Comparative evaluation of business continuity management frameworks (Case: Iranian Research Institute for Information Science and Technology (IranDoc))

Document Type : Original Article

Authors

1 Islamic Azad University- Central Tehran Branch, Tehran, Iran

2 Iranian Research Institute for Information Science and Technology (IranDoc); Tehran, Iran

3 Information and Society Research Department, Iranian Research Institute for Information Science and Technology (IRANDOC), Tehran, Iran

10.22091/stim.2024.11281.2156

Abstract

Purpose: Business continuity refers to an organization’s ability to continue delivering essential products and services even in the face of disruptions or crises. This is particularly important for organizations heavily dependent on Information Technology (IT), which must quickly return to normal operations during a crisis. The Iranian Research Institute for Information Science and Technology (IranDoc), which provides most of its services through IT platforms, requires the design and implementation of a business continuity management (BCM) framework to ensure flexibility and efficiency in handling disruptions and crises. This study aims to evaluate and compare reputable business continuity management frameworks to identify the most suitable one for IranDoc.

Method: This study was conducted in three main steps. In the first step, previous research and established BCM frameworks were reviewed to identify key criteria. In the second step, a comparative evaluation framework focusing on 36 basic and comparative criteria was designed. In the third step, three key BCM frameworks—ISO 22301: 2019, COBIT 2019: Continuity Management, and ITIL-ITSCM—were evaluated and compared using the Shannon entropy method (to calculate the weight of the criteria) and the group TOPSIS method (to rank the frameworks). These three frameworks were analyzed based on criteria relevant to IranDoc’s specific needs to determine which one best matches the organization’s requirements.

Findings: Based on the first two steps, the comparative evaluation framework included 36 basic and comparative criteria (such as determining continuity needs, business continuity strategies, formulating continuity policies, setting goals and priorities, defining boundaries and responsibilities, management commitment, cultural involvement in continuity management, risk analysis, business impact analysis, crisis probability assessment, disaster recovery/ crisis plans, developing contingency plans, continuity process implementation, drafting operational guidelines, testing the business continuity plan, previous experience in dealing with incidents, information required for the continuity plan, use of technology in continuity, financial management, interaction with related organizations, supplier management, human resources management, promotion, awareness, and training, resource allocation, drafting periodic reports, business continuity reviews, legal management, matching the size of the target organization, compatibility with usage levels, matching required skill levels, support for Persian and common languages, compatibility with standards and documentation, coverage of definitions and terminology, speed, ease of use, and clarity of processes). The results of the third step showed that among the three frameworks examined, ISO 22301: 2019 was identified as the framework most aligned with IranDoc’s specific needs. This framework is particularly effective in managing disruptions and restoring services to normal quickly and efficiently. Additionally, ISO 22301 is compatible with international standards and comprehensive documentation, providing adequate coverage for the organization's linguistic and cultural needs.

Conclusion: This study demonstrates that selecting the appropriate BCM framework is essential for ensuring the continuity of critical operations and protecting organizational interests during crises. Furthermore, managers must recognize the importance of BCM in securing essential operations and safeguarding organizational benefits throughout crises. The results suggest that choosing a suitable BCM framework, such as ISO 22301: 2019, should be based on a thorough evaluation of the organization’s requirements, size, and capabilities. Selecting ISO 22301: 2019 as the recommended framework for IranDoc, due to its high alignment with the organization’s needs, can improve IranDoc’s ability to manage disruptions and crises. Moreover, the significance of having a BCM framework in reducing costs, preserving the organization’s reputation, and increasing recovery speed after a crisis is clearly highlighted in the findings. The study also confirms the applicability of the comparative evaluation method and the multiple criteria decision-making approach for ranking the frameworks. Finally, given the study's limitations, several recommendations are provided, including 1) conducting similar studies in other organizations or industries to validate the findings and assess the applicability of the proposed approach in different contexts; 2) exploring the integration of BCM with other management systems; 3) examining the influence of organizational culture, leadership, and employee participation on the successful implementation and acceptance of BCM frameworks; and 4) researching the design of more comprehensive and quantitative evaluation frameworks for BCM, incorporating additional complementary criteria.

Keywords

Main Subjects


CAPTCHA Image