunately, not many organizations are aware of the fact how crucial a business continuity plan is to their operating business and internal affairs. Botha and von Solms (2004) state that resources and staff involved in Business Continuity Management is limited, especially when it comes to smaller organizations. Another problem identified by Weems (1999) is that the business continuity planning project is a non-revenue producing project and therefore it is not seen as a high priority project for most organizations. In comparison, Business Continuity Plans ensure that the organization has a plan in place prior to a disaster occurring. This can help and facilitate a speedy and cost- 2

7 effective recovery of core business activities following a disaster (Morwood, 1999). If a company does not have any Business Continuity Plans the impacts on the company can be immense. 1.3 Research Questions Focusing on the nontechnical side of the organizational IT/IS environment is our main target to conduct this research. How can an organization assess its IT/IS related problems? What could be done in order to achieve efficient solutions to IT/IS related problems? How can an organization achieve a resilient way of working in order to be prepared for upcoming IT/IS related problems? 1.4 Purpose The purpose of this research paper is to show how problems can be assessed and relationships among these problems can be drawn. This research paper will also focus on how to improve problem related working processes. Through analyzing the current situation of one service-oriented organization we intend to provide suggestions of what to include in a BCP in order to deal effectively with problem and risks. 1.5 Perspective A perspective statement is necessary for the internal agreement, which is a process of analyzing and developing different hypotheses and understandings about what involves in the research area (Goldkuhl, 1998). This study will be focused on system related problems in a department of a large service-oriented organization located in Sweden. The problem will study two perspectives, from the managers and the employees (agents) point of view. The agents perspective is assumingly more about the ease of use and usefulness since they are working with the system on a daily basis. In contrast, the perspective of the managers can be seen more as a strategizing perspective where the focus is more on the IT contribution towards the business. Moreover, the manager perspective is influenced by cost issues as well. Our basis for choosing more than one view is that it will provide us with a better and comprehensive understanding of the problems at hand and permit us to conduct our research from multiple views, rather than from one actor s perspective. 1.6 Delimitations The BCM concept will be the main focus area together with a larger case study. The approach will be conducted within processes around IT/IS. We will though exclude technical solutions in relation to the problems in this report. The case to analyze is a department of a large service-oriented organization located in Sweden. The focus will be narrowed down to this particular department. The employees working at this specific department and the internal working processes will be of inter- 3

8 est. Their processes of handling the IT/IS environment will be in the spotlight which therefore excludes other non-related working tasks. 1.7 Definitions Agent: Employee who works at the operational level of the organization Business Continuity Management (BCM): A holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities. (Reuvid J. 2006) Business continuity plan (BCP): a series of procedures to restore normal operations following a disaster with maximum speed and minimal impact on operations. A comprehensive plan will include essential information and materials for necessary emergency action. (Doughty K. 2000) Resilience: Defined as the ability to recover quickly from unpleasant or damaging events. (McCrackan A. 2004) Risk: A risk is an uncertain event or set of circumstances that, should it occur, will have an effect of the achievement of one or more of the project s objectives (APM PRAM Guide, 2006, p. 17). Risk Assessment and management: In the use of any technology, process, or procedure, someone should determine where unexpected or undesired consequences are likely to occur. (Doughty K. 2000) 1.8 Interested parties This thesis is intended to benefit a number of interested parties. The specific serviceoriented organization we investigate can therefore be considered as the main interest party because of their direct involvement in our research. Due to this fact they are able to apply our suggestion and findings at first hand and benefit from them. Also other organizations that operate in the same field may benefit from this thesis. Since the organization which we investigate does not have a Business Continuity Plan we can assume that many other organizations in this sector will be in the same position as well. Therefore, they could be interested in this paper when they decide to develop and implement a BCP. Other interested parties are academics that work with risk management. These researchers could find new insights or perspectives on Business Continuity Planning which could influence their research or future research projects. Moreover, decision-makers such as project managers, IT managers and IT strategists can be interested in this paper due to the reason that this research will provide suggestions of what to include in a BCP in order to deal effectively with problem and risks. It also outlines aspects which are of importance to Business Continuity Planning and could therefore be applied in their organizations. 4

9 2 Methodology This chapter of the research paper will deal with methodology and data gathering techniques. Methodology is concerned with the philosophical research approach, reliability and validity aspects. Whereas, the data gathering techniques will describe how we collect the data and develop the theoretical frame. 2.1 Scientific approach Qualitative research is the art of involvement and deepening in a particular situation, which therefore disregards a general objectivity (Potter, 2002). An example of a qualitative research can be a face-to-face interview with one or two persons. On the other hand the quantitative approach is concerned with the statistics and generalizations. Conducting a questionnaire for a wide range of people is an example of a quantitative research. The research for this study will be approached and conducted mainly in a qualitative manner. The qualitative approach is seen to be the most suitable one in order to deepen our knowledge and understanding in the field of study. This approach is also helping us building a rich detailed set of data from the situation which we are investigating and at the same time to probe the answers to our research questions. People will be interviewed and revealing their perspectives can widen our insights and knowledge. 2.2 Research philosophy Researchers mostly distinguish between three different research philosophies positivism, interpretivism, and realism. Realism argues that the senses are showing us the truth. According to Saunders et al. (2007) interpretivism states that it is necessary for the researcher to understand the differences between humans in our roles as social actors. In contrast, the positivistic philosophy takes the role as a natural scientist. In this case the researcher prefers to work with an observable social reality and the results can be seen as law-like generalizations (Saunders et al., 2007). This research will follow a positivistic approach which is a part of the epistemological research philosophy. Due to the fact that we have direct access to the organization, this approach seems the most suitable for us. Since we are getting an understanding and further knowledge through investigating one organization in detail, we will be able to draw generalizations according to our findings and results. This is possible due to the nature of the organization we are going to investigate, which is very similar to most other companies in this business sector. 2.3 Research approach In general, one can distinguish between two different research approaches, deductive and inductive. The deductive research approach is a testing approach where a theoretical frame will be built and a hypothesis will be tested against these theories. Whereas the inductive approach follows the gathering of empirical data and developing a theory based on the collected data. In our research we will follow a deductive approach since we ought to use existing theories from the literature which will be tested by the use of our collected data. This research approach suits our intentions to explain causal relationships between different variables and their impacts on the organization. 5

10 2.4 Research strategies There are different research strategies that can help to answer the research question of a thesis such as experiment, grounded theory, case studies, action research, ethnography, and surveys. In this thesis, a case study will be used to gain empirical data from one organization in order to answer the research questions. Moreover, a survey strategy will be used as well to investigate the perspective of the employees in that particular organization. 2.5 Time horizon When undertaking research, there are two possible timeframes to choose from. When conducting cross-sectional studies the researcher is taking a snapshot, at a particular point of time, of a particular phenomenon. The second type is called longitudinal studies. This type of studies is more suitable when it comes to the study of change and development over time (Saunders et al., 2007). This research will follow a cross-sectional approach due to time and resource constraints. One major intention of the report is to reveal and find out about the current situation of the case which we explore in order to give suggestions of beneficial change later. Therefore, a snapshot of the organization will be analyzed and serve as a base for the analysis part. 2.6 Literature search strategy When searching for appropriate literature for a research paper one need to have a clear literature search strategy which helps to find the most sufficient information within a field of study. A clear literature search strategy also helps to cover most parts of available literature and ensures that one does not miss out on any important publications. According to Saunders et al. (2007) the literature search strategy can be seen as a process consisting of four steps. The first step would be to define the parameters of our search. These parameters can include areas such as language of publication, subject area, business sector, geographical area, publication period, and literature type. We defined that the language of the publication we intend to search for should be English or Swedish. This is based on the facts that most research is published in English language in order to provide it to a bigger audience, and since we are writing our own research paper in English as well we would save lots of translation efforts. The reason for including publications written in Swedish was that we are able to access a lot of student theses written earlier by Swedish students. This would not only give us the advantage of accessing a wider range of literature. Since our research paper will be written within the field of informatics, the literature we will be searching should be within the same field. Moreover, we are looking for literature that is written within management science Business Continuity Management. Due to the fact that we will not only have a look on information system issues but also strongly focus on workflow and management issues we are in need to obtain literature from these both areas. Another parameter of our literature search strategy will be the choice of a business sector. In our case the business sector we intending to investigate is the service-oriented 6

11 sector. We will collect our empirical data from a service-oriented company; therefore we are intending to obtain literature and knowledge about previous theories in this area. This will deepen our understanding and also help us to have a better data collection strategy in the end which will lead to better outcomes and findings. There will not be any limits when it comes to the geographical area of our literature search. Since most research papers, from all over the world, are written in English it would not contribute to the overall quality of our work if we would only focus on one or two geographic areas. In our case, focusing on only specific geographical areas would enormously increase the risk of missing important theses and works within our field of interest. Therefore, the geographical area of our literature will not be restricted. Information systems are getting more and more complex. Today s businesses have to pay high attention to the integration of business and technology. Therefore, the literature which will serve as a base for our research paper must be relatively up to date. Lots of old publications do not pay too much attention on integration and complex information systems because these issues have not been really important from the beginning. However, these aspects became more and more important during the last years. In order to write a sufficient research paper we need up to date information and knowledge, therefore we will focus in our literature search strategy on publications that were published within the last 15 years. The type of literature we will intend to search for will mostly be academic articles, theses, and books. This is based on the possibilities we have with accessing different material. Since we have the opportunity to use the university library we have access to numerous books within our field of research. Moreover, there are a lot of theses available written in the boundaries of Jönköping University. The university library also provides access to several databases which help to find academic articles which can be of good support for the research paper. However, our access to publications is also restricted. Some specific material is only available when you pay a subscription fee or buy the rights to access the material such as conference papers and publications. The second step in the process of defining the literature search strategy is to explain and define the key words and search terms we intend to use and how we came up with them. Saunders et al. (2007) suggests different techniques to generate key words, these include discussions with colleagues, the project tutor and librarians, initial reading, dictionaries, thesauruses, encyclopedia, handbooks, brainstorming, and relevance trees. We approach this step through the use of discussions, initial reading, and brainstorming. Discussions led to the result that we ended up with specific search terms and key words in order to maximize our chances to find relevant literature for our research paper. These discussions were within the project group and therefore really supportive in order to eliminate insufficient key words and focus on the ones we thought will bring the best search results. The internal discussions were also supportive in order to distribute the different key words and search terms among the group members, therefore not every group member used the same terms and it was possible to coordinate the workload in a better way. Furthermore, we received good feedback on our pre-defined key words during tutoring sessions and also got good hints on how to improve the already existing key words and to find new ones as well. 7

12 Since one group member has read about and handled with Business Continuity Management before, we had a good understanding in which direction we should develop our key words and search terms. The technique of brainstorming was mainly used during discussions in order to develop and refine the pre-defined terms. Our search terms and key words were: Risk Management Business Continuity Management Business Continuity Planning Soft System Methodology Resilience In order to develop a good Business Continuity Plan, one needs to identify the existing risks and problems. Therefore, risk management is one of our main search terms. It will ensure that we find literature about how to identify, assess, and handle risks. Business Continuity Management and Business Continuity Planning are important search terms in order to find sufficient material about how to develop a Business Continuity Plan and therefore essential for this research paper. The term resilience is used in order to find publications about efficient workflows and approaches to strengthen a company s problem handling procedures. In turn soft system methodology is a concept which is used to support problem identification. Most literature will be tried to identify through the use of several databases. In this case we mainly use the search tool possibilities of the university library website. Through different types of search functions one is able to cover a high number of different databases. Databases that have provided us with the most sufficient results were ABI/Inform, Springer Link, Academic Search Elite, and Business Source Premier. In this research paper primary and secondary literature is the main kind of literature that is used. The theoretical framework consists of primary literature such as academic reports, and secondary literature such as books, and journals. This happens due to ease and convenience of access. The assessment of the relevance and sufficiency of the literature we found is based on our own perspective, experience and judgmental values. Since we are three persons in our research group, with three different points of views and perspectives, the literature must have been agreed upon by every group member in order to be used within the research paper. To use the literature found in a sufficient way, recording the literature is an important aspect. We recorded our literature in the way that we saved all the relevant articles we found and also made notes about the most important facts within these articles. These relevant notes became a base for our writings later on. 2.7 Literature review To describe the context of a phenomenon when research is conducted, a vital part of the research process consists of critically reviewing the literature. Critical literature review is the process of a detailed and justified analysis and commentary of the merits and faults of the literature within a chosen area, which demonstrates familiarity with what is 8

13 already known about the chosen research topic (Saunders et al., 2007). The sources used in this research have been processed according to the approach suggested by Saunders et al. (2007). They suggest thinking of the review as a funnel consisting of seven steps: 1. Initiate the review at a more general level before narrowing down to the specific questions and objectives 2. Make a short overview of the key ideas and themes 3. Summarize, compare, and distinguish the research of the writers 4. Narrow down and emphasize previous work that is relevant to the research 5. Present a detailed description of the findings of the research and show how they relate to each other 6. Underline aspects where your own research will provide fresh insights 7. Guide the reader into later sections of the report, which investigate these issues Our literature review is following the guidelines of Saunders et al. We started by searching the most relevant literature that deal with the purpose of our thesis. The literature that we thought would be the most relevant was summarized and compared in order to find the most appropriate key ideas and to further develop our understanding of the relevant subjects. Hence, Business Continuity Management (BCM), risk management and soft systems methodology were the most appropriate topics to use as a theoretical framework. Additionally the concept of training within the guideline of BCP was added. The BCM is though the most important concept for our research which deals with the research questions we have specified. Additionally, the risk management approach is used to further develop a well founded BCM. To identify problems existing within an organization and in order to develop an even more thorough BCM, we found the importance of soft system methodology, (SSM). The SSM is used as a framework and guideline in order to help us analyze and understand the situation which will be researched upon. There is a lot of literature about the BCM and risk management concepts and we therefore carefully chose the literature which is of most help to tackle our purpose and research questions. This will be conducted by choosing the theory from the most acknowledged and known authors. We assume that by using the BCM approach we might get new insights of how to use it as efficiently as possible when applying the concept to our researched case. 2.8 Reliability and validity Reliability is a concept which is concerned about consistent findings. This means that different researchers with different techniques will have the same results and findings. We are trying to achieve a high degree of reliability through interviewing people in key positions. These people are the local IT manager, the Nordic operating manager, and the agents. These people will provide us with a comprehensive view on the organization and on all system related problems. Therefore, we can eliminate biased views on the working processes and the systems. Moreover, these persons know the organization best and therefore adding the appropriate level of reliability to our research. Through the use of different data collection and analyzing techniques, we are trying to increase the level of reliability as well. Through the use of interviews and questionnaires we are trying to show a comprehensive and complete picture of all the problems and 9

14 how to solve them. We also aim to show as clearly as possible how we collected and analyzed our data in order to make this research paper as reliable as possible. At the same time through a highly communicative research paper and a clear research approach we try to achieve a high degree of validity. According to Saunders et al. (2007) validity is about ensuring that the findings are about what they appear to be about and if generalizations are possible. In order to achieve a high degree of validity one has to eliminate as many threats to validity as possible. In order to ensure that the findings are about what they appear to be about, we are using different data collection techniques. This will support the development of a comprehensive view of the organization. Another important factor for achieving a high degree of validity in our research is to collect data from different people on different levels of the organization. This will also guarantee that our findings are really about what we think they are about and no misinterpretations are possible. We also minimized the threats of validity through making sure that we have a consistent dialogue to the same people in the organization at all time during the research. 2.9 Generalizability Generalizability is a concept which is about drawing predictions on recurring experience and findings. Frequency of occurrence is therefore of value. This means that a particular phenomenon which is generalizable can be applied on many cases (Colorado State University Department of English, 2009). As mentioned before other organizations in this service-oriented business sector are quite similar to the specific organization we investigate. We believe that this will lead to possible generalizations of our research. Most call centers work with communication/contact management systems (CMS), top down approaches, and computer infrastructures. The external validity is relative high since lots of organizations in this business sector can actually use our findings and outcomes and display it on their own organization in order to improve their BCP or even start to develop one Objectivity Objectivity is about the avoidance of personal interpretation and instead focusing on assumptions equally agreed upon (Saunders et al., 2007). The concept is therefore the opposite of subjectivity which deals with personal interpretations. An objective approach will avoid the subjective selectivity data gathering which helps making the research more valid and reliable. Our report will be of high concern to handle it as objective as possible. The fact that we are three authors with different perspectives is increasing the value free level of the report. The literature we use is created by many different authors with different theories, opinions and suggestions which also improve the quality of objectivity. Moreover we conduct in depth interviews with three different kinds of people in the organization where they freely air their opinions. This happens in order to give us a comprehensive picture of the situation. The data gathered from the conducted interviews can in turn shape our perspective and secondly our thesis into a more objective direction. The result from the use of this approach makes the report less bias. 10

15 2.11 Data collection techniques In this part we will describe how we intended to achieve our research objective. At the same time an explanation is provided why we choose to use these methods and how these techniques helped us to write the report Defining research ideas In order to come up with a research idea, rational thinking techniques were mainly used. First of all, the group tried to find out the areas in which each group member is interested in. After identifying a couple areas of research, the group looked into old theses and projects to get a better insight and new ideas within these areas. With the help of additional literature and electronic databases different topics were discussed in order to come up with a final topic. Brainstorming, a creative thinking technique, also helped in identifying the final research topic Observation strategy In order to get a good picture of the organization, its structure, and its processes we used the observation data gathering technique. This happened due to the reason that one member of our research group is actually working for this specific company. Therefore, we had rather free access and good insights into the organization. Saunders et al. (2007) suggest different types of observation techniques. The differences between those types are whether the identity of the observer is revealed or concealed and whether the researcher takes part in the activity or just observes it. In our case, we used the participant as observer approach. The researcher s identity was revealed since he is a regular employee (agent). Therefore, he knows most of the other employees within the department as well which facilitated easier access and greater willingness in order to conduct a good questionnaire later on. Moreover, as a regular employee of this organization he takes part in the activities of the everyday work. Therefore, he can contribute a lot of knowledge of his own experiences to this research. The fact that he is working there gives us as a group the advantage to find the right people easily from which we want to conduct our data gathering activities Interview strategy The main part of the empirical data will be collected through interviews. These interviews will be non-standardized. The way of conducting these interviews will be face-toface with employees in key roles in that particular organization. The group chose to go with a semi-structured interview strategy which means that we have a number of predefined questions and themes we want to ask and leave space for other issues and questions coming up during the interview. This is done, in order to cover our areas of interest and leave space to upcoming and follow up questions which can give us a deeper knowledge in certain areas. The persons we will interview are the local IT manager at the local department, and the Nordic operating manager. These two persons are in key positions for our research. The local IT manager at the local department can provide us with the most common occurring problems related to the information systems and how they are handled so far. 11

16 Moreover, he is able to give us a good overview about the work processes and the system architecture and hierarchy. The Nordic operating manager is of great value to our research since she is the connection between the local department and the headquarter. Moreover, she is attending board meetings and reporting directly to members of the board. Therefore, she has a lot of knowledge about the company itself and is mostly involved in strategizing new concepts for the company. Furthermore, she is the system owner of one of the systems in this organization. This interview will help us to achieve a comprehensive view of the nature of the organization and the thinking about IT from a headquarter perspective as well Analyzing techniques of interviews The analysis is based on our notes from the interviews. These notes are ought to be seen as the layer to create the valuable picture of the analysis. Our interviews will be recorded qualitatively and be completely available to the reader as an appendix. The collected data will be analyzed by using Yin s (2003) explanation building approach. This is a deductively based analyzing approach which is in line with the overall deductive approach of the research paper. Moreover, we can explain the relation between the collected data and the proposed theory which will help us to gain a thorough base for our analysis section Questionnaire strategy We also intend to gather valuable material by using a questionnaire. This questionnaire will be distributed to a number of agents working for the organization in order to get an understanding of their perspective on the existing issues. Since we want to keep the number of respondents high, we will approach the agents with a self-administered questionnaire. This will also help us to save time. Due to the fact that we can access the organization directly, we will hand out the questionnaire to each respondent and collect it later. Therefore, we are using a delivery and collection questionnaire strategy. The types of variables we want to collect by using a questionnaire are opinion variables. Opinion variables record how respondents feel about something or whether they think or believe that something is true or false (Saunders et al., 2007). This will support our vision of getting an insight on the employee perspective in this particular organization. The style of question will be a mixture of open questions and closed questions. Saunders et al. (2007) define open questions as questions that allow respondents to give answers in their own way. In contrast, closed questions provide a number of alternatives or suggested answers from which the respondent has to choose. This will lead to the fact that we can ensure that some answer possibilities will not be too limited in order to not miss out on any important information. The open questions will be used in order to find out what the biggest problems are in the point of view of the agents. In contrast, closed questions will ensure that we will just get the information and data we intend to collect. The way we chose to distribute our questionnaire was non-probability sampling. This was the most sufficient method to reach the agents due to the fact that not all agents work at the same time. We hand out the questionnaire to any agent possible since all cases are equal due to the fact that all agents work with the same systems. 12

17 In our point of view, the most appropriate sampling technique was purposive sampling. This means that the researcher uses his judgment to select cases that will best enable him to answer the research questions and to meet the objectives. Total number of responses 10 Total response rate = = Total number in sample ineligible 22 0 = 0.45 = 45% Total number of responses Active response rate = Total number in sample (ineligible + unreachable) 10 = = 0.45 = 45 % 22 (0 + 0) The total and actual response rate is about 45%. The reason for this is that we interviewed ten out of 22 agents of the sales department. We achieved a 100% responds rate from the agents we interviewed. We missed out on 12 agents due to the fact that most of the agents are part-time employed. Therefore, the chance to meet all agents at the same time is not given. However, since all the agents work on identical tasks and with the same equipment the number of agents interviewed can be seen as representative. Moreover, they all work on the same level and their position within the company is the same. In our case, ten agents was a sufficient number in order to identify the main part and most important aspects and problems related to their work with the information systems of the organization Analyzing techniques of questionnaire The questionnaire is analyzed by using qualitative and quantitative techniques. The results will be displayed in a bar chart according to how many respondents have mentioned particular problems. This will give the reader the advantage of getting a quick overview of the problems identified by the agents and the most mentioned problems. Moreover, to display the results in a more detailed way, the answers of the questionnaire are presented in a qualitative way. This is done partly in the analysis section and the complete results of the questionnaire can be found in appendix 5. Therefore, we can focus on the most important facts concerning our research without leaving any facts away from the reader. 13

18 3 Theoretical Framework This section will cover important literature and theories already written. Through our research techniques we choose the following concepts to present: Steps in creating a successful Business Continuity Process, Training, Risk Management and Soft Systems Methodology. The displayed concepts will help to analyze our empirical data and draw the conclusions. 3.1 Steps in creating a successful Business Continuity Process To establish a Business Continuity Plan there is a guideline to follow developed by Karakasidis (1997) which consists of eleven components. These components are supposed to be used in conjunction with a risk management process. Hereby a brief explanation of the components will be presented: 1. Obtain top management approval and support. The managers need to support the BCP with the required resources and funds. They also need to fully understand and approve the plan in order to carry it out. 2. Establish a business continuity planning (BCP) committee. The committee is supposed to deal with the objectives and scope together with the development of the plan, but also to report, test, and maintain the business recovery processes. 3. Perform business impact analyses. The business impact analysis (BIA) is about the identification of the potential risks and how to carry out a preventive plan, together with the most reasonable resources. In order to perform an efficient impact analyses Wan (2009) suggests the following steps: Define assumptions and scope of project for which BIA is being conducted. Develop a survey or questionnaire to gather necessary information. Identify and notify the appropriate survey recipients. Distribute the survey and collect responses. Review completed surveys and conduct follow-up interviews with respondents as needed. Modify survey responses based on follow-up interviews. Analyze survey data. Verify results with respondents. Prepare report and findings to senior management. 4. Evaluate critical needs and prioritize business requirements. This stage is about the evaluation of processes and resources that are of need, in order to continue the business operations. 14

19 5. Determine the business continuity strategy and associated recovery process. This step is about reviewing the components and defining the recover strategy which can help the organization to restore from a failure. 6. Prepare business continuity strategy and its implementation plan for executive management approval. Creating a manual with the necessary information about the strategies which can be rolled out for any department is of great importance. This will include the tasks, standards, and responsibilities together with other details in order to recover from a failure. 7. Prepare business recovery plan With the help from a template all information and data concerning the recovery will be put into a larger plan. 8. Develop the testing criteria and procedures. This step can be seen as a plan for a training mechanism and is created to test and understand how well the recovery plan works. 9. Test the business recovery process and evaluate test results. A key component is to have meetings regularly before, during, and after the implementation of the plan in order to evaluate the business continuity plan. In this step the testing of the recovery procedures takes part. 10. Develop/review service level agreement(s) (SLAs). To reach a balanced service level agreement between two parties, in order to function synchronously. 11. Update/revise the business recovery procedures and templates. The continuous maintenance is done in order to prevent that all the procedures have to become redeveloped. Instead it is more efficient to continuously update the procedures by responding to changes, keeping the staff updated, and having an ongoing testing of the plan. 3.2 Training Morwood (1998) distinguish between two different types of training best suited to business continuity training. These types are awareness training and scenario training. Awareness training intends to give all members of the organization an appropriate level of understanding of the Business Continuity Plan. This type of training consists of two sub-division, introductory awareness training and detailed awareness training. 15

20 Introductory awareness training briefs all members of the organization who will have an indirect role in the execution of the Business Continuity Plan. In general, a 60 minutes session about the framework, strategies, and important procedures under the plan should be enough to inform the staff. Detailed awareness training, in contrast, is aiming to educate the members of the organization who will have a direct role in the execution of the business continuity plan. Morwood (1998) suggests that a half-day session should be sufficient to educate the staff about all aspects of the Business Continuity Plan. The information covered in this session is almost the same as in the introductory session, only more detailed. Another important part of the detailed awareness training is to focus on the precise roles and responsibilities each staff member will have under the Business Continuity Plan. In general, awareness training should be conducted for all members of the organization upon the establishment of the Business Continuity Plan or following significant changes to it. Moreover, it should be conducted for all newly hired employees and for those people who have moved into new positions or responsibility areas. The second type of training is scenario training. Morwood (1998) suggests that this type of training should be conducted as a follow up of the awareness training. Scenario training should be conducted at a level as appropriate as possible compared to the crisis or disaster situation. In Morwood s approach scenario training includes practical exercises designed to confirm employees understanding of the Business Continuity Plan. Moreover, it is aimed to raise their skill levels in the execution of the tasks and to identify potential weaknesses and issues relating to further development of the Business Continuity Plan. Morwood (1998) divides scenario training into three distinct variants of training - desktop exercises, call-out exercises, and operational exercises. Desk-top exercises are taken place within the office environment and participants are just required to assess and comment on how they would react to various scenarios. During call-out exercises participants are required to contact key staff members with responsibilities under the Business Continuity Plan and confirm their availability and recall time. Operational exercises will be practiced with full operational response to the exercise scenario. The Business Continuity Plan will be physically implemented by the exercise participants. Due to cost issues, normally, the activation of outside resources is not involved in the training sessions. 3.3 Risk Management A risk is a potential problem, a situation that, if it materializes, will adversely affect the project. Risks that materialize are no longer risks, they are problems. All projects have risks, and all risks are ultimately handled. Some disappear, some develop into problems that demand attention, and a few escalate into crises that destroy projects and careers. The goal of risk management is to ensure that risks never fall into the third category. (Hallows, 2005 p.96) A risk is a possible unplanned event. It can be positive or negative. In project management the success of our projects depends on our ability to predict a particular outcome. Since risks are the unpredictable part of the project, it is important for us to be 16

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers

More information

Master of Science in Management

Master of Science in Management Programme Syllabus for Master of Science in Management 120 higher education credits Second Cycle Established by the Faculty Board of the School of Business, Economics and Law, University of Gothenburg,

More information

The effects of organizational structure and rules on banks risk management

The effects of organizational structure and rules on banks risk management The effects of organizational structure and rules on banks risk management - A comparative case study of three major banks in Sweden Authors: Supervisor: Andreas Lindè Erik Wallgren Per Nilsson Student

More information

Exploring the directions and methods of business development. A comparative multiple-case study on Ikea and Vodafone

Exploring the directions and methods of business development. A comparative multiple-case study on Ikea and Vodafone Exploring the directions and methods of business development A comparative multiple-case study on Ikea and Vodafone Michal Štefan Aalborg University Master thesis for MSc. in International Business Economics

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Business Risk Consulting Group. Strengthening Business Resilience

Business Risk Consulting Group. Strengthening Business Resilience Business Risk Consulting Group Strengthening Business Resilience From our board of directors viewpoint on corporate governance, the business impact analysis allowed us to demonstrate that we had considered,

More information

INTERNATIONAL CONSULTING FIRMS IN RUSSIA

INTERNATIONAL CONSULTING FIRMS IN RUSSIA INTERNATIONAL BUSINESS MASTER THESIS NO 2000:23 INTERNATIONAL CONSULTING FIRMS IN RUSSIA A STUDY ON HOW TO UNDERTAKE EFFECTIVE CONSULTING SERVICES IN THE RUSSIAN BUSINESS ENVIRONMENT ÅSA ARENCRANTZ AND

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

STUDENT THESIS PROPOSAL GUIDELINES

STUDENT THESIS PROPOSAL GUIDELINES STUDENT THESIS PROPOSAL GUIDELINES Thesis Proposal Students must work closely with their advisor to develop the proposal. Proposal Form The research proposal is expected to be completed during the normal

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Crucial development areas for organizations and how to succeed in them. Leadership Development & Coaching

Crucial development areas for organizations and how to succeed in them. Leadership Development & Coaching INNONews Crucial development areas for organizations and how to succeed in them Innotiimi newsletter 2010 Leadership Development & Coaching Change Team Innovation Meaningful Meetings Global Challenges

More information

This alignment chart was designed specifically for the use of Red River College. These alignments have not been verified or endorsed by the IIBA.

This alignment chart was designed specifically for the use of Red River College. These alignments have not been verified or endorsed by the IIBA. Red River College Course Learning Outcome Alignment with BABOK Version 2 This alignment chart was designed specifically for the use of Red River College. These alignments have not been verified or endorsed

More information

A CYCLIC APPROACH TO BUSINESS CONTINUITY PLANNING

A CYCLIC APPROACH TO BUSINESS CONTINUITY PLANNING A CYCLIC APPROACH TO BUSINESS CONTINUITY PLANNING JACQUES BOTHA AND ROSSOUW VON SOLMS Port Elizabeth Technikon, s9600426@petech.ac.za and rossouw@petech.ac.za Key words: Abstract: Business Continuity Planning

More information

The Implementation of Reverse Mortgage in Sweden

The Implementation of Reverse Mortgage in Sweden The Implementation of Reverse Mortgage in Sweden - A Financial Institution Perspective Authors: Supervisor: Jacob Bergman Viktor Setterqvist Catherine Lions Student Umeå School of Business and Economics

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Master s Programme in International Administration and Global Governance

Master s Programme in International Administration and Global Governance Programme syllabus for the Master s Programme in International Administration and Global Governance 120 higher education credits Second Cycle Confirmed by the Faculty Board of Social Sciences 2015-05-11

More information

- A business strategy resource?

- A business strategy resource? J Ö N K Ö P I N G I N T E R N A T I O N A L B U S I N E S S S C H O O L JÖNKÖPING UNIVERSITY Chief Information Officer - A business strategy resource? Bachelor thesis in Informatics Authors: Tutor: Bengtsson

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

Business continuity: awareness and training programmes

Business continuity: awareness and training programmes Gregory Morwood Senior Manager Security Services, KPMG Management Consulting, Melbourne, Australia States that business survival depends on the assured continuity of core business activities and supporting

More information

Business Continuity Planning Instructions

Business Continuity Planning Instructions Business Continuity Planning Instructions Business continuity planning is a proactive planning process that ensures critical services or products are delivered during a disruption. In creating the plan,

More information

DESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST

DESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST CONTENTS A Brief Introduction... 3 Where is the Value?... 3 How Can We Control Costs?... 5 The Delivery Mechanism... 7 Strategies to Deliver Training and Awareness... 8 Proving Training/Awareness Program

More information

3 Keys to Preparing for CRM Success: Avoid the Pitfalls and Follow Best Practices

3 Keys to Preparing for CRM Success: Avoid the Pitfalls and Follow Best Practices CRM Expert Advisor White Paper 3 Keys to Preparing for CRM Success: Avoid the Pitfalls and Follow Best Practices Ten years ago, when CRM was nascent in the market, companies believed the technology alone

More information

CHAPTER THREE: METHODOLOGY. 3.1. Introduction. emerging markets can successfully organize activities related to event marketing.

CHAPTER THREE: METHODOLOGY. 3.1. Introduction. emerging markets can successfully organize activities related to event marketing. Event Marketing in IMC 44 CHAPTER THREE: METHODOLOGY 3.1. Introduction The overall purpose of this project was to demonstrate how companies operating in emerging markets can successfully organize activities

More information

Business Continuity Management Planning Methodology

Business Continuity Management Planning Methodology , pp.9-16 http://dx.doi.org/10.14257/ijdrbc.2015.6.02 Business Continuity Management Planning Methodology Dr. Goh Moh Heng, Ph.D., BCCLA, BCCE, CMCE, CCCE, DRCE President, BCM Institute moh_heng@bcm-institute.org

More information

Deriving Value from ORSA. Board Perspective

Deriving Value from ORSA. Board Perspective Deriving Value from ORSA Board Perspective April 2015 1 This paper has been produced by the Joint Own Risk Solvency Assessment (ORSA) Subcommittee of the Insurance Regulation Committee and the Enterprise

More information

DESCRIPTION OF COURSES

DESCRIPTION OF COURSES DESCRIPTION OF COURSES MGT600 Management, Organizational Policy and Practices The purpose of the course is to enable the students to understand and analyze the management and organizational processes and

More information

Master of Science in Management

Master of Science in Management Programme Syllabus for Master of Science in Management 120 higher education credits Second Cycle Established by the Faculty Board of the School of Business, Economics and Law, University of Gothenburg,

More information

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan? Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps

More information

Disaster Recovery Process

Disaster Recovery Process Disaster Recovery Process Getting Back to Business After Unforeseen Events Review of Potential Disasters Step-by-step Process for Creating Disaster Recovery Protocols System for Resuming Operations After

More information

Guide to Market Research and Analysis

Guide to Market Research and Analysis The Orangeville & Area Small Business Enterprise Centre (SBEC) 87 Broadway, Orangeville ON L9W 1K1 519-941-0440 Ext. 2286 or 2291 sbec@orangeville.ca www.orangevillebusiness.ca Supported by its Partners:

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business

More information

Preparing for the Convergence of Risk Management & Business Continuity

Preparing for the Convergence of Risk Management & Business Continuity Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today

More information

New Product Development Process Goes Global: A qualitative study of rethinking traditional concepts

New Product Development Process Goes Global: A qualitative study of rethinking traditional concepts New Product Development Process Goes Global: A qualitative study of rethinking traditional concepts Authors: Cristian Darasteanu Maria Moskalenko Supervisor: Per Nilsson Student Umeå School of Business

More information

Prudential Standard LPS 232

Prudential Standard LPS 232 Prudential Standard LPS 232 Business Continuity Management Objective and key requirements of this Prudential Standard This Prudential Standard aims to ensure that each life company implements a whole of

More information

Assessing The Relative Importance of Information Security Governance Processes

Assessing The Relative Importance of Information Security Governance Processes Assessing The Relative Importance of Information Security Governance Processes Master Thesis Stockholm, Sweden 2011 XR-EE-ICS 2011:002 ASSESSING THE RELATIVE IMPORTANCE OF INFORMATION SECURITY GOVERNANCE

More information

TRAINING NEEDS ANALYSIS

TRAINING NEEDS ANALYSIS TRAINING NEEDS ANALYSIS WHAT IS A NEEDS ANALYSIS? It is a systematic means of determining what training programs are needed. Specifically, when you conduct a needs analysis, you Gather facts about training

More information

Business Continuity Position Description

Business Continuity Position Description Position Description February 9, 2015 Position Description February 9, 2015 Page i Table of Contents General Characteristics... 2 Career Path... 3 Explanation of Proficiency Level Definitions... 8 Summary

More information

Factors Influencing the Adoption of Biometric Authentication in Mobile Government Security

Factors Influencing the Adoption of Biometric Authentication in Mobile Government Security Factors Influencing the Adoption of Biometric Authentication in Mobile Government Security Thamer Omar Alhussain Bachelor of Computing, Master of ICT School of Information and Communication Technology

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

INFOSEC.MY KNOWLEDGE SHARING SESSION

INFOSEC.MY KNOWLEDGE SHARING SESSION INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have

More information

How to write your research proposal

How to write your research proposal How to write your research proposal by Maria Joyce, Lecturer, Faculty of Health and Social Care, University of Hull June 2004 The writing of a research proposal is generally understood to be a part of

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

University of Glasgow. Policy for. Business Continuity Management

University of Glasgow. Policy for. Business Continuity Management University of Glasgow Policy for Business Continuity Management 1 Policy Statement The University of Glasgow is committed to delivering the highest possible quality of service to our students, and the

More information

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL DRAFT TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL An initial draft proposal to determine the scale, scope and requirements of a team productivity development improvement program for a potential client Team

More information

Consulting projects: What really matters

Consulting projects: What really matters Consulting projects: What really matters The factors that influence the success of management consulting projects Case 138: het 'Zwijsen future proof' project met de inzet van GEA Results PhD 2014, Bart

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team Role of the Board Risk Appetite Strategy, Planning and Performance Risk Governance Framework Assembling an effective team Role of the CEO Accountability and Disclosure 1 Board members should act on a fully

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Modeling Customer Behavior in Multichannel Service Distribution: A Rational Approach D. Heinhuis

Modeling Customer Behavior in Multichannel Service Distribution: A Rational Approach D. Heinhuis Modeling Customer Behavior in Multichannel Service Distribution: A Rational Approach D. Heinhuis Appendix 4 Summary Research question Most organizations have innovated their distribution strategy and adopted

More information

(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For

(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For Unofficial Translation by the courtesy of The Foreign Banks' Association This translation is for the convenience of those unfamiliar with the Thai language. Please refer to the Thai text for the official

More information

Factsheet: Market research

Factsheet: Market research Factsheet: Market research A close understanding of the local childcare market and your customers needs is essential in order for your childcare business to succeed. Performing market research on potential

More information

Research Philosophies Importance and Relevance

Research Philosophies Importance and Relevance Research Philosophies Importance and Relevance 0. INTRODUCTION When undertaking research of this nature, it is important to consider different research paradigms and matters of ontology and epistemology.

More information

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE

THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE When it comes to building a business continuity management (BCM) program that s complete, current, and compliant, there is no substitute for

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Business Continuity Management AIRM Presentation

Business Continuity Management AIRM Presentation 16 January, 2008 Business Continuity Management AIRM Presentation David Hamilton, Senior Consultant http://www.marsh.ie Presentation Overview Terms used for BCP Where BCM fits in a business plan Business

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Anchoring change in non-profit organizations

Anchoring change in non-profit organizations Anchoring change in non-profit organizations TEIO13 2013-12-12 Sofia Georgsson, sofge522 Louise Johnsson, loujo908 Hilda Lycke, hilly963 DPU5 Introduction This report is a part of the course TEIO13 Leadership

More information

Using the Organizational Cultural Assessment (OCAI) as a Tool for New Team Development

Using the Organizational Cultural Assessment (OCAI) as a Tool for New Team Development Using the Organizational Cultural Assessment (OCAI) as a Tool for New Team Development Jeff Suderman Regent University The Organizational Cultural Assessment Instrument (OCAI) is a psychometric tool developed

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

D2-02_01 Disaster Recovery in the modern EPU

D2-02_01 Disaster Recovery in the modern EPU CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October

More information

Chapter: IV. IV: Research Methodology. Research Methodology

Chapter: IV. IV: Research Methodology. Research Methodology Chapter: IV IV: Research Methodology Research Methodology 4.1 Rationale of the study 4.2 Statement of Problem 4.3 Problem identification 4.4 Motivation for the research 4.5 Comprehensive Objective of study

More information

Documentation. Disclaimer

Documentation. Disclaimer HOME UTORprotect DOCUMENTATION AMS/ROSI SERVICES CONTACT Documentation Disaster Recovery Planning Disaster Recovery Planning Disclaimer The following project outline is provided solely as a guide. It is

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES June 2003 TABLE OF CONTENTS 1.0 INTRODUCTION... 1 1.1 READINESS IS YOUR ONLY PROTECTION... 1 1.2 APPLICATION OF THE GUIDELINES...

More information

Factors for the Acceptance of Enterprise Resource Planning (ERP) Systems and Financial Performance

Factors for the Acceptance of Enterprise Resource Planning (ERP) Systems and Financial Performance Factors for the Acceptance of Enterprise Resource Planning (ERP) Systems and Financial Performance Ayman Bazhair and Kamaljeet Sandhu Abstract The purpose of this research paper to present the synthesized

More information

SigmaRADIUS Leadership Effectiveness Report

SigmaRADIUS Leadership Effectiveness Report SigmaRADIUS Leadership Effectiveness Report Sample Report NOTE This is a sample report, containing illustrative results for only two dimensions on which 360 performance ratings were obtained. The full

More information

November 2007 Recommendations for Business Continuity Management (BCM)

November 2007 Recommendations for Business Continuity Management (BCM) November 2007 Recommendations for Business Continuity Management (BCM) Recommendations for Business Continuity Management (BCM) Contents 1. Background and objectives...2 2. Link with the BCP Swiss Financial

More information

Leading Associations and Nonprofit Organizations: Challenges for Senior Executives

Leading Associations and Nonprofit Organizations: Challenges for Senior Executives Leading Associations and Nonprofit Organizations: Challenges for Senior Executives (PADM 5472, Policy Seminar; PANL 5772: Special Topics in Organizational Leadership and Management) Course for Philanthropy

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

Qualitative methods for effectiveness evaluation: When numbers are not enough

Qualitative methods for effectiveness evaluation: When numbers are not enough Chapter 7 Qualitative methods for effectiveness evaluation: When numbers are not enough 7.1 Introduction 7.2 Methods of collecting qualitative information 7.2.1 Interviews and focus groups 7.2.2 Questionnaires

More information

Section 4: Key Informant Interviews

Section 4: Key Informant Interviews UCLA CENTER FOR HEALTH POLICY RESEARCH Section 4: Key Informant Interviews Purpose Key informant interviews are qualitative in-depth interviews with people who know what is going on in the community. The

More information

This report provides the project s findings, including its three practical, actionable products:

This report provides the project s findings, including its three practical, actionable products: Executive Summary Security metrics support the value proposition of an organization s security operation. Without compelling metrics, security professionals and their budgets continue largely on the intuition

More information

Active Directory Auditing The Need and Result

Active Directory Auditing The Need and Result Jai hanumaan www.lepide.com Active Directory Auditing The Need and Result Whitepaper 2013 What are IT Audits? Increasing number of cases of malpractices and lackadaisical approach towards handling sensitive

More information

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the

More information

Designing a business continuity training program to maximize value and minimize cost

Designing a business continuity training program to maximize value and minimize cost Designing a business continuity training program to maximize value and minimize cost Susan Yardis Introduction Employees are often unaware of the existence of a business continuity management program within

More information

Incident Management & Communications. Top 8 Focus Areas to Mitigate Risk

Incident Management & Communications. Top 8 Focus Areas to Mitigate Risk Incident Management & Communications Top 8 Focus Areas to Mitigate Risk Incident Management & Communications Top 8 Focus Areas to Mitigate Risk Delays and errors in operational communications happen every

More information

The role of the marketing department in Danish companies: Drivers for influence

The role of the marketing department in Danish companies: Drivers for influence 42 nd EMAC Annual Conference Istanbul, June 2013 The role of the marketing department in Danish companies: Drivers for influence Suzanne C. Beckmann, Michala Jalving & Sarah Rohde Olsen Copenhagen Business

More information

An Introduction to SharePoint Governance

An Introduction to SharePoint Governance An Introduction to SharePoint Governance A Guide to Enabling Effective Collaboration within the Workplace Christopher Woodill Vice President, Solutions and Strategy christopherw@navantis.com 416-477-3945

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

" # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12

 # $% %&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12 ! " # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12 Objectives...3 1. Why run an exercise?...3 2. What sort of exercises are there?...3 Call Tree:...4 Walk Through:...4 Table Top:...4

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Information Security- Perspective for Management Business Impact Analysis ( BIA ) and Business

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve

More information

Analyzing Research Articles: A Guide for Readers and Writers 1. Sam Mathews, Ph.D. Department of Psychology The University of West Florida

Analyzing Research Articles: A Guide for Readers and Writers 1. Sam Mathews, Ph.D. Department of Psychology The University of West Florida Analyzing Research Articles: A Guide for Readers and Writers 1 Sam Mathews, Ph.D. Department of Psychology The University of West Florida The critical reader of a research report expects the writer to

More information

Undergraduate Psychology Major Learning Goals and Outcomes i

Undergraduate Psychology Major Learning Goals and Outcomes i Undergraduate Psychology Major Learning Goals and Outcomes i Goal 1: Knowledge Base of Psychology Demonstrate familiarity with the major concepts, theoretical perspectives, empirical findings, and historical

More information

THE STANDARD FOR DOCTORAL DEGREES IN LAW AT THE FACULTY OF LAW, UNIVERSITY OF TROMSØ

THE STANDARD FOR DOCTORAL DEGREES IN LAW AT THE FACULTY OF LAW, UNIVERSITY OF TROMSØ THE FACULTY OF LAW THE STANDARD FOR DOCTORAL DEGREES IN LAW AT THE FACULTY OF LAW, UNIVERSITY OF TROMSØ Guidelines for the Faculty of Law in Tromsø, adopted by the Faculty Board on 31 May 2010. 1 Background

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Ten Steps to Comprehensive Project Portfolio Management Part 8 More Tips on Step 10 By R. Max Wideman Benefits Harvesting

Ten Steps to Comprehensive Project Portfolio Management Part 8 More Tips on Step 10 By R. Max Wideman Benefits Harvesting August 2007 Ten Steps to Comprehensive Project Portfolio Management Part 8 More Tips on Step 10 By R. Max Wideman This series of papers has been developed from our work in upgrading TenStep's PortfolioStep.

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical

More information