Proposition d’un cadre méthodologique pour le management de la continuité d’activité : application à la prise en charge à domicile / A proposition of a methodological framework for the Business Continuity Management : application to homecare

Rejeb, Olfa

02 December 2013

Dans le contexte actuel, les technologies d'information et de communication sont reconnues comme un élément inévitable pour améliorer les pratiques métiers. Dans le secteur de la prise en charge à domicile, par exemple, elles sont un élément déterminant dans la faisabilité d'un tel service au patient. Cependant, ces organisations évoluent dans un environnement très dynamique et incertain. Au regard de ces perturbations endogènes et exogènes auxquelles sont confrontées les organisations, elles se doivent de réagir de manière agile aux aléas et faire preuve de résilience. Le management de la continuité d'activité (MCA) est une approche de management des organisations qui répond à ces attentes. C'est dans ce contexte que se situent nos travaux de thèse cofinancés par la région Midi-Pyrénées. Notre motivation est la définition d'un cadre méthodologique pour mettre en œuvre le management de la continuité d'activité au sein d'un système socio-technique, cadre qui soutiendrait une nouvelle démarche d'ingénierie d'entreprise dirigée par les modèles. Après avoir fait une synthèse des connaissances sur la théorie du management de la continuité d'activité, un problème de structuration de ces connaissances est formulé. Un cadre méthodologique pour le management de la continuité d'activité est ensuite proposé. Il repose sur (i) la définition et la conception d'un méta modèle de référence fondé sur l'intégration entre management de la continuité d'activité et ingénierie d'entreprise ; (ii) le développement d'un ensemble de matrices d'évaluation de la criticité destinés à soutenir l'analyse d'impact de MCA ; et enfin sur (iii) la définition d'un langage de modélisation étendu aux concepts de MCA. Un cas d'études du domaine de la prise en charge à domicile vient illustrer le bien-fondé de l'application de ce cadre méthodologique sur une base réelle et concrète. / In the present context, Information and Communication technologies are recognized as an inevitable element to improve business practices. Particularly in the home-care field in order to meet challenges of coordination and care continuity. However, these organizations operate in a highly dynamic and uncertain environment. In view of these endogenous and exogenous disruptions, they have to react in an agile way to face risks and to ensure their resilience. The Business Continuity Management (BCM) meets these expectations. Our motivation in this research work is to define a methodological framework to implement the business continuity management within a socio -technical system as an integral part of a new approach to model driven enterprise engineering. After delivering a synthesis of related work to Business Continuity Management, a research question concerning the structuring of this knowledge has been addressed. A methodological framework for business continuity management is then suggested. It is based on (i) the definition and the design of a meta-model integrating BCM and enterprise engineering, (ii) the development of a set criticality assessment matrix to support the business impact analysis, and finally on (iii) the definition of a modeling language adapted to concepts of BCM. A case study from the home-care sector illustrates the foundation of the methodological framework.

Prise en charge à domicile

Résilience

Continuité d'activité

Ingénierie d'entreprise

Ingénierie dirigée par les modèles

Défaillance

Homecare

Resilience

Business continuity

Enterprise engineering

Model driven engineering

Failure

650

Challenges and Opportunities of Having an IT Disaster Recovery Plan

Ghannam, Mohamed Ziyad

January 2017

There are various types of disasters and no one can expect when they will occur. IT disaster recovery plan (ITDRP) became one of the most important contingency plans for organizations in the event of disasters. Organizations started realizing the importance of having IT Disaster recovery plan but many hesitate to apply this plan before a disaster occurs. However, even when the importance of ITDRP is acknowledged in the IS field, most scholarly work has focused on the process and strategies while briefly looking at the challenges and benefits of the DRP. This paper aims to investigate the most common challenges associated with having an effective ITDRP and the opportunities associated with this plan. A qualitative study was conducted which consists 6 interviews within several organizations which have developed an ITDRP. The results show that top management support, staff issues, maintenance, and disaster recovery sites are the main challenges organizations face during DRP. While the benefits were data protection, reducing the interruption for business functions, enhancing the reliability for staff and IT services and speeding up the decision-making process.

IT Disaster recovery plan

IT Risk management

Business continuity

Business impact analyzez

Disaster recovery site

Disaster

Information Systems, Social aspects

[en] BUSINESS CONTINUITY PLAN: AN EXPLORATORY RESEARCH IN THE STRATEGIC PERSPECTIVE ON INFORMATION SECURITY / [pt] PLANO DE CONTINUIDADE DE NEGÓCIOS: UMA PESQUISA EXPLORATÓRIA NA PERSPECTIVA ESTRATÉGICA NO ÂMBITO DA SEGURANÇA DA INFORMAÇÃO

LEONARDO ERLICH

14 June 2004

[pt] Todos os dias, diversos sistemas são invadidos, muitas pessoas são vítimas de vírus, os mais variados dados são obtidos ilegalmente e muitas empresas ficam de uma hora para outra sem poder operar normalmente. A segurança da informação se ocupa exatamente da proteção dos recursos de informação de empresas e indivíduos. Dentre os diversos assuntos abrangidos pela segurança da informação, o plano de continuidade de negócios (PCN) é o objeto de estudo deste trabalho. Antes confinado à literatura especializada, o PCN ganhou projeção na mídia há pouco mais de dois anos, quando o mundo assistiu perplexo a queda das torres do World Trade Center. O plano de continuidade de negócios tem como objetivo principal evitar, ou reduzir sensivelmente, as perdas das empresas em casos de incidentes que afetem suas operações, além de restaurar suas atividades no espaço de tempo mais breve possível. O objetivo final deste estudo é estabelecer o retrato atual dos planos de continuidade de negócios das empresas brasileiras e propor sugestões para torná-las menos vulneráveis às ameaças internas e externas, sejam novas, antigas ou potenciais. Para atingir o objetivo proposto, foi realizada uma pesquisa com 112 empresas, levantando as percepções de seus executivos, por meio de questionários e entrevistas. A pesquisa demonstra que as empresas não estão preparadas para enfrentar incidentes que possam interromper suas atividades operacionais, estando sujeitas até mesmo à falência. Por fim, é recomendado às empresas que avaliem detalhadamente os riscos aos quais estão submetidas e as conseqüências que os incidentes podem causar. Os impactos podem justificar o investimento em um plano de continuidade de negócios. / [en] Everyday, systems around the world are invaded by hackers, people fall victim to virus attacks, sensitive data are stolen, and firms find their operations screech to a halt. Information Security is responsible for the protection of the information resources of companies and people. The business continuity plan (BCP), one of the many issues that fall under the label of Information Security, is the object of this study. Previously confined to esoteric research journals, BCP gained significant coverage in the mainstream media in the wake of the attacks on the World Trade Center. The primary goal of a business continuity plan is the avoidance, or substantial reduction, of losses that a firm might suffer as a result of security incidents. Put simply, a BCP's goal is to keep firms operating as normal as possible during a disaster and get the firm back to standard operations as quickly as possible. The purpose of this study is to illustrate the current utilization of business continuity plans in Brazilian businesses and suggest how to make them less vulnerable to internal and external threats, regardless of whether they are old, new, or as yet undiscovered. To achieve this objective, 112 companies were selected and the executives could express their perceptions filling the surveys and through interviews. The research demonstrates that firms are not prepared to face incidents which may cause interruptions of their activities. Finally, the research recommends that companies to evaluate carefully the risks involved in their businesses and what consequences the security incidents may cause. The impacts can certainly justify the investments in Business Continuity Plan.

[pt] CONTINGENCIA

[en] CONTINGENCY

[pt] ESTRATEGIA

[en] STRATEGY

[pt] SEGURANCA DA INFORMACAO

[en] INFORMATION SECURITY

[pt] PLANO DE CONTINUIDADE DE NEGOCIOS

[en] BUSINESS CONTINUITY PLAN

[pt] INCIDENTES

[en] INCIDENTS

[en] RECOVERY OF INTERRUPTED ACTIVITIES

An Exploration of Baby Boomer Mass Retirement Effects on Information Systems Organizations

Mathiyazhagan, Nithyanandam Mathiyazhagan

01 January 2016

The potential knowledge loss from Baby Boomer generation employee retirements can negatively affect information systems organizations. The purpose of this hermeneutic phenomenology study was to explore the lived experiences of the leaders and managers of information systems organizations as they tried to maintain operational continuity after Baby Boomer worker retirements. The impact of this issue was the operational continuity after the Baby Boomer worker retirement. The social impact of this issue was the knowledge loss events that might result in business loss or even bankruptcy. McElroy's knowledge life cycle model was the conceptual framework for this study that included knowledge production and knowledge integration processes within a feedback loop. The lived experiences of 20 knowledgeable participants who had experienced institutional knowledge loss from retired Baby Boomer generation employees were captured through purposeful sampling. Data were collected through individual interviews using either face-to-face or a web conferencing tool such as Skype and analyzed through a modified Van Kaam. Five themes were identified: business climate, delivery practices, work processes, camaraderie, and management response. Significant attributes that added to the body of knowledge were workplace navigation, alternate focus, and outsourcing management. The results of the study may enable organizations to be better able to understand and manage the Baby Boomer knowledge loss effects and subsequently create systems to help maintain their competitive edge and avoid knowledge loss that might result in business loss or even bankruptcy.

Baby Boomer Generation

Business Continuity

Global Multi-generational Workforce

Knowledge Loss

Phenomenology

Retirement Risk

Databases and Information Systems

Organizational Behavior and Theory

A Simulation Model for Decision Support in Business Continuity Planning

Mosunich, Marissa Anne

01 March 2016

Enterprises with a global supply network are at risk of lost revenue as a result of disruptive disasters at supplier locations. Various strategies exist for addressing this risk, and a variety of types of research has been done regarding the identification, assessment and response to the risk of disruption in a supply chain network. This thesis establishes a decision model to support Business Continuity Planning at the first-tier supplier level. The decision model incorporates discrete-event simulation of supply chain networks (through Simio software), Monte Carlo simulation, and risk index optimization. After modeling disruption vulnerability in a supply chain network, costs of implementing all combinations of Business Continuity Plans are ranked and then tested in discrete-event simulation for further insight into inventory levels, unmet customer demand, production loss and related costs. A case study demonstrates the implementation of the decision support process and tests a historical set of data from a large manufacturing company. Discrete-event simulation modeling of loss is confirmed to be accurate. The relevance of the model concept is upheld and recommendations for future work are made.

Business Continuity Planning

Simulation

Discrete-Event

Risk

Supply Chain

Business Intelligence

Industrial Engineering

Operational Research

Risk Analysis

Multi-Level Analytic Network Process Model to Mitigate Supply Chain Disruptions in Disaster Recovery Planning

Kroener, Martina Ursula

01 April 2016

Over the past few decades, environmental changes have led to more frequent occurrences and greater intensities of natural disasters worldwide. In terms of globally connected supply chains, this has resulted in an enormous economical loss for corporations. Therefore, Business Continuity and Disaster Recovery (BC/DR) planning and management has become essential for businesses in order to protect their critical business flow. Yet there is a lack of systematic and transparent methodologies for companies to handle this problem. Hence, this thesis introduces a novel approach to combine consecutive steps of the Disaster Recovery Planning (DRP) process within one application. The multi-criteria decision-making (MCDM) tool called the Analytic Network Process (ANP) is employed to identify critical products of a business and match them with optimal disruption mitigation strategies based on an evaluation of benefits, opportunities, costs, and risks (BOCR). To validate the method developed in this thesis, a case study using historical data of a U.S. company (Company XYZ) is introduced. The results of the ANP mathematical modeling demonstrate that the developed methodology provides a valuable approach to analyze and confirm BC/DR planning decisions. Moreover, an expert of Company XYZ confirmed that the suggested solution established through this case study is in agreement with the preferable choice based on his expertise and professional decision-making. Further research could extend the proposed methodology to other fields of BC/DR planning, such as IT Disaster Recovery Planning or Human Disaster Relief.

Analytic Network Process

Business Continuity

Disaster Recovery

Critical Products

Mitigation Strategies

Supply Chain

Operations and Supply Chain Management

Optimization of Disaster Recovery Leveraging Enterprise Architecture Ontology

Manaktala, Rohit Sudhish

02 October 2013

No description available.

Computer Science

Computer Engineering

Engineering

Information Technology

Management

Technology

Disaster Recovery

DR

EA

Enterprise Architecture

Risk Management

Business Continuity

Continuity Management

Business Continuity and Resilience Engineering: How Organizations Prepare to Survive Disruptions to Vital Digital Infrastructure

Romine, Jessica D.

19 June 2012

No description available.

Engineering

Industrial Engineering

Systems Design

resilience

resilience engineering

digital infrastructure

cognitive systems engineering

adaptive capacity

business continuity

complex adaptive systems

organization viability

three ways adaptive systems fail

Gestão de continuidade de negócios aplicada no ensino presencial mediado por recursos tecnológicos. / Business continuity management (BCM) used to they education system mediated classroom resources technology (SPMRT).

Gorayeb, Diana Maria da Câmara

13 February 2012

Este trabalho propõe diretrizes de Gestão de Continuidade de Negócios (GCN) para a tecnologia de Ensino Presencial Mediado por Recursos Tecnológicos (EPMRT), que conta, para a realização de suas atividades acadêmicas, com um sistema complexo para transmissão de aulas e exige um grande esforço para o controle das suas operações e das respostas coordenadas diante de erros, falhas e defeitos, ou quaisquer incidentes que resultem na interrupção das suas atividades. A manutenção deste ambiente tecnológico está relacionada com a implantação de processos eficientes de gestão de risco e do ciclo de melhoria contínua em ambiente de TI com a adoção do ITIL® e através da construção das diretrizes de um Plano de Continuidade de Negócios (PCN), documentado por meio de elementos da UML, utilizando a Análise de Impacto nos Negócios (BIA), a Avaliação dos Riscos (RA) e os atributos de Dependabilidade para os elementos tecnológicos: disponibilidade, confiabilidade, segurança, confidencialidade, integridade e manutenibilidade. / This paper proposes guidelines for Business Continuity Management (BCM) that uses a technology called Education System Mediated Classroom Resources Technology (SPMRT), which needs, for the achievement of their academic activities, a complex system for transmission of lessons and requires a great effort to control their operations and coordinated fast responses in case of errors, faults, attacks and defects, or any incidents that result in the disruption of their activities. Maintaining this technological environment is related to the implementation of efficient processes of risk management and continuous improvement cycle in the IT environment with the adoption of ITIL® and through the construction of a Business Continuity Plan (BCP), documented by elements of the UML using the Business Impact Analysis (BIA), Risk Assessment (RA) and the attributes of Dependability: availability, reliability, security, confidentiality, integrity and maintainability.

Análise de impacto nos negócios

Availability

Avaliação dos riscos

BCM

BCP

BIA

BIA

Business Continuity Management

Business Continuity Plan

Business Impact Analysis

Confiabilidade

Confidencialidade

Confidentiality

Dependabilidade

Dependability

Disponibilidade

EPMRT

GCN

Gestão de Continuidade de Negócios

Integridade

Integrity

ITIL®

ITIL®

Maintainability

Manutenibilidade

PCN

Plano de Continuidade de Negócios

RA

RA

Reliability

Risk assessment

Security

Segurança

SPMRT

UML

UML

Gestão de continuidade de negócios aplicada no ensino presencial mediado por recursos tecnológicos. / Business continuity management (BCM) used to they education system mediated classroom resources technology (SPMRT).

Diana Maria da Câmara Gorayeb

13 February 2012

Este trabalho propõe diretrizes de Gestão de Continuidade de Negócios (GCN) para a tecnologia de Ensino Presencial Mediado por Recursos Tecnológicos (EPMRT), que conta, para a realização de suas atividades acadêmicas, com um sistema complexo para transmissão de aulas e exige um grande esforço para o controle das suas operações e das respostas coordenadas diante de erros, falhas e defeitos, ou quaisquer incidentes que resultem na interrupção das suas atividades. A manutenção deste ambiente tecnológico está relacionada com a implantação de processos eficientes de gestão de risco e do ciclo de melhoria contínua em ambiente de TI com a adoção do ITIL® e através da construção das diretrizes de um Plano de Continuidade de Negócios (PCN), documentado por meio de elementos da UML, utilizando a Análise de Impacto nos Negócios (BIA), a Avaliação dos Riscos (RA) e os atributos de Dependabilidade para os elementos tecnológicos: disponibilidade, confiabilidade, segurança, confidencialidade, integridade e manutenibilidade. / This paper proposes guidelines for Business Continuity Management (BCM) that uses a technology called Education System Mediated Classroom Resources Technology (SPMRT), which needs, for the achievement of their academic activities, a complex system for transmission of lessons and requires a great effort to control their operations and coordinated fast responses in case of errors, faults, attacks and defects, or any incidents that result in the disruption of their activities. Maintaining this technological environment is related to the implementation of efficient processes of risk management and continuous improvement cycle in the IT environment with the adoption of ITIL® and through the construction of a Business Continuity Plan (BCP), documented by elements of the UML using the Business Impact Analysis (BIA), Risk Assessment (RA) and the attributes of Dependability: availability, reliability, security, confidentiality, integrity and maintainability.

Análise de impacto nos negócios

Avaliação dos riscos

BIA

Confiabilidade

Confidencialidade

Dependabilidade

Disponibilidade

EPMRT

GCN

Gestão de Continuidade de Negócios

Integridade

ITIL®

Manutenibilidade

PCN

Plano de Continuidade de Negócios

RA

Segurança

UML

Availability

BCM

BCP

BIA

Business Continuity Management

Business Continuity Plan

Business Impact Analysis

Confidentiality

Dependability

Integrity

ITIL®

Maintainability

RA

Reliability

Risk assessment

Security

SPMRT

UML