Is your back-up IT infrastructure in a safe location? A multi-criteria approach to location analysis for business continuity facilities

Building redundant capacity into an organization’s information technology (IT) infrastructure is a standard part of business continuity planning (BCP). Traditionally, cost concerns have dominated the decision of where to locate the redundant facilities. However; recently managers are becoming more aware of the fact that the very issues that make the main IT facilities vulnerable to disruption (i.e. man-made or natural disasters) are likely to impact the redundant (back-up facilities as well. This complicates the process of selecting redundant facility location(s). The problem is essentially a multi-criteria decision problem, and can be addressed using the location analysis techniques that have been used in other domains in the past. Meanwhile, what make this context somewhat unique are the decision criteria and the rather subjective nature of the decision process. This paper provides a simple decision model for the problem, and illustrates the model with a case where relevant decision criteria are identified and the solution is obtained using a mix of objective and subjective decision techniques. We believe the paper is valuable because it presents an actionable methodology for practitioners involved in BCP. <br>

Is your back-up IT infrastructure in a safe location? A multi-criteria approach to location analysis for business continuity facilities

Building redundant capacity into an organization’s information technology (IT) infrastructure is a standard part of business continuity planning (BCP). Traditionally, cost concerns have dominated the decision of where to locate the redundant facilities. However; recently managers are becoming more aware of the fact that the very issues that make the main IT facilities vulnerable to disruption (i.e. man-made or natural disasters) are likely to impact the redundant (back-up facilities as well. This complicates the process of selecting redundant facility location(s). The problem is essentially a multi-criteria decision problem, and can be addressed using the location analysis techniques that have been used in other domains in the past. Meanwhile, what make this context somewhat unique are the decision criteria and the rather subjective nature of the decision process. This paper provides a simple decision model for the problem, and illustrates the model with a case where relevant decision criteria are identified and the solution is obtained using a mix of objective and subjective decision techniques. We believe the paper is valuable because it presents an actionable methodology for practitioners involved in BCP. <br>

A Review on Risk Management in Information Systems: Risk Policy, Control and Fraud Detection

Businesses are bombarded with great deals of risks, vulnerabilities, and unforeseen business interruptions in their lifetime, which negatively affect their productivity and sustainability within the market. Such risks require a risk management system to identify risks and risk factors and propose approaches to eliminate or reduce them. Risk management involves highly structured practices that should be implemented within an organization, including organizational planning documents. Continuity planning and fraud detection policy development are among the many critically important practices conducted through risk management that aim to mitigate risk factors, their vulnerability, and their impact. Information systems play a pivotal role in any organization by providing many benefits, such as reducing human errors and associated risks owing to the employment of sophisticated algorithms. Both the development and establishment of an information system within an organization contributes to mitigating business-related risks and also creates new types of risks associated with its establishment. Businesses must prepare for, react to, and recover from unprecedented threats that might emerge in the years or decades that follow. This paper provides a comprehensive narrative review of risk management in information systems coupled with its application in fraud detection and continuity planning.

What has time to do with risk? A preliminary communication

The reliability of risk techniques is of concern to academics and practitioners: if techniques are not reliable in their design, they cannot give reliable results. This paper briefly discusses risk velocity, which is a way of providing specificity to an understanding of risk through applying time as a lens. The research is a preliminary communication from initial Masters research. Risk velocity has been identified in the limited literature as being divided into three sections: time to cause, time to impact, and time to recover; each of which can assist an organisation to better understand their risk landscape and how risks link with business continuity planning. However, risk velocity has been the subject of limited research to validate the concept and reliability in practice, suggesting this a ‘white space’ meriting investigation (Cherry, 2010).

The Influence of Strategic Leadership, Business Continuity Planning and Supply Chain Resilience on Organizational Performance: Instrument Validation

Managing supply chain disruption needs to be considered an important activity for organizations. Supply chain risk management implies identifying, assessing, monitoring, and evaluating the potential risks across all supply chain members. The process of risk management emphasizes the improvement of supply chain performance through designing appropriate strategies. To be more precise, the chief responsibility in supply chain risk management is to ensure quality performance during crises and disruptions. Hence, identifying and validating risk-relevant factors that leads to superior business performance is necessary. This study aims to validate the instrument to measure the impact of factors associated with business performance i.e., strategic leadership, business continuity planning, and resilience to disruption. This paper contributes to the literature by developing a comprehensive model that strengthens a firm’s resilience to disruption and leads to superior business performance.

Pharmacy Requirements for a Comprehensive Cancer Center

A pharmacy in a comprehensive cancer center needs to be cognizant of new and emerging models of care that are integrated and patient-centered, attentive to cutting edge research, cancer treatment and different approaches to managing the entire spectrum of oncological care. Hence, the focus of pharmacy services should be on care deliverance that is timely and convenient, affordable and financially sustainable to fulfill quality assured pharmaceutical needs.The prerequisites to transformation from a brick-and-mortar pharmacy model to a progressive pharmacy is guided by the perspectives of investing in (1) human capital to retain and attract the best, (2) place to build a future-ready facility, (3) process to create greater value for patients by producing safe and quality products. The authors share their experience along these perspectives: a focus on staff development, training and well-being; a facility leveraging on automation, good manufacturing practice, and business continuity planning; processes to support medication use and new models of care.Technological disrupters such as the internet, social media, and AI are also changing the fabric of society. While future events may not take same form, they will require a deliberate effort from organization to navigate effectively and with agility. This chapter will also address the key considerations for a sustainable pharmacy in terms of self, environment and financial sustainability.

Digital transformation of compliance management - a strategic solution for business continuity

Introduction. Compliance is one of the crucial factors for the implementation of strategic solutions aimed at ensuring business continuity. It is vital both for performing previously assumed obligations and for meeting new requirements from stakeholders in a crisis. In today’s rapidly changing environment, businesses depend on information and information technologies and use them for business continuity planning, thus taking a proactive approach. In this regard, digital transformation of compliance management procedures is required. Purpose. To study modern digital transformation technologies which can be applied to compliance management procedures in order to ensure business continuity. Methodology. The main conclusions made in this article are based on general scientific methods: analysis, synthesis, comparison, deduction, and induction. Conclusions. Big data analysis, machine learning technologies, and robotic process automation allow for complete or partial automation of the following compliance management procedures: compliance risks analysis and prediction; a comprehensive check on the contractors and contract analysis; employee training; maintaining the systems reporting on compliance breaches; monitoring and identification of suspicious activity; internal investigations. Strategic decisions aimed at the automation of compliance management give a company an opportunity to quickly analyse data and assess compliance risks, to use valuable human resources for more complex tasks, to improve the discipline and the quality of employee training, and to maintain the required level of business operations during and after a crisis.

Views on business continuity and disaster recovery

PurposeThere is a noticeable confusion in the literature between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). The two expressions are very often used interchangeably especially when it comes to their application. In this paper, the differences between business continuity and disaster recovery are discussed. The disaster management cycle is also addressed in order to highlight the importance of having plans before, during and after the occurrence of an incident.Design/methodology/approachA review of the extant literature on business continuity and disaster recovery was made. A number of different views were then presented in order to provide a better understanding of the two concepts and their potential overlap/connection. The literature review was conducted in 2020 using a variety of academic resources ranging from journal articles to text books and credible Internet websites. Relevant journal articles were obtained from two primary databases: Emerald Insight and EBSCOhost. Keywords, such as DRP, continuity, disruption and BCP, were mainly used to facilitate the search for these resources and other related material.FindingsReviewing the literature revealed that BCP and DRP are not the same. Yet, they are used interchangeably very often in the literature. This indicates a possible relationship/overlap between the two. The relationship between BCP and DRP can be viewed from a variety of perspectives, which altogether provide a better understanding of their purposes and application.Practical implicationsOn top of the need to differentiate between business continuity and disaster recovery, the widespread impact of the current COVID-19 crisis, especially on businesses and supply chains, has unfolded the necessity to deal with business disruptions in all their forms and the significance of quick and effective recovery. This research clarifies the purpose of BCP and the purpose of DRP and their role in combating impacts of disruptive incidents on businesses and organizations.Originality/valueBCP and DRP are discussed extensively in the literature. Yet, few studies attempted to address the precise functions of the two resulting in an obvious confusion between their meaning and purpose which subsequently reduced the uniqueness of their application and the uniqueness of the application of each. Only a small minority of practitioners and academics recognise the precise differences between the two. This study aims at clarifying this misconception to a wider set of readers and interested parties.