Comparative evaluation of business continuity management frameworks (Case: Iranian Research Institute for Information Science and Technology (IranDoc))

Document Type : Original Article

Authors

1 Islamic Azad University- Central Tehran Branch, Tehran, Iran

2 Iranian Research Institute for Information Science and Technology (IranDoc); Tehran, Iran

3 Information and Society Research Department, Iranian Research Institute for Information Science and Technology (IRANDOC), Tehran, Iran

Abstract

Purpose: Business continuity refers to an organization’s ability to continue delivering essential products and services even in the face of disruptions or crises. This is particularly important for organizations heavily dependent on Information Technology (IT), which must quickly return to normal operations during a crisis. The Iranian Research Institute for Information Science and Technology (IranDoc), which provides most of its services through IT platforms, requires the design and implementation of a business continuity management (BCM) framework to ensure flexibility and efficiency in handling disruptions and crises. This study aims to evaluate and compare reputable business continuity management frameworks to identify the most suitable one for IranDoc.

Method: This study was conducted in three main steps. In the first step, previous research and established BCM frameworks were reviewed to identify key criteria. In the second step, a comparative evaluation framework focusing on 36 basic and comparative criteria was designed. In the third step, three key BCM frameworks—ISO 22301: 2019, COBIT 2019: Continuity Management, and ITIL-ITSCM—were evaluated and compared using the Shannon entropy method (to calculate the weight of the criteria) and the group TOPSIS method (to rank the frameworks). These three frameworks were analyzed based on criteria relevant to IranDoc’s specific needs to determine which one best matches the organization’s requirements.

Findings: Based on the first two steps, the comparative evaluation framework included 36 basic and comparative criteria (such as determining continuity needs, business continuity strategies, formulating continuity policies, setting goals and priorities, defining boundaries and responsibilities, management commitment, cultural involvement in continuity management, risk analysis, business impact analysis, crisis probability assessment, disaster recovery/ crisis plans, developing contingency plans, continuity process implementation, drafting operational guidelines, testing the business continuity plan, previous experience in dealing with incidents, information required for the continuity plan, use of technology in continuity, financial management, interaction with related organizations, supplier management, human resources management, promotion, awareness, and training, resource allocation, drafting periodic reports, business continuity reviews, legal management, matching the size of the target organization, compatibility with usage levels, matching required skill levels, support for Persian and common languages, compatibility with standards and documentation, coverage of definitions and terminology, speed, ease of use, and clarity of processes). The results of the third step showed that among the three frameworks examined, ISO 22301: 2019 was identified as the framework most aligned with IranDoc’s specific needs. This framework is particularly effective in managing disruptions and restoring services to normal quickly and efficiently. Additionally, ISO 22301 is compatible with international standards and comprehensive documentation, providing adequate coverage for the organization's linguistic and cultural needs.

Conclusion: This study demonstrates that selecting the appropriate BCM framework is essential for ensuring the continuity of critical operations and protecting organizational interests during crises. Furthermore, managers must recognize the importance of BCM in securing essential operations and safeguarding organizational benefits throughout crises. The results suggest that choosing a suitable BCM framework, such as ISO 22301: 2019, should be based on a thorough evaluation of the organization’s requirements, size, and capabilities. Selecting ISO 22301: 2019 as the recommended framework for IranDoc, due to its high alignment with the organization’s needs, can improve IranDoc’s ability to manage disruptions and crises. Moreover, the significance of having a BCM framework in reducing costs, preserving the organization’s reputation, and increasing recovery speed after a crisis is clearly highlighted in the findings. The study also confirms the applicability of the comparative evaluation method and the multiple criteria decision-making approach for ranking the frameworks. Finally, given the study's limitations, several recommendations are provided, including 1) conducting similar studies in other organizations or industries to validate the findings and assess the applicability of the proposed approach in different contexts; 2) exploring the integration of BCM with other management systems; 3) examining the influence of organizational culture, leadership, and employee participation on the successful implementation and acceptance of BCM frameworks; and 4) researching the design of more comprehensive and quantitative evaluation frameworks for BCM, incorporating additional complementary criteria.

Keywords

Main Subjects

References

Abdulhameed, A. A., & Al-Kubaisy, S. A. D. (2023). The Effect of Knowledge Upgrading on Business Continuity: A Field Research in Private Colleges and Universities in Baghdad. Journal of Economics and Administrative Sciences, 29(136), 1-15.
Al Hour, A. (2012). Business continuity management: Choosing to survive. IT Governance Ltd.
Alharthi, M. N. A. N., & Khalifa, G. S. (2019). Business continuity management and crisis leadership: an approach to re-engineer crisis performance within Abu Dhabi Governmental entities. International Journal on Emerging Technologies, 10(2), 32-40.
Anir, H., Fredj, M., & Kassou, M. (2019). Towards an approach for integrating business continuity management into enterprise architecture. International Journal of Computer Science & Information Technology (IJCSIT) 11.
Arief, R., & Putra, Y. H. (2020, January). Design Business Continuity Plan of Data Center Using ISO 22301: 2012. In International Conference on Business, Economic, Social Science, and Humanities–Economics, Business and Management Track (ICOBEST-EBM 2019) (pp. 45-47). Atlantis Press.
Ashrafi, R., & AlKindi, H. (2022). A framework for IS/IT disaster recovery planning. International Journal of Business Continuity and Risk Management, 12(1), 1-21.
Auzzir, Z. A. (2019). A business continuity management (BCM) framework for disaster resilient SMEs in Malaysia (Doctoral dissertation, University of Huddersfield).
Awang, A., Rahmad, T. Y., Indradewa, R., & Iskandar, M. D. (2023). Risk Planning Analysis in Business Continuity Management of Container Villa Rental Companies. Jurnal Syntax Admiration, 4(9), 1478-1497.
Axelos.(2019). ITIL Foundation, ITIL 4 Edition. Axelos
Azadegan, A., Ojha, D., & Ogden, J. A. (2022). Benefiting from supplier business continuity: The role of supplier monitoring and buyer power. Industrial Marketing Management, 106, 432-443.
Bajgorić, N., Turulja, L., & Alagić, A. (2022). Business Continuity Management, Business Continuity Planning, IT Capability: A Framework for Always-on Business. In Always-On Business: Aligning Enterprise Strategies and IT in the Digital Age (pp. 119-132). Cham: Springer International Publishing.
Bakar, Z. A., & Udin, Z. M. (2015). Business continuity management factors and organizational performance: a study on the moderating role of it capability. Journal of Management Info, 2(3), 5-12.
Bakar, Z. A., Yaacob, N. A., Udin, Z. M., Hanaysha, J. R., & Loon, L. K. (2017). The adoption of business continuity management best practices among malaysian organizations. Advanced Science Letters, 23(9), 8484-8491.
Bakar, Z. A., Yaacob, N. A., Udin, Z. M., Hanaysha, J. R., & Loon, L. K. (2019). Business continuity management implementation in the Malaysian public sector. International Journal of Business and Technology Management, 1(1), 18-27.
Ben Amara, O., de Nicola, A., Kamissoko, D., & Benaben, F. (2022, November). Towards an Ontological Approach to Business Continuity Assessment. In Iberoamerican Knowledge Graphs and Semantic Web Conference (pp. 322-329). Cham: Springer International Publishing.
Bhamra, R., Dani, S., & Burnard, K. (2011). Resilience: the concept, a literature review and future directions. International journal of production research, 49(18), 5375-5393.
Botha, J., & Von Solms, R. (2004). A cyclic approach to business continuity planning. Information Management & Computer Security, 12(4), 328-337.
Buganová, K., Mošková, E., & Šimíčková, J. (2021). Increasing the resilience of transport enterprises through the implementation of risk management and continuity management. Transportation Research Procedia, 55, 1522-1529.
Buzzao, G., & Rizzi, F. (2023). The role of dynamic capabilities for resilience in pursuing business continuity: an empirical study. Total Quality Management & Business Excellence, 1-33.
Central Bank (2023), Central Bank of The Islamic Republic of Iran, https://www.cbi.ir/
Cerullo, V., & Cerullo, M. J. (2004). Business continuity planning: A comprehensive approach. Information systems management, 21(3), 70-78.
Chege, S., Wanyembi, G. & Nyamboga, C. (2023). Business Continuity and Resilience Planning Practices in Kenya. International Journal of Management Science and Business Administration, 9(2), 7-16.
Chen, H., Tse, D., Si, P., Gao, G., & Yin, C. (2021). Strengthen the security management of customer information in the virtual banks of Hong Kong through business continuity management to maintain its business sustainability. Sustainability, 13(19), 10918.
Cornish, M. (2012). Business continuity management methodology. The definitive handbook of business continuity management, 119-135.
Corrales-Estrada, A. M., Gómez-Santos, L. L., Bernal-Torres, C. A., & Rodriguez-López, J. E. (2021). Sustainability and resilience organizational capabilities to enhance business continuity management: A literature review. Sustainability, 13(15), 8196.
Crask, J. (2021). Business continuity management: A practical guide to organizational resilience and ISO 22301. Kogan Page Publishers.
De Haes, S., Van Grembergen, W., Joshi, A., Huygh, T., De Haes, S., Van Grembergen, W., ... & Huygh, T. (2020). COBIT as a Framework for Enterprise Governance of IT. In Enterprise Governance of Information Technology: Achieving Alignment and Value in Digital Organizations (pp. 125-162). Cham: Springer International Publishing.
De Matteis, J., Elia, G., & Del Vecchio, P. (2023). Business continuity management and organizational resilience: A small and medium enterprises (SMEs) perspective. Journal of Contingencies and Crisis Management. https://doi.org/10.1111/1468-5973.12470
Dey, M. (2011, February). Business Continuity Planning (BCP) methodology—Essential for every business. In 2011 IEEE GCC Conference and Exhibition (GCC) (pp. 229-232). IEEE.
Dymova, L., Sevastjanov, P., & Tikhonenko, A. (2013). A direct interval extension of TOPSIS method. Expert Systems with Applications, 40(12), 4841-4847.
Estall, H. (2012). Business continuity management systems: Implementation and certification to ISO 22301. BCS, The Chartered Institute.
Fagel, M. J. (2013). Crisis management and emergency planning: preparing for today's challenges. CRC Press.
Fani, S. V., & Subriadi, A. P. (2019). Business continuity plan: examining of multi-usable framework. Procedia Computer Science, 161, 275-282.
Farr, M., & Bailey, D. (2019). Uniting business continuity management and operational risk management. Journal of business continuity & emergency planning, 12(4), 294-300.
Ferguson, C. (2019). Utilising trade unions in business continuity management to create resilience: a South African perspective. Continuity & Resilience Review, 1(1), 36-46.
Filipović, D., Krišto, M., & Podrug, N. (2018). Impact of crisis situations on development of business continuity management in Croatia. Management: journal of contemporary management issues, 23(1), 99-122.
Folkers, A. (2017). Continuity and catastrophe: business continuity management and the security of financial operations. Economy and Society, 46(1), 103-127.
Frikha, G., Lamine, E., Kamissoko, D., Benaben, F., & Pingaud, H. (2021). Toward a modeling Tool for Business Continuity Management. IFAC-PapersOnLine, 54(1), 1156-1161.
Fulmer, K. L. (2015). Business continuity planning: A step-by-step guide with planning forms. Rothstein Publishing.
Gibb, F., & Buchanan, S. (2006). A framework for business continuity management. International journal of information management, 26(2), 128-141.
Goldberg, E. M. (2008). Sustainable utility business continuity planning: A primer, an overview and a proven culture-based approach. The Electricity Journal, 21(10), 67-74.
Groenendaal, J., & Helsloot, I. (2020). Organisational resilience: Shifting from planning-driven business continuity management to anticipated improvisation. Journal of Business Continuity & Emergency Planning, 14(2), 102-109.
Guo, Q., Zhan, Z., Wang, T., & Zhao, X. (2012, April). Risk assessment and optimal proactive measure selection for IT service continuity management. In 2012 IEEE Network Operations and Management Symposium (pp. 1386-1391). IEEE.
Hamid, A. H. A. (2018). Limitations and challenges towards an effective business continuity management in Nuklear Malaysia. In IOP conference series: materials science and engineering (Vol. 298, No. 1, p. 012050). IOP Publishing.
Hendaryatna, H., Firmansyah, G., Tjahjono, B., & Widodo, A. M. (2023). Performance Evaluation of Business Continuity Plan in Dealing with Threats and Risks in Cilegon Companies Use ISO 22301: 2019 & NIST Sp 800-30 R1 Frameworks Case Study: PT. X. Asian Journal of Social and Humanities, 1(12), 1159-1174.
Henry, K. (2009). Determining Business Unit Priorities in Business Continuity Management. In Information Security Management Handbook, Volume 3 (pp. 331-340). Auerbach Publications.
Herdmann, F. (2022). Preparing for Crises: Enhancing Resilience: The Concept of ISO Standards. In Crisis Management for Small and Medium-Sized Enterprises (SMEs) Strategies for External Crises (pp. 193-214). Cham: Springer International Publishing.
Hersyah, M. H. (2018, October). A Literature Review on Business Continuity Based on ISO 22301, Six Sigma and Customer Satisfaction Evaluation. In 2018 International Conference on Information Technology Systems and Innovation (ICITSI) (pp. 392-397). IEEE.
Holman, E., & Houser, K. (2011). ITSCM (IT Service Continuity Management) Overview: ITIL®'s IT Disaster Recovery and Business Continuity Management. Orlando: SHARE.
Information Systems Audit and Control Association(2018). COBIT 2019 Framework: Governance and Management Objectives. ISACA
International Labour Office (ILO). (2011). Multi‐hazard business continuity management: Guide for small and medium enterprises.
International Organization for Standardization (ISO). (2017). Security and resilience – Organizational resilience (ISO22316:2017). International Organization for Standardization.
International Organization for Standardization (ISO). (2019). Security and Resilience: Business Continuity Management Systems-Requirements (ISO22301:2019). International Organization for Standardization.
Iqbal, A., Widyawan, W., & Mustika, I. W. (2016, June). COBIT 5 domain delivery, service and support mapping for business continuity plan. In AIP Conference Proceedings (Vol. 1746, No. 1). AIP Publishing.
Jafarnezhad, S., & Taghva, M. R. (2019). The Role of Implementation of Service Management and Security Frameworks in Information Technology Service Continuity. Business Intelligence Management Studies, 8(30), 33-54.
Järveläinen, J. (2012). Information security and business continuity management in interorganizational IT relationships. Information Management & Computer Security, 20(5), 332-349.
Järveläinen, J. (2013). IT incidents and business impacts: Validating a framework for continuity management in information systems. International journal of information management, 33(3), 583-590.
Järveläinen, J., Niemimaa, M., & Zimmer, M. P. (2022). Designing a thrifty approach for SME business continuity: practices for transparency of the design process. Journal of the Association for Information Systems, 23(6), 1557-1602.
Jim Burtles, K. L. J., & CMLJ, F. (2015). Principles and practice of business continuity: Tools and Techniques. Rothstein Publishing.
Kadam, A. (2020). Evaluating Business Service Continuity and Availability Using COBIT 2019. ISACA. https://www.isaca.org/resources/news-and-trends/industry-news/2020/evaluating-business-service-continuity-and-availability-using-cobit-2019
Kadar, M. (2014). Development and implementation of a business continuity management risk index. Journal of Business Continuity & Emergency Planning, 8(3), 238-251.
Kato, M., & Charoenrat, T. (2018). Business continuity management of small and medium sized enterprises: Evidence from Thailand. International journal of disaster risk reduction, 27, 577-587.
Kodaka, A., Leelawat, N., Ino, E., Tang, J., Park, J., & Kohtake, N. (2021, September). The Impact of Employee Behavior on Business Continuity at an Industrial Complex. In 2021 IEEE International Symposium on Systems Engineering (ISSE) (pp. 1-6). IEEE.
Labus, M., Despotović-Zrakić, M., Bogdanović, Z., Barać, D., & Popović, S. (2020). Adaptive e-business continuity management: Evidence from the financial sector. Computer Science and Information Systems, 17(2), 553-580.
Long , John O. (2012). ITIL® 2011 At a Glance. Springer New York
Mansol, N. H., Alwi, N. H. M., & Ismail, W. (2014). Success factors towards implementation of business continuity management in organizations. International Journal of Digital Society, 5(1), 909-911.
Marisa, R., & Oigo, D. (2018). Influence of organizational resources and structure on business continuity management of private security firms in Kenya. Journal of Human Resource Management, 6(1), 18-25.
McAleavy, T. (2020). The competing pressures paradigm: A tool for improving emergency and continuity planning efficacy?. Journal of Business Continuity & Emergency Planning, 13(3), 265-277.
Meechang, K., Watanabe, K., & Ino, E. (2022). The successes and challenges of disaster response: practices in Thailand industrial areas. In 18th Annual Meeting of the Asia Oceania Geosciences Society: Proceedings of the 18th Annual Meeting of the Asia Oceania Geosciences Society (AOGS 2021) (pp. 103-105).
Ministr, J., Stevko, M., & Fiala, J. (2009). The IT service continuity management principles implementation by method A2. IDIMT-2009 Systems and Humans–A Complex Relationship–17th Interdisciplinary Information Management Talks Preceedings, Linz, Trauner Druck, 131-139.
Muflihah, Y., & Subriadi, A. P. (2018). A basic element of it business continuity plan: systematic review. Jurnal Informatika Ahmad Dahlan, 12(1), 17-23.
Nasiren, M. A., Abdullah, M. N., & Asmoni, M. (2016). Critical Success Factors on the BCM Implementation in SMEs. Journal of Advanced Research in Business and Management Studies, 3(1), 105-122.
Păunescu, C., & Argatu, R. (2020). Critical functions in ensuring effective business continuity management. Evidence from Romanian companies. Journal of Business Economics and Management, 21(2), 497-520.
Persse. J. (2012). The ITIL Process Manual. Van Haren Publishing
Podaras, A. (2022). Data-Based Agricultural Business Continuity Management Policies. In Information and Communication Technologies for Agriculture—Theme II: Data (pp. 209-233). Cham: Springer International Publishing.
Pomerol, J. C., & Barba-Romero, S. (2000). Multicriterion decision in management: principles and practice (Vol. 25). Springer Science & Business Media.
Rabbani, M., Soufi, H. R., & Torabi, S. A. (2016). Developing a two-step fuzzy cost–benefit analysis for strategies to continuity management and disaster recovery. Safety science, 85, 9-22.
Rejeb, O., Bastide, R., Lamine, E., Marmier, F., & Pingaud, H. (2012, June). A model driven engineering approach for business continuity management in e-Health systems. In 2012 6th IEEE International Conference on Digital Ecosystems and Technologies (DEST) (pp. 1-7). IEEE.
Rokhide, M., Ebrahimi, A., & Khomeshaya, A. (2019). Interpretative structural modeling of the effective factors on business continuity management in small and medium enterprises. Commercial Surveys, 17(97), 114–130. [In Persian]
Rozová, D., & Fuchs, M. (2021, November). Business Continuity Management Through Stakeholders Collaboration and Participation. In 2021 New Trends in Aviation Development (NTAD) (pp. 146-149). IEEE.
Russo, N., & Reis, L. (2021). Methodological approach to systematization of Business Continuity in organizations. In Handbook of Research on Multidisciplinary Approaches to Entrepreneurship, Innovation, and ICTs (pp. 200-223). IGI Global.
Russo, N., Reis, L., Silveira, C., & São Mamede, H. (2021, June). Framework for designing Business Continuity-Multidisciplinary Evaluation of Organizational Maturity. In 2021 16th Iberian Conference on Information Systems and Technologies (CISTI) (pp. 1-4). IEEE.
Sapapthai, S., Leelawat, N., Tang, J., Kodaka, A., & Ino, E. (2021, April). Success Factors of Business Continuity Management Implementation Using Analytic Hierarchy Process-A case study of an automotive part company in Ayutthaya Province, Thailand. In 2021 3rd International Conference on Management Science and Industrial Engineering (pp. 132-138).
Sawalha, I. H. (2020). Business continuity management: use and approach’s effectiveness. Continuity & Resilience Review, 2(2), 81-96.
Sawalha, I. H. S., Anchor, J. R., & Meaton, J. (2012). Business continuity management in Jordanian banks: Some cultural considerations. Risk Management, 14, 301-324.
Schätter, F., Hansen, O., Wiens, M., & Schultmann, F. (2019). A decision support methodology for a disaster-caused business continuity management. Decision Support Systems, 118, 10-20.
Seow, K. (2009). Gaining senior executive commitment to business continuity: Motivators and reinforcers. Journal of Business Continuity & Emergency Planning, 3(3), 201-208.
Setiawan, A., Wibowo, A., & Susilo, A. H. (2017, August). Risk analysis on the development of a business continuity plan. In 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT) (pp. 1-4). IEEE.
Shih, H. S., Shyur, H. J., & Lee, E. S. (2007). An extension of TOPSIS for group decision making. Mathematical and computer modelling, 45(7-8), 801-813.
Shukla, P., Kumar, A., & PB, A. K. (2013). Impact of National Culture on Business Continuity Management System Implementation. International Journal of Risk and Contingency Management (IJRCM), 2(3), 23-36.
Sikdar, P. (2011). Alternate approaches to business impact analysis. Information Security Journal: A Global Perspective, 20(3), 128-134.
Smith, D., & Fischbacher, M. (2009). The changing nature of risk and risk management: The challenge of borders, uncertainty and resilience. Risk Management, 11, 1-12.
Snedaker, S. (2013). Business continuity and disaster recovery planning for IT professionals. Newnes.
Soleimani-Damaneh, M., & Zarepisheh, M. (2009). Shannon’s entropy for combining the efficiency results of different DEA models: Method and application. Expert Systems with Applications, 36(3), 5146-5150.
Steen, R., Haug, O. J., & Patriarca, R. (2023). Business continuity and resilience management: A conceptual framework. Journal of Contingencies and Crisis Management. https://doi.org/10.1111/1468-5973.12501
Supriadi, L.S.R., Sui Pheng, L. (2018). Business Continuity Management (BCM). In Business Continuity Management in Construction. Management in the Built Environment. Springer, Singapore. https://doi.org/10.1007/978-981-10-5487-7_3
Suresh, N. C., Sanders, G. L., & Braunscheidel, M. J. (2020). Business continuity management for supply chains facing catastrophic events. IEEE Engineering Management Review, 48(3), 129-138.
Torabi, S. A., Giahi, R., & Sahebjamnia, N. (2016). An enhanced risk assessment framework for business continuity management systems. Safety science, 89, 201-218.
Torabi, S. A., Soufi, H. R., & Sahebjamnia, N. (2014). A new framework for business impact analysis in business continuity management (with a case study). Safety Science, 68, 309-323
Tuczek, F. (2022). Enhancing Supply Chain Resilience Through Incorporating Business Continuity Management Systems. In Supply Chain Resilience: Insights from Theory and Practice (pp. 77-86). Cham: Springer International Publishing.
Vanichchinchai, A. (2023). Links between components of business continuity management: an implementation perspective. Business Process Management Journal, 29(2), 339-351.
Vartiainen, P. (2002). On the principles of comparative evaluation. Evaluation, 8(3), 359-371.
Wan, S. (2009). Service impact analysis using business continuity planning processes. Campus-Wide Information Systems, 26(1), 20-42.
Zawada, B. (2014). The practical application of ISO 22301. Journal of business continuity & emergency planning, 8(1), 83-90.
Send comment about this article
CAPTCHA Image
Sciences and Techniques of Information Management
Volume 11, Issue 3
October 2025
Pages 51-7

Files

Share

How to cite

Statistics