Business continuity management at Banif: Defining and selecting recovery strategies

This project aims to delineate recovery strategies for a Portuguese Bank, as a way to increase its preparedness towards unexpected disruptive events, thus avoiding an operational crisis escalation. For this purpose, Business Continuity material was studied, a risk assessment performed, a business impact analysis executed and new strategic framework for selecting strategies adopted. In the end, a set of recovery strategies were chosen that better represented the Bank’s appetite for risk, and recommendations given for future improvements.

A Business continuity management maturity model : the search for an ISO 22301 Compliant BCM Maturity model

BCM (business continuity Management) is a holistic management process aiming at ensuring business continuity and building organizational resilience. Maturity models offer organizations a tool for evaluating their current maturity in a certain process. In the recent years BCM has been subject to international ISO standardization, while the interest of organizations to bechmark their state of BCM agains standards and the use of maturity models for these asessments has increased. However, although new standards have been introduced, very little attention has been paid to reviewing the existing BCM maturity models in research - especially in the light of the new ISO 22301 standard for BCM. In this thesis the existing BCM maturily models are carefully evaluated to determine whetherthey could be improved. In order to accomplish this, the compliance of the existing models to the ISO 22301 standard is measured and a framework for assessing a maturitymodel´s quality is defined. After carefully evaluating the existing frameworks for maturity model development and evaluation, an approach suggested by Becker et al. (2009) was chosen as the basis for the research. An additionto the procedural model a set of seven research guidelines proposed by the same authors was applied, drawing on the design-science research guidelines as suggested by Hevner et al. (2004). Furthermore, the existing models´ form and function was evaluated to address their usability. Based on the evaluation of the existing BCM maturity models, the existing models were found to have shortcomings in each dimension of the evaluation. Utilizing the best of the existing models, a draft version for an enhanced model was developed. This draft model was then iteratively developed by conducting six semi-structured interviews with BCM professionals in finland with the aim of validating and improving it. As a Result, a final version of the enhanced BCM maturity model was developed, conforming to the seven key clauses in the ISO 22301 standard and the maturity model development guidelines suggested by Becker et al. (2009).

A segurança das infraestruturas críticas em Portugal

Portugal, having responsibilities at European level, needs to ensure compliance with European standards, particularly with regard to the European Security Plan for Critical Infrastructures. National critical infrastructures should be a focus of attention with regard to the management of public risks, since these represent "a set of services that are essential to the functioning of the country and the functioning of the forces that ensure national defense." (Soares, 2008) This contribution on national critical infrastructures (CI) has the essential objective of clarifying the development of the strategy adopted by Portugal in pursuit of the security of these fundamental infrastructures. The goal lies not only through producing a descriptive document, but also carry a brief confrontation between the legal framework related to these subjects and the reality in which the Critical Infrastructure Operators and the National Civil Protection Authority (ANPC) operate. It is intended, in this sense, to understand the development of the project for the national security program of critical infrastructures and what effects of its measures on operators. As for the methodology, we followed a methodological strategy, where we combine the literature with data obtained through semi-structured interviews. Portugal, being a geographically peripheral country and having no record of incidents capable of causing major contingencies in key services for the normal development of society, does not have a structured and regulator plan that substantiates the need for operators responsible for CI to invest in security. This same approach is expected at the State level, believing that even though this theme has be widely explored by international institutions, Portugal has not yet tried to give the attention it deserves. Without the existence of an institution and a regulatory system, CI operators can become less available to comply with the legal framework.

Tietojärjestelmien riskit osana liiketoiminnan jatkuvuuden hallintaa

Tietojärjestelmät ovat kehittyneet kriittisiksi tekijöiksi yritysten liiketoiminnassa. Niitä on vaikea tai lähes mahdoton korvata. Toisaalta tietojärjestelmät ovat edesauttaneet yrityksiä tehostamaan toimintaansa. Yrityksen toimialalla tai koolla ei nykyään ole merkitystä erilaisten tietoteknisten järjestelmien ja sovellusten hyödyntämisessä. Riskienhallinnan avulla yritys pyrkii ennaltaehkäisemään tunnettuja riskejä. Liiketoiminnan jatkuvuudenhallinta pyrkii puolestaan varautumaan riskin aiheuttamaan liiketoiminnan häiriöön ja siitä toipumiseen. Tietojärjestelmien ollessa korvaamattomia tulee yrityksen kohdistaa resursseja ennaltaehkäiseviin toimiin, lisäksi sen on pyrittävä lyhentämään häiriöstä toipumisen aikaa. Tutkimuksen tarkoituksena oli tunnistaa kohdeyrityksen tietojärjestelmien merkittävimmät riskit, jotka uhkaavat oleellisesti liiketoiminnan jatkuvuutta. Liiketoiminnan jatkuvuuden tarkastelussa hyödynnettiin yrityksen käyttämää suorituskykymittaristoa (Balanced Score Card). Työllä tuetaan yrityksen laatujärjestelmän vaatimuksia liiketoiminnan turvaamisessa. Tutkielma toteutettiin pääasiassa teemahaastatteluiden muodossa, laadullista tutkimusmenetelmää hyödyntäen. Tutkimuksessa todettiin yrityksen tietojärjestelmien ja niiden ylläpidon olevan hyvällä tasolla. Muutamia kriittisiä vikaantumispisteitä kuitenkin havaittiin, joiden pohjalta laadittiin kehitysehdotuksia tietojärjestelmien vikasietoisuuden parantamiseksi liiketoiminnan jatkuvuudenhallinnan näkökannalta.

Liiketoiminnan jatkuvuuden turvaaminen – tietohallinnon näkökulma

Diplomityö on tehty Suur-Savon Sähkö Oy:lle koskien liiketoiminnan jatkuvuuden turvaamista yrityksen IT-palveluissa. Työn tavoitteena oli selvittää Suur-Savon Sähkön liiketoiminnan jatkuvuuden turvaamisen tilaa IT-palveluissa ja antaa kehitysehdotuksia sen parantamiseksi. Työn teoreettinen tausta rakentuu tietohallinnon johtamisen, IT-palveluiden tuottamisen ja liiketoiminnan jatkuvuudenhallinnan ympärille. Tutkittaessa liiketoiminnan jatkuvuuden turvaamista IT-palveluissa, on olennaista ymmärtää tietohallinnon rooli yrityksessä ja miten tietohallintoa ja sen tuottamia palveluja johdetaan. Yhtä olennaista on ymmärtää liiketoiminnan jatkuvuudenhallinnan periaatteet ja niiden yhteys IT-palveluiden tuottamiseen. Työssä tutkittiin lomakehaastattelun, yhtiön sisäisten dokumenttien ja tutkijan tekemien havaintojen keinoin liiketoiminnan jatkuvuudenhallinnan tilaa Suur-Savon Sähkön IT-palveluissa. Työn tuloksena syntyi joukko kehitysehdotuksia, joiden avulla liiketoiminnan jatkuvuuden turvaamisen tilaa Suur-Savon Sähkön IT-palveluissa voitaisiin parantaa. Työn keskeiset tulokset liittyvät liiketoiminnan ja tietohallinnon yhteistyön kehittämiseen, jatkuvuudenhallinnan osaamistason kohottamiseen ja järjestelmällisen jatkuvuudenhallinnan käynnistämiseen koko konsernissa.

Dynamics AX -toiminnanohjausjärjestelmän jatkuvuudenhallinta ja toipumissuunnitelma - Simulaatiotestausmalli: case CGI Suomi Oy

Nyky-yhteiskunta nojautuu vahvasti tietojärjestelmiin luoden laajemman arkkitehtuurisen kokonaisuuden, kybertoimintaympäristön. Liiketoimintaa tukevat tietojärjestelmät tukevat myös organisaatioiden prosesseja kokonaisvaltaisesti. Jotta näitä tärkeitä kyberympäristön tietojärjestelmä- sekä liiketoimintaympäristöresursseja pystytään käyttämään, tulee järjestelmien olla luotettavia ja sovellusten saatavilla vuorokauden ympäri tai aina tarvittaessa. Tilanteet, joissa järjestelmän käytettävyys vaarantuu, voivat eskaloitua yllättäen suuremmiksi, jos poikkeustilanteisiin ei ole varauduttu. Poikkeustilanteisiin varautumiseen tarvitaan jatkuvuudenhallintaa, joka on kiinteästi osa kattavampaa IT-strategiaa ja koko yhteiskunta-/yrityskulttuuria. Työ on toteutettu yhdistäen empiriaa ja teoriaa eli tavoitteena on teoreettisen tietämyksen ja käytännön kokemuksellisen oppimisen ja tietämyksen kautta luoda konstruktiivisella otteella toipumissuunnitelman testauksessa käytettävä simulaatiotestausmalli. Dynamics AX -toiminnanohjausjärjestelmän toipumissuunnitelman simulaatiotestausmallista rakentui selkeä ja kevyt työkalu asiakasyritysten toipumissuunnitelman simulaatiotestauksiin. Diplomityössä kuvatuilla keinotekoisilla järjestelmän häiriötilanteilla pystytään simuloimaan Dynamics AX:n toipumissuunnitelman testauksissa oikeita häiriötilanteita suhteellisen kattavalla tasolla.

Desarrollo de un estado de la cuestión acerca de las interacciones entre el control de gestión y el aprendizaje organizacional.

Las organizaciones en la actualidad deben encontrar diferentes maneras de sobrevivir en un tiempo de rápida transformación. Uno de los mecanismos usados por las empresas para adaptarse a los cambios organizacionales son los sistemas de control de gestión, que a su vez permiten a las organizaciones hacer un seguimiento a sus procesos, para que la adaptabilidad sea efectiva. Otra variable importante para la adaptación es el aprendizaje organizacional siendo el proceso mediante el cual las organizaciones se adaptan a los cambios del entorno, tanto interno como externo de la compañía. Dado lo anterior, este proyecto se basa en la extracción de documentación soporte valido, que permita explorar las interacciones entre estos dos campos, los sistemas de control de gestión y el aprendizaje organizacional, además, analizar el impacto de estas interacciones en la perdurabilidad organizacional. ​

O impacto das práticas ITIL na flexibilidade organizacional - evidências empíricas em uma empresa multinacional de TI

The present work has as main objective the identification and impact analysis for the practice ITIL in the organizational flexibility of a multinational IT company, being this study of quali-quantitative and exploratory nature. To achieve this objective, some theoretical studies on bureaucracy, organization flexibility, control, IT governance and ITIL were done, as a form to better understand the research problem. For analysis effect a set of eleven ITIL process was considered in this research ¿ service desk, incident management, problem management, change management, configuration management, release management, service level management, availability management, capacity management, continuity management and finally IT financial services management ¿ grouped in its two core areas ¿ service support and service delivery. Then a scale was constructed and validated, on the basis of theoretical models developed by Volberda (1997), Tenório (2002) and Golden and Powell (1999), to measure the flexibility related to each process comprising the ITIL core. The dimensions adopted to measure flexibility were: organization design task, managerial task, IT impact on work force, HR management, efficiency impact, sensitivity, versatility and robustness. The instrument used in research was a semi-structured interview, which was divided in two parts. The data collection was performed with ten interviewed people from an IT multinational company, based on convenience, some were managers and there were users, some were ITIL certified and others not. The statistic tests of t student and Wilcoxon non-parametric were adopted. The result of the research indicated that the ITIL service support area, for possessing greater operational focus, presents flexibility trend. The opposite was found for the service delivery area, which has greater tactical focus. The results also suggest that the change management discipline was the one that contributed for the most flexibility inside the company, followed by incident management discipline and the service desk function.

Coercive, Normative, and Mimetic Influences on the Assimilation of BCM in Outsourcing Relationships

Today many business processes are based on IT systems. These systems are exposed to different threats, which may lead to failures of critical business pro-cesses. Thus, enterprises prepare themselves against threats and failures of critical IT systems by means of Business Continuity Management (BCM). The phe-nomenon of outsourcing introduces a new dimension to BCM. In an outsourcing relationship the client organization is still responsible for the continuity of its processes but does not have full control over the implemented business continuity measures. In this paper we build a research model based on institutional and assimilation theories to describe and explain how and why BCM is assimilated in outsourcing relationships. In our case studies we found evidence that primarily coercive and normative pressures influence the assimilation of BCM in outsourcing relationships and support the explanation of variation across enterprises. Mimetic pressures seem to influence the assimilation but do not explain variations.

Reputational Risk Management as a key element for business continuity and value maximization

This thesis reveals the topic of reputational risk management as a key element for business continuity and value maximization. The purpose of the work is to investigate reputational risk from the side of its definition, management (including legal requirements on this risk category) and measurement and to analyse reputational risk’s impact on business continuity and value maximization. To be able to do this, different respective articles, reports of financial institutions are gathered and constructive summaries and analysis are made. In order to deeply investigate the impact of reputational risk on business continuity and value maximization, it was chosen to study it from three aspects: 1) check the impact of stock valuation of 7 companies that experienced reputational catastrophe / risk, 2) analyse a case study on disagreements in management of reputational risk among case companies and impact on their respective performance, and 3) conduct a survey of financial sector companies in Liechtenstein to see how reputational risk management works in practice. The findings of the research showed a significant impact of reputation decadence on company’s value and trading volume, and showed crucial importance of post-crisis management for the company’s financial performance. The results of the qualitative research based on survey proved that companies consider reputational risk management as a one of the key elements for their business continuity and value maximization.

Richness of Lichen Species, Especially of Threatened Ones, Is Promoted by Management Methods Furthering Stand Continuity

Lichens are a key component of forest biodiversity. However, a comprehensive study analyzing lichen species richness in relation to several management types, extending over different regions and forest stages and including information on site conditions is missing for temperate European forests. In three German regions (Schwäbische Alb, Hainich-Dün, Schorfheide-Chorin), the so-called Biodiversity Exploratories, we studied lichen species richness in 631 forest plots of 400 m2 comprising different management types (unmanaged, selection cutting, deciduous and coniferous age-class forests resulting from clear cutting or shelterwood logging), various stand ages, and site conditions, typical for large parts of temperate Europe. We analyzed how lichen species richness responds to management and habitat variables (standing biomass, cover of deadwood, cover of rocks). We found strong regional differences with highest lichen species richness in the Schwäbische Alb, probably driven by regional differences in former air pollution, and in precipitation and habitat variables. Overall, unmanaged forests harbored 22% more threatened lichen species than managed age-class forests. In general, total, corticolous, and threatened lichen species richness did not differ among management types of deciduous forests. However, in the Schwäbische-Alb region, deciduous forests had 61% more lichen species than coniferous forests and they had 279% more threatened and 76% more corticolous lichen species. Old deciduous age classes were richer in corticolous lichen species than young ones, while old coniferous age-classes were poorer than young ones. Overall, our findings highlight the importance of stand continuity for conservation. To increase total and threatened lichen species richness we suggest (1) conserving unmanaged forests, (2) promoting silvicultural methods assuring stand continuity, (3) conserving old trees in managed forests, (4) promoting stands of native deciduous tree species instead of coniferous plantations, and (5) increasing the amount of deadwood in forests.

Human capital : opportunities to improve federal continuity planning guidance : report to the Chairman, Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Committee on Governmental Affairs, U.S. Senate /

"GAO-04-384."

Lack of access and continuity of adult health care: a national population-based survey

OBJECTIVE To describe the lack of access and continuity of health care in adults.METHODS A cross-sectional population-based study was performed on a sample of 12,402 adults aged 20 to 59 years in urban areas of 100 municipalities of 23 states in the five Brazilian geopolitical regions. Barriers to the access and continuity of health care and were investigated based on receiving, needing and seeking health care (hospitalization and accident/emergency care in the last 12 months; care provided by a doctor, by other health professional or home care in the last three months). Based on the results obtained by the description of the sample, a projection is provided for adults living in Brazilian urban areas.RESULTS The highest prevalence of lack of access to health services and to provision of care by health professionals was for hospitalization (3.0%), whilst the lowest prevalence was for care provided by a doctor (1.1%). The lack of access to care provided by other health professionals was 2.0%; to accident and emergency services, 2.1%; and to home care, 2.9%. As for prevalences, the greatest absolute lack of access occurred in emergency care (more than 360,000 adults). The main reasons were structural and organizational problems, such as unavailability of hospital beds, of health professionals, of appointments for the type of care needed and charges made for care.CONCLUSIONS The universal right to health care in Brazil has not yet been achieved. These projections can help health care management in scaling the efforts needed to overcome this problem, such as expanding the infrastructure of health services and the workforce.