Next Article in Journal
Evaluation of Dimensional Stability and Occlusal Wear of Additively and Subtractively Manufactured Resin-Based Crowns after Thermomechanical Aging
Next Article in Special Issue
Compiling Requirements from Models for Early Phase Scope Estimation in Agile Software Development Projects
Previous Article in Journal
A Mongolian-Chinese Neural Machine Translation Model Based on Soft Target Templates and Contextual Knowledge
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 21
10.3390/app132111846
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Exploring a Multidisciplinary Assessment of Organisational Maturity in Business Continuity: A Perspective and Future Research Outlook

by
Nelson Russo
1,
Henrique São Mamede
1,2,
Leonilde Reis
3,
José Martins
2 and
Frederico Branco
2,4,*
1
Department of Science and Technology, Universidade Aberta, Rua da Escola Politécnica, No. 147, 1269-001 Lisbon, Portugal
2
INESC TEC, Rua Dr. Roberto Frias, 4200-465 Porto, Portugal
3
School of Business Administration, (ESCE/CICE/IPS) Polytechnic Institute of Setúbal, Campus of Polytechnic Institute of Setúbal, 2914-503 Setúbal, Portugal
4
School of Science and Technology, University of Trás-os-Montes e Alto Douro, Quinta de Prados, 5000-801 Vila Real, Portugal
*
Author to whom correspondence should be addressed.
Appl. Sci. 2023, 13(21), 11846; https://doi.org/10.3390/app132111846
Submission received: 28 September 2023 / Revised: 23 October 2023 / Accepted: 27 October 2023 / Published: 30 October 2023
(This article belongs to the Special Issue Application of Information Systems)
Browse Figures
Versions Notes

Abstract

:
In a competitive business landscape heavily reliant on information and communication technology, organisations must be prepared to address disruptions in their business operations. Business continuity management involves effective planning for the swift reestablishment of business processes in the short term. However, there are still obstacles to implementing business continuity plans, which can be justified by various factors. The purpose of this study is to present the perspectives and future research paths based on a systematic literature review from the peer-reviewed literature published from 1 January 2000 to 31 December 2021. This systematic literature review adheres to the guidelines established by evidence-based software engineering and leverages the Parsifal online tool. The primary research results identify and establish connections between the common components and activities of business continuity management as defined in international standards and frameworks to identify gaps in the existing knowledge. These findings will contribute to the development of a framework that provides a practical approach applicable to organisations of all sizes, taking into account each aspect of business continuity management, with a particular emphasis on information and communication technology systems. This paper’s contribution lies in offering insights from a systematic literature review regarding the strategic principles for designing and implementing a business continuity plan, along with a comprehensive overview of related research. Furthermore, it presents a path forward to guide future research efforts aimed at addressing the gaps in the literature concerning continuity planning.

1. Introduction

In today’s volatile, uncertain, complex, and ambiguous (VUCA) business landscape, the need for robust business continuity management (BCM) has never been more pronounced. Organisations grapple with constant disruptions, especially those linked to information and communication technology (ICT). This research endeavours to bridge the existing gaps in understanding how ICT intertwines with BCM, acknowledging the pivotal role technology plays in modern business operations. In this regard, organisations must be ready to address disruptions in their business processes, particularly those reliant on ICT services. Their significance emerges as a critical thread throughout the research.
It is imperative to underscore that the level of organisational maturity plays a pivotal role in determining the efficacy of business continuity planning (BCP) [1]. While the discussion naturally gravitates towards addressing disruptions in business processes reliant on ICT services, it is crucial to recognise that organisational maturity is not merely incidental, but a fundamental aspect that significantly influences the success of BCP implementation [2].
Business continuity (BC) refers to an organisation’s ability to strategically and tactically plan for and respond to business incidents and disruptions [3], ensuring that business operations can be maintained at an acceptable level. Consequently, a BCP is crafted to prevent or mitigate risks, minimise the consequences of crises or disasters, and reduce the timeframe required to return operations to a normal state [4].
In this context, it is relevant to delve into the symbiotic relationship between BCM and organisational resilience. As businesses face unprecedented challenges, the integration of BCM becomes a strategic imperative for not only surviving but thriving in the face of adversity. By exploring the intersections of BCM, resilience, and change management, this research seeks to provide a comprehensive framework that goes beyond mitigating risks to fostering adaptive capacity in organisations.
Nevertheless, some organisations defer or undervalue BCP implementation. To address constraint mitigation in BCP implementation, it is relevant to review the literature in the BC area in search of strategic guidelines that allow for streamlining of the design and implementation of BCP.
Strategy is the long-term approach to implementing a firm’s business plans to achieve its mission [5]. Developing a BCM strategy should reflect and support mission achievement, organisational strategy, and the tactics to define relevant actions and ensure that the business leaders support them.
The decision-making strategies reflect each decision-maker’s experience and can limit the suboptimisation of overall enterprise goals [6]. Therefore, to implement a BCP, there is a need to introduce the BCP activities and acquire organisational capability for conducting BCP actions as planned [7]. The creation of BC teams must be considered to achieve the organisational capability and a comprehensive BCP. Among other tasks, the definition of roles and responsibilities for persons and teams with authority, during and after an incident, is relevant to the organisation [8].
An essential element for achieving success in the development of a business continuity management (BCM) strategy involves establishing performance metrics to pinpoint the minimum operational service thresholds [5]. Knowing the predefined thresholds that can lead to activating the response is relevant [9]. Furthermore, it is equally crucial to consider metrics that underpin the assessment of business value and the validation of project success [10]. Therefore, organisations can benefit from this achievement and the existence of a guiding framework for activities aimed at mitigating business disruptions when designing BCP and the BCM program [11].
The primary aim of this work is to provide a comprehensive overview and a path forward in research related to BCM, based on the results of the systematic literature review (SLR) accomplished as part of the design science research (DSR) methodology adopted. A technical presentation of the SLR is relevant to provide a methodological and scientific basis. It also presents the most relevant decisions and constraints in the review process to provide an answer path for the research question and alternative research paths that can be followed.
This paper is organised into the following sections after introducing the problem: the first section highlights the motivation for the research and identifies the problem. The second section describes the research methodology, and the third section presents the search strategy applied. The SLR results are quantified in the fourth section. The discussion on the results and a path forward appear in the fifth section. Finally, we present the conclusions, followed by a list of all the bibliographical references used.

2. Research Motivation

Organisations have the flexibility to choose from a variety of international standards and frameworks (ISFs) to steer the design, execution, and upkeep of their BC solutions. Various viewpoints on BCM, as outlined by the most commonly employed frameworks, establish a set of requisites, practices, or activities designed to oversee the components of BC.
Certain organisations postpone the implementation of their BCP, citing reasons such as design limitations, which may be attributed to technical or financial constraints or issues related to the interpretation of requirements [12], or limitations imposed by company policies and project timelines [13]. Hence, there exists a shortfall within organisations that have adopted and obtained certification in BCM standards, especially in the public sector [14]. Small or medium-sized enterprises (SMEs) are more susceptible to disasters due to their limited financial and human resources and poor technological capabilities to recover from disasters [15]. Other constraints felt in organisations are the lack of proactivity in BC planning and disaster recovery (DR) [16] that can lead to damage to reputation and market share, failure in customer service and business processes, regulatory responsibility, and increases in the system resume and restore times.
These limitations highlight a perceived level of complexity when it comes to launching a BCM program and the essential expertise required for crafting and executing a BCP [17], as well as its ongoing maintenance.
To address the challenges associated with constraint mitigation, it is essential to gain a comprehensive understanding of each identified component within the business continuity management system (BCMS). Additionally, it is crucial to review research findings that may uncover a broader range of constraints and strategic guidelines aimed at optimising the implementation of BCPs.

2.1. International Standards and Frameworks

The International Organisation for Standardisation (ISO), in its ISO 22301:2019 standard, specifies requirements to implement, maintain, and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to, and recover from disruptions when they arise [9].
The Capability Maturity Model Integration (CMMI) v2.0 represents a collection of best practices that empower businesses to enhance their performance while also providing a framework for planning mitigation strategies to handle substantial disruptions in business operations [18].
In the BC scope, the primary goal of Control Objectives for Information and Related Technology (COBIT) 2019, a framework designed for the governance and management of enterprise ICT, is to furnish a strategy that allows both business and ICT organisations to effectively respond to incidents and swiftly adapt to disruptions [19].
The Information Technology Infrastructure Library (ITIL) 4, provides guidance to address service management challenges and utilise the potential of modern technology. It introduces service continuity management practices to guarantee the availability and performance of services in the event of a disaster [20].
The National Fire Protection Association (NFPA) 1600 standard establishes essential criteria for readiness and resilience through a program that encompasses prevention, mitigation, response, continuity, and recovery [21].
These frameworks are organised into activities, objectives, or practices that, when combined with their overarching vision, provide a structured approach to effectively address, guide, diminish, mitigate, manage, or respond to disasters, incidents, or disruptions in business operations or service delivery.

2.2. Problem Identification

To approach the constraint mitigation and identify areas to research, the ISFs were mapped and compared to identify areas not formally covered by those references. Figure 1 illustrates the initial gaps (depicted as red shapes) in the formal delineation of activities found in the primary BCM references for each BCM common component (located in the outer ring). Figure 1 presents the organised activities, objectives, or practices within the ISFs and highlights relevant components of BC within the circle’s centre.
The intention here is to emphasise that despite the complexity and relevance of the references we have reviewed, there appears to be an opportunity to address the gaps identified, particularly concerning the definition of BC metrics. While the standards’ guidance concentrates on the methods, timing, and parties responsible for measurement, they also underscore that organisations need to determine what exactly should be measured.
Score metrics can improve the planner’s involvement and the plan content [23]. They can also improve communication of the plan’s content and activities’ achievements and tendencies between the BC teams and the top management. They also can provide the ability to perform a quick assessment of the quality of the plan.
The definition of the BC teams is not formally addressed in most of the studied ISFs. ISO 22301:2019 states that the organisation needs one more teams responsible for responding to disruptions, with roles and responsibilities. Thus, the BCP must provide guidance and information to assist teams in responding to a disruption [9]. The other standards mention the BC teams as given facts, for example, by considering that the recovery phase must detail a suggested course of action for recovery teams to restore system operations [24].
The existence of BC teams, although relevant for the success of the BCM [25] and, for example, for the BCP exercises [26], is not necessary at all times [27]. Considering this information, this area of research was deferred. The other gaps are partial, considering that some ISFs address them and others do not, and therefore, not eligible to be considered an undervalued research path.
Acknowledging the ISF guidelines, the framework to be developed should also include the best practices and considerations stated in the literature for defining metrics that reveal a particular BC performance or program implementation. The SLR focuses on identifying frameworks, models, and other contributions that address the key areas of interest identified in this paper.
Taking into account the guidelines provided by the ISF, any BC framework should encompass the best practices and insights outlined in the literature for defining metrics that effectively showcase specific aspects of BC performance or program implementation. The research primarily concentrates on pinpointing frameworks, models, and other contributions that tackle the key areas of interest outlined in this paper.

3. Research Methods

Considering that the research aims to develop a new framework, DSR is an appropriate research methodology for the specificity of the problem, in accordance with the model introduced by Peffers et al. [28]. It contributes to complex organisational problem resolution [29] and produces knowledge for model design [30].
Within the context of DSR, the identification of the problem informs the formulation of the solution’s objectives. In this step, we have incorporated the SLR methodology to refine the objectives of the artefact. This combination ensures rigour across the DSR process model steps [28].
An SLR is a means of identifying, evaluating and interpreting all available research relevant to a particular research question, topic area, or phenomenon of interest. Undertaking an SLR following a predefined search strategy allows the completeness of the search to be assessed. Therefore, an SLR can identify and report research that does not support the preferred research hypothesis and identify and report research that supports it [31]. Thus, an SLR can provide the basis for knowledge development and support new paths in a particular field [32]. The SLR results can be synthesised from a different perspective, like a semi-SLR, providing an agenda for further research.

3.1. Objectives for a Solution

The focus of this ongoing study revolves around the multidisciplinary preparation of an organisation’s response to attain a predetermined level of business process continuity during various phases of incidents or disruptive events in daily operations.
The primary aim is to propose, create, and validate a framework that, through a multidisciplinary assessment of organisational maturity in the BC domain, will provide guidance for the development and analysis of crucial elements required for formulating a BCP, with a particular emphasis on ICT systems. A specific objective is to identify and correlate the components and activities of BCM within ISFs, in order to pinpoint gaps and establish a comprehensive framework that offers a holistic perspective on BCP implementation.
The research process integrates the SLR, intending to define the essential components that allow a practical and effective BCP formulation tailored to the unique characteristics of organisations. It is intended to evaluate the relevance and pertinence of each of the activities identified and defined in the components of the BCM to streamline the BCP design and implementation.

3.2. Research Question

One of the most important activities in the protocol is the formulation of the research question, which should identify the existing basis for the work and make clear where the proposed research fits into the current body of knowledge [31]. Hence, the research questions are whether it is possible:
  • to support an organisation and streamline its organisational processes,
  • with the definition of strategic guidelines for implementing a BCP,
  • which allows the formulation of response, restart, recovery, and restoration of business processes, supported by ICT,
  • at a predefined level of operationality,
  • according to the maturity and capacity of the organisation?
Four objectives are identified, underlying the research question, for creating the artefact that should allow the support and streamlining of organisational processes:
  • What components should constitute a framework for implementing a business continuity plan?
  • How comprehensive should the framework be to be usable in organisations?
  • How to adapt the framework to the capacity and specificity of each organisation?
  • How to assess the added value of using the framework in an organisation to measure how it supported and streamlined the design of the business continuity plan?

3.3. The Protocol and Tools

The SLR adheres to the principles outlined in evidence-based software engineering [31] and utilises the Parsifal online tool for assistance.
We employed the population, intervention, comparison, outcome, context (PICOC) protocol. The population affected by the intervention [31] is the organisations. The intervention tool or procedure under study [33] is the framework with “strategic guidelines for business continuity plan implementation”. The intervention will undergo a comparative assessment with other frameworks, and the expected outcome will be a way to “support and streamline organisational processes for defining strategic guidelines to the implementation of a business continuity plan, according to the maturity and capacity of the organisation”. The context or the extended view of the population [33] is “organisations with business processes supported by ICT”.
The keywords to be used in the search string are presented in Table 1.
Because the population (organisation, enterprise) is vast, it is excluded from the keywords and not presented in Table 1. The context can only be retrieved in the data extraction phase of the protocol.
Other synonyms were assessed, for example, “incident response”, “incident management”, “disaster response”, and “disaster resilience”, but the results pointed to areas not in the intervention or context definitions. The phrase “business continuity” or “disaster recovery” expands the results to broad areas, not focusing on strategic guidelines for planning.

3.4. Inclusion and Exclusion Criteria

The exclusion criteria are supported in the research database functions presented in Figure 2 and on criteria that comprehend the reading of the abstract or full content of the publication. Publications published in a year before 2000 (inclusive), in a non-peer-reviewed scientific journal, conference proceedings, or other source (for example, news, report, or electronic resource), or not written in English or Portuguese are excluded.
Publications not accessible or those that are only meta-data are excluded. Publications with BC considerations unrelated to the research question or with no results that support, streamline, or guide BCP implementation are also excluded.
Other exclusion criteria are based on results not transposable to organisations with ICT-based processes:
  • Publication for a specific industry;
  • Publication for a specific disaster or incident;
  • Publication for a specific system;
  • Publication for specific software.
Publications from before 2015 are excluded. Finally, publications can be included if they present relevant results that streamline, support, or guide the BCP implementation. Duplicate publications must be excluded to avoid bias in the results.

4. Search Strategy and Data Extraction

Scopus was selected because it is a comprehensive and curated abstract and citation database, indexing thousands of publishers, including Elsevier, with metrics and analytical tools to support decisions in the SLR [34] and added topic prominence. ScienceDirect contains full-text articles from journals and books, primarily published by Elsevier, but including some hosted societies [35].
We selected EBSCOhost because it indexes peer-reviewed content and other high-quality articles. It also adds searchable subject terms to enhance the classification of the publication. Publications that do not offer author keywords like “business continuity plan” but address the subject will be classified with “business continuity planning” in the subject terms by EBSCOhost curators, selecting two to twelve headings that highlight the main point of the article being indexed. It also has width filtering options and the ability to export the entire results in the BibTex format into one downloadable zip file.

4.1. Search Strategy

Our research used the Scopus, ScienceDirect, and EBSCOhost databases. We prepared Figure 2 to present the flow of filtering used to collect the publications used in this study. Scopus allows the full filtering flow presented to be included in the search string. Using these filters in a search string, ScienceDirect only allows filtering of document type and publication year, and EBSCOhost only allows publication year.
The search used a Boolean string, with only the AND and OR operators, on the searchable fields title (of publication), keywords, and abstract. If no abstract is available, EBSCOhost uses the first 1500 characters of the full text [36]. The PICOC keys and synonyms were included in the string. The words’ conjugations were included if they were a single word or the last word of a phrase. Scopus and EBSCOhost allow the wildcard “*” to streamline the string, ScienceDirect states that its search engine can find all forms of the same word (e.g., “plan” and “planning” using only “plan”), although it only allows eight operators.
Table 2 presents the full string used on each research database.
The keywords in the phrases presented in Table 2 were separated into seven combinations for the Scopus and EBSCOhost databases, including the intervention keywords. ScienceDirect required 13 combinations due to a restriction in the number of operators. Therefore, combinations with comparison and outcome in the same string were not achievable.

4.2. Quality Assessment

Quality relates to the extent to which the study minimises bias, maximises internal and external validity, and provides more detailed inclusion/exclusion criteria [31]. The assessment of study design to guarantee a minimum level of quality explained in [31] has six questions related to the objectives, methodology, literature background, and results [2].
The quality appraisal of each primary study allows for grouping studies by quality before synthesising the results [31]. The results are assessed by assigning quality scores, and a study is omitted if it scores less than 2.5 points [2]. A study earns one point if it fully addresses the question, half a point for a partial response, and no points if it does not address the question at all.

4.3. Data Extraction

The data extraction form was designed to reduce the opportunity for bias and accurately record the information obtained from the primary studies [31]. The data extraction form questions were tested on a sample of primary studies and applied to the 393 quality-assessed publications. They were formulated to question, for example, whether the publication set strategic guidelines for implementing a BCP or was supported by or defined a framework [2].
This step was accomplished using the Parsifal software. This online tool allowed us to consistently assess every publication, share information with the research team, and prepare a summary of the results.

5. Research Results

The first iteration of the SLR considers 1297 non-duplicated publications from the years between 2000 and 2021, and considering all the other criteria presented in Section 4.1. For presentation and comparison purposes, the year 2021 is excluded, giving a total of 1284 publications. A full map of the topics covered by the SLR is presented in [2]. Further information about the BCM components has been published in [1].
The following subsection’s objective is to present the results and document the decision for excluding publications from the SLR.
Thus, as presented in Section 2.2, the basis for this research lies in pinpointing gaps in the established definitions of metrics within the ISFs, aiming to streamline the implementation of a BCP. The ITIL 4, COBIT 2019, CMMI V2.0, ISO 22301:2019, and NFPA 1600 references have all been updated since 2018. Therefore, new considerations, technologies, or methodologies should be now included in the publications since 2018.
However, in the publications’ analysis resulting from the SLR, mentioning the ISF in the publications is scarce when communicating strategic guidelines for continuity planning.

5.1. Publications by Year

Using the search string presented in Section 4.1, the results are distributed according to the elaborated Figure 3, having something related to BCP or disaster recovery plans (DRPs).
The number of publications by year does not reveal the research subject areas. Nonetheless, the number of publications returned using the search string has been increasing since 2001, mainly due to terrorism and natural-disaster-related publications. From 2000 to 2010, the average was 42 publications, doubling in the years after 2010.

5.2. Publications by Journal Title

From the total of 1297 publications, we created Figure 4 to present a selection of the top nine journal titles with publications that can contribute to the research question. All other sources have no publications or one. Figure 4 presents the total amount of sorted data (since 2015).
Analysing the data in Figure 4, the Journal of Business Continuity & Emergency Planning has the highest number of publications between 2000 and 2015. The source with the second largest number of publications is the Journal of Disaster Research.
It should be noted that three of the nine sources presented in Figure 4 refer, in their title, to an area related to ICT, and three of the nine sources have a title that contains the word “disaster” or “continuity”.
There have been 268 publications since 2000 without journal titles, which are, therefore, not included. Nevertheless, they represent mainly EBSCOhost results for books, ebooks, PhD theses, and other miscellaneous sources.

5.3. Publications by Keyword

For all the 1297 publications returned, we devised Figure 5, which reveals the keywords used by the authors combined with non-duplicated keywords introduced by the research databases. There are 7558 keyword occurrences, with 3575 distinct keywords.
Despite the differences, summing “business continuity planning”, “business continuity plan”, and “disaster recovery plan” represents 34% of all the 1297 publications. Risk management or risk assessment are keywords used in 14% of the publications. Considering the broader term of organisational resilience as the ability of an organisation to absorb and adapt to a changing environment [37], other related areas are also represented. The results show that emergency management is referred to within 10% of the set. Crisis management is an area addressed in 6% of the publications.

5.4. Publications That Provide Guidelines and Strategy Considerations

Figure 6 depicts the 143 final publications published since 2015, with the key search terms defined in PICOC. The “total” bar represents the total number of publications that have the term in the keywords, abstract, or title.
The terms “business continuity plan” or “disaster recovery plan” are referenced in 138 publications. Individually they are referred to in 60 abstracts, 33 titles, and 74 keywords. The five publications missing of the 143 total publications were manually added to the SLR.
The terms “guideline”, “guidance”, or “strategy” are referenced in 67 publications. Individually they are referred to in 60 abstracts, six titles and 11 keywords. The amount rises to 72 publications when considering “streamline” and all its synonyms in the search terms. Individually they are referred to in 69 abstracts, nine titles, and four keywords.
Under the term “framework” and its synonyms, they are identified in 96 publications. Individually they are referred to in 95 abstracts, 28 titles, and 13 keywords.
It should be noted that five of the six standards (ITIL, COBIT, CMMI, ISO 22301, and NFPA 1600) studied in this work have been updated since 2018 and, thus, potentially are considered in the 63 publications resulting from the SLR.
All publications use “business continuity plan” or “disaster recovery plan”, and it is relevant to highlight that 20% of all publications suggest a framework, considering the title. Almost half of the publications, in their abstract, refer to the terms “guideline” or “streamline”, possibly suggesting that business continuity planning is an area that needs intervention to reduce development or implementation constraints.

5.5. Publications by Extraction Data Question

Considering the results obtained in the data extraction phase of the SLR process, Figure 7 depicts the 143 publications published since 2015 (inclusive) and quantifies them concerning the contribution to the research, according to the question defined in the data extraction.
About 15% of the publications establish a process of measuring the BCP implementation; however, the majority address specific components of a BCP or BCM. It should be noted that about two-thirds of the publications consider organisations with ICT-supported business processes. Similarly, some publications suggest ways to support and streamline BCP implementation in an organisation.

6. Discussion, a Perspective, and an Outlook for Future Research

Organisations benefit from a framework that directs the mitigation efforts for business disruptions, especially during the BCP design phase. It is acknowledged that there are gaps in assessing the capacity or maturity of achieving these activities; such assessments help to gauge the level of accomplishment compared to the desired functionality for each BC activity.
The SLR presented here was developed with the invaluable help of powerful research databases, with adequate functions and options to search and export the results. The Parsifal software is decisive in registering the protocol and developing and carrying out the quality assessment and data extraction processes. This paper aimed to return studies that provide strategic guidelines for implementing a BCP, considering the initiation constraints and the gaps identified in the ISFs. Therefore, these ISFs are relevant for the SLR studies analysis.
According to all the 1297 publications, 949 studies use the PICOC keywords (BCP or DRP) in the abstract, and 429 studies use them in the subject terms, topic prominence, or author keywords. Considering the combination with the other intervention keywords (guidelines and strategy), the number decreases to 26 studies which mention these in the abstract. No studies use these keywords in author keywords, subject terms, or topic prominence. Furthermore, by combining the intervention (BCP, DRP, strategy, and guidelines) with all ISFs mentioned in this paper, the number of studies is four, with only one since 2018.
We will introduce some areas of research that could be future research paths, either because of a lack of studies or by being innovative or prominent themes. Nevertheless, it is relevant to give a perspective of the results and point to the path forward. We have selected some identified components of the BCM as a perspective of the results.

6.1. Business Continuity

Concerning BC, an overview of the various concepts of BC is presented in Table 3, considering the focus or object that characterises the concept. This analysis aims to provide the various perspectives by which the literature defines BC. Thus, “business continuity” is associated with several research objects.
Because of the variety of research objects exemplified in Table 3, the definition of BC is not unique. BC is a relatively modern management discipline derived from disaster recovery in the 1980s, which began in the mid-1970s [60]. Regarding the perspective of resilience and the organisation’s capacity to deal with a disaster, some authors refer to this capacity in their definition.
The studies in Table 3 present concepts of resilience, disaster, incident, crisis, and emergency as differentiators of the organisation’s response in terms of installed capacity, necessary preparation and readiness, and inherent risk. These differences highlight the need for different strategies for different planning and affect the organisation’s BC differently.

6.2. Business Continuity Management

Implementing an effective BCMS is challenging, demanding, time consuming, and holistic [61]. Consequently, there is a pressing need to streamline the organisational process of implementing a BCP and offer support in this endeavour. Given that SMEs often possess limited resources and expertise for BCMS implementation [15], it becomes essential to devise strategic guidelines for BCP implementation that can flexibly adapt to an organisation’s maturity and capacities.
Regarding motivation, the SLR has furnished the theoretical foundation [31] to underpin the development of a solution to the problem and its associated requirements. Through the SLR, it has been feasible to identify the various components and activities related to BCM from publications spanning the years 2000 to 2021, with a particular emphasis on those published from 2015 onwards. Consequently, it holds significance to identify the BCM components and the associated prerequisites in order to address the identified gaps and alleviate the constraints outlined in Section 1. When designing the BCP, it is crucial to take into account the recommendations offered by the strategic guidelines suggested by the publications resulting from the SLR. All the knowledge accumulated should be synthesised and integrated into a comprehensive set of guidelines aimed at simplifying the organisational processes involved in BCP development.
Table 4 presents a summary of the number of publications grouped by components of the BCM that were used as a basis for understanding the main concerns and areas of interest in the BCM research area.
The data presented in Table 4 underscores the limited volume of publications that address the research objects of support and commitment of top management (administration support), understanding of the organisation, or BC training. It is imperative to take all thematic areas into account when formulating a BCP.
However, the analysis presented in Table 4 revealed more publications addressing the risk assessment, business impact analysis, strategy for the BCM, or the ICT strategy. The BCP and DRP are mentioned in each SLR publication, considering that they are part of the research phrase.
Despite the crucial role of BCP design, it is worth noting that there are no publications specifically focusing on BC teams as a research objective. However, 19 publications do mention this subject within the context of the BCM program.

6.3. BCM Components

The SLR results highlighted some thematic groups in the research, communicated by organisations or studies in the health, oil, banking, or financial organisations activity sectors.
Figure 8 depicts these thematic groups.
Figure 8 (he arrows represent the dependence of the groups) includes thematic research groups in a structural representation of BCM components, as outlined in Table 4. The shapes added to the BCM components in Figure 8 indicate a trend driven by the presence of more publications on these subjects.
Within Figure 8, two significant research areas have been introduced: emergency response and crisis management. Additionally, Figure 8 incorporates the “mass trauma” domain, which encompasses considerations regarding how pandemics or infectious disease outbreaks can impact business processes and the preparations needed to address the resulting events. These considerations should be integrated into the BCP design, including the readiness of teleworking resources supported by ICT.
The broader area of research concerning “natural disasters” is also represented in Figure 8, recognising that natural disasters constitute the most prevalent sources of business process disruptions and sometimes even infrastructure damage. Consequently, the BCP must encompass strategies for dealing with the repercussions of events triggered by natural disasters. It should document alternative arrangements for BC, particularly in regions frequently affected by natural disasters or for teleworking initiatives.
Technical failures, like hardware or software malfunctions, and human threats such as terrorism, are also noted as factors leading to business disruptions in publications, prompting the need for adequate and timely planning. Thus, the strategic guidelines for BCP design must take into account the support and recommendations provided in publications covering these areas.
Among the publications, 42 discuss aspects of BCM program management, while 11 delve into the management of BCM components as projects. For example, out of the 29 publications related to the “administration support” component, 17 address program or project management commitments. “Understanding the organisation” is another relevant perspective, with 17 publications focusing on raising awareness about BC. Concerning organisational culture within BCM programs or projects, 14 publications acknowledge its significant impact on all stages of BCP design and implementation, along with activities related to the plan–do–check–act (PDCA) cycle referenced in the ISFs.
Risk assessment (RA) is a critical step in BCP design, as evidenced by 39 publications dedicated to this topic out of the 167 addressing risk-related issues. Among these, 20 publications offer strategic guidelines for RA. Information security issues feature prominently in 25 publications, with 12 specifically focusing on cybersecurity and cyberattacks. Furthermore, 10 publications delve into data centres and cloud computing, discussing their strategic design and implementation to enhance BCP.
Financial loss risk is a focal point in 10 publications, often serving as a justification for BC investments. Supply chain continuity risk is another concern, highlighted in 12 publications, touching on relationships with service or product providers and outsourcing in 8 publications.
BIA, a crucial aspect of BCP, is the subject of 58 publications. Among them, 15 publications present frameworks or methodologies for addressing BIA, sometimes integrated with risk assessment and BCP. Eight publications relate BIA to information systems and ICT. Five publications address information- and data-related concerns, while six are dedicated to recovery objectives. Moreover, 11 publications explore strategies for analysing the impact of natural disasters.
The ICT strategy, a component of the BCM strategy, garners 129 publications in total, with 33 offering clear ICT strategy guidelines. Within this category, 23 publications focus on information security, and 11 provide specific strategic planning guidelines for addressing cybersecurity incidents.
Within the “ICT strategy” guidelines, there is a substantial focus on improving data centre provisions, as indicated by 30 publications. Out of this subset, 11 publications centre on cloud computing, and three delve into virtualisation issues. Backups and their restoration are discussed in seven publications, with five addressing network-related concerns. Specific guidelines for information systems are presented in three publications, while change management, specifically in the context of change requests for the ICT infrastructure, is explored in five publications.

7. Conclusions

Within the BCP, which serves as a key artefact in BCM, solutions and circumstances are planned to expedite the process of returning the business to its standard operational state. In this regard, organisations seek support for the design and/or implementation of a BCP and/or for the BCM, which conveys the guarantee that they are capable, or that they are prepared, to respond effectively and efficiently to a business interruption. This work established that the amount of publications related to BC planning is significant, and that the publications are mainly obtained from natural disaster communication. It has further solidified the assertion that the constraints and limitations associated with BC will invariably impact organisations, encompassing their personnel, processes, and technology. One path of research is to carry out a study that quantifies and/or qualifies the constraints felt by the different dimensions of an organisation and sectors of activity.
As identified, a significant number of authors tend to report their experience in applying business continuity and disaster recovery solutions and report good practices in their implementation. Thus, considering that the ISFs have been updated since 2018, there is space to report success stories with the application of the new ISFs and to report the main practical or methodological changes that have produced or are expected to produce different results.
The results show that cybersecurity fits especially within the scope of disaster recovery. However, some studies indicate that awareness and organisational culture can prevent the exploitation of vulnerabilities and reduce threats. In this way, comprehensive business continuity management gains value by including IT security issues in the BCM processes. Thus, it is considered relevant to understand whether the efficiency and effectiveness of information security integration in the BCMS are enhanced by a targeted approach or taken out of the context of a BCMS. In particular, it is relevant to understand whether the training, tests, and exercises planned by the DR could have increased their value, efficiency, or effectiveness if they were included and managed by the BCMS.
Analysing the results of this work, it is observed that the number of studies on the importance of setting up teams is minimal. Despite the importance of designing a BCP, there are no publications with BC teams as a research objective, although there are 19 publications that mention the topic in the BCM program. A potential future research path is to evaluate the impact of the creation and maintenance of BC teams with the due formalities described in the ISFs. The research could question whether the BC teams allow the streamlining of organisational processes that culminate in the design and implementation of a BCP and the capacity or quality of the organisation’s response to an incident or disaster.
The SLR has yielded a limited number of publications addressing the aspects of what should be measured and the key metrics associated with each component or activity within BCM. Measurement is essential for gauging the level of accomplishment relative to desired outcomes for a given BCM activity. Developing metrics and analysing their outcomes can highlight areas requiring action to enhance BC preparedness and response readiness for business interruptions or incidents. While project success is measured upon completion, performance measurement is an ongoing process throughout the project’s lifecycle [62].
In terms of publications dealing with the subject of what should be measured, there is a noticeable gap in understanding which metrics are suitable for evaluating the capacity or maturity of BCM activities. Nevertheless, numerous publications strive to enhance the comprehension of BCM components or activity outcomes. However, the number of publications explicitly detailing metrics remains limited, with most of them primarily focused on justifying investments in the BCM program, conducting risk assessments, or delineating metrics related to specific ICT systems.
The final result of our research will contribute to the understanding of the importance of measuring the implementation of the BCP and how to strategically guide stakeholders on what needs to be achieved within the scope of the BCM to comply with good practice in the literature and standards.
In future work, it is recommended to evaluate the impact of adopting the proposed artefact in pilot organisations and report the results to the scientific and professional community.

Author Contributions

Conceptualisation, N.R., H.S.M. and L.R.; methodology, N.R., H.S.M. and L.R.; formal analysis, N.R.; investigation, N.R.; data curation, N.R.; writing—original draft preparation, N.R.; writing—review and editing, N.R., H.S.M., L.R., J.M. and F.B.; supervision, H.S.M. and L.R.; funding acquisition, N.R. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Not applicable.

Conflicts of Interest

The authors declare no conflict of interest.

Abbreviations

The following abbreviations are used in this manuscript:
BCBusiness continuity
BCMBusiness continuity management
BCMSBusiness continuity management system
BCPBusiness continuity plan
BIABusiness impact analysis
CMMICapability Maturity Model Integration
COBITControl Objectives for Information and Related Technology
DRDisaster recovery
DRPDisaster recovery plan
DSRDesign science research
ICTInformation and communication technology
ISFsInternational standards and frameworks
ISOInternational Organisation for Standardisation
ITILInformation Technology Infrastructure Library
NFPANational Fire Protection Association
PICOCPopulation, intervention, comparison, outcome, context
RARisk assessment
SLRSystematic literature review
SMEsSmall or medium-sized enterprises

References

  1. Russo, N.; Mamede, H.S.; Reis, L.; Silveira, C. FAMMOCN—Demonstration and evaluation of a framework for the multidisciplinary assessment of organisational maturity on business continuity. Heliyon 2022, 8, e10566. [Google Scholar] [CrossRef]
  2. Russo, N.; Reis, L.; Silveira, C.; Mamede, H.S. Towards a Comprehensive Framework for the Multidisciplinary Evaluation of Organizational Maturity on Business Continuity Program Management: A Systematic Literature Review. Inf. Secur. J. A Glob. Perspect. 2023. [Google Scholar] [CrossRef]
  3. Ramakrishnan, R.K.; Viswanathan, S. The Importance of Business Strategy in Business Continuity Planning. In The Definitive Handbook of Business Continuity Management, 3rd ed.; Wiley & Sons: Hoboken, NJ, USA, 2011; pp. 31–35. [Google Scholar]
  4. Cerullo, V.; Cerullo, M.J.; Planning, B.C. Business continuity planning: A comprehensive approach. J. Inf. Syst. Manag. 2004, 21, 70–78. [Google Scholar] [CrossRef]
  5. Hibberd, G. Developing a BCM Strategy in Line with Business Strategy. In The Definitive Handbook of Business Continuity Management, 3rd ed.; John Wiley & Sons, Ltd.: West Sussex, UK, 2011. [Google Scholar]
  6. Shi, Y.; Kwak, W.; Lee, H.; Lee, C.-F. Capital Budgeting with Multiple Criteria and Multiple Decision Makers: A Fuzzy Approach. J. Adv. Comput. Intell. Intell. Inform. 2001, 5, 139–148. [Google Scholar] [CrossRef]
  7. Okabe, S.; Nagahira, A. Significant factors for implementing BCP. J. Disaster Res. 2013, 8, 773–780. [Google Scholar] [CrossRef]
  8. Brás, J. Bootstrapping Enterprise Models with Business Continuity Processes and DEMO. Master’s Thesis, Universidade Lusófona, Porto, Portugal, 2018. [Google Scholar]
  9. ISO 22301; Societal Security—Business Continuity Management Systems—Requirements. ISO: Geneva, Switzerland, 2019.
  10. PMI. A Guide to the Project Management Body of Knowledge (PMBOK® Guide), 6th ed.; Project Management Institute: Newtown Square, PA, USA, 2017. [Google Scholar]
  11. Russo, N.; Reis, L. Chapter 10—Methodological Approach to Systematization of Business Continuity in Organizations. In Handbook of Research on Multidisciplinary Approaches to Entrepreneurship, Innovation, and ICTs; IGI Global: Hershey, PA, USA, 2020. [Google Scholar]
  12. Russo, N.; Reis, L. Updated analysis of business continuity issues underlying the certification of invoicing software, considering a pandemic scenario. Adv. Sci. Technol. Eng. Syst. J. 2020, 5, 845–852. [Google Scholar] [CrossRef]
  13. Fani, S.V.; Subriadi, A.P.; Plan, B.C. Business continuity plan: Examining of multi-usable framework. Pcedia Comput. Sci. 2019, 161, 275–282. [Google Scholar] [CrossRef]
  14. Hamid, A.H.A. Limitations and challenges towards an effective business continuity management in Nuklear Malaysia. In IOP Conference Series: Materials Science and Engineering, Proceedings of the International Nuclear Science, Technology and Engineering Conference 2017 (iNuSTEC2017), Selangor, Malaysia, 25–27 September 2017; IOP Publishing Ltd.: Bristol, UK, 2018; Volume 298. [Google Scholar]
  15. Kato, M.; Charoenrat, T. Business continuity management of small and medium sized enterprises: Evidence from Thailand. Int. J. Disaster Risk Reduct. 2018, 27, 577–587. [Google Scholar] [CrossRef]
  16. Sahebjamnia, N.; Torabi, S.A.; Mansouri, S. Integrated business continuity and disaster recovery planning: Towards organizational resilience. Eur. J. Oper. Res. 2015, 242, 261–273. [Google Scholar] [CrossRef]
  17. Wong, W.N.Z. The strategic skills of business continuity managers: Putting business continuity management into corporate long-term planning. J. Bus. Contin. Emerg. Plan. 2009, 4, 62–68. [Google Scholar]
  18. Institute, C.M.I. Capability Maturity Model Integration (CMMI)® V2.0; MMI Institute: Pittsburgh, PA, USA, 2018. [Google Scholar]
  19. ISACA. COBIT 2019 Framework—Governance and Management Objectives; ISACA: Schaumburg, IL, USA, 2018. [Google Scholar]
  20. ITIL. ITIL Foundation ITIL, 4th ed.; AXELOS: London, UK, 2019. [Google Scholar]
  21. NFPA 1600; NFPA 1600® Standard on Continuity, Emergency, and Crisis Management. National Fire Protection Association: Quincy, MA, USA, 2019.
  22. Russo, N.; Reis, L.; Silveira, C.; Mamede, H.S. Framework for designing Business Continuity—Multidisciplinary Evaluation of Organizational Position Paper. In Proceedings of the 16th Iberian Conference on Information Systems and Technologies (CISTI), Chaves, Portugal, 23–26 June 2021. [Google Scholar]
  23. Olson, A.; Anderson, J. Resiliency scoring for business continuity plans. J. Bus. Contin. Emerg. Plan. 2016, 10, 31–43. [Google Scholar]
  24. NIST. NIST Special Publication 800-34 Rev. 1—Contingency Planning Guide for Federal Information Systems; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2010. [Google Scholar]
  25. Sawalha, I.; Anchor, J.; Meaton, J. Continuity culture: A key factor for building resilience and sound recovery capabilities. Int. J. Disaster Risk Sci. 2015, 6, 428–437. [Google Scholar] [CrossRef]
  26. Turner, T. How to build and implement a global corporate HR disaster management system. J. Bus. Contin. Emerg. Plan. 2007, 1, 252–260. [Google Scholar]
  27. Clark, P. Contingency Planning and Strategies. In Proceedings of the 2010 Information Security Curriculum Development Conference, Kennesaw, Georgia, 1–3 October 2010. [Google Scholar]
  28. Peffers, K.; Tuunanen, T.; Rothenberger, M.A.; Chatterjee, S. A Design Science Research Methodology for Information Systems Research. J. Manag. Inf. Syst. 2007, 24, 45–77. [Google Scholar] [CrossRef]
  29. Hevner, A.R.; March, S.T.; Park, J.; Ram, S. Design Science in Information Systems Research. Manag. Inf. Syst. Q. 2004, 28, 75–105. [Google Scholar] [CrossRef]
  30. Ferreira, I.; Ferreira, S.; Silva, C.; Carvalho, J. Dilemas iniciais na investigação em TSI: Design science e design research, uma clarificação de conceitos. In Proceedings of the Conferencia Ibérica de Sistemas y Tecnologias de Informacíon (7ª CISTI), Madrid, Spain, 20–23 June 2012. [Google Scholar]
  31. Kitchenham, B. Procedures for Performing Systematic Reviews; Keele University: Keele, UK, 2004. [Google Scholar]
  32. Snyder, H. Literature review as a research methodology: An overview and guidelines. J. Bus. Res. 2019, 104, 333–339. [Google Scholar] [CrossRef]
  33. Wohlin, C.; Runeson, P.; Höst, M.; Ohlsson, M.C.; Regnell, B.; Wesslén, A. Experimentation in Software Engineering; Springer Publishing Company: Berlin/Heidelberg, Germany, Incorporated; 2012. [Google Scholar]
  34. Elsevier. Discover Why the World’s Leading Researchers and Organizations Choose Scopus; Elsevier: Amsterdam, The Netherlands, 2022; Available online: https://www.elsevier.com/solutions/scopus/why-choose-scopus (accessed on 23 September 2022).
  35. Elsevier. What Is the Difference between Science Direct and Scopus Data? Elsevier B.V.: Amsterdam, The Netherlands, 3 December 2018; Available online: https://service.elsevier.com/app/answers/detail/a_id/28240/supporthub/agrm/p/15838/ (accessed on 23 September 2022).
  36. EBSCOConnect. Hello—How Can We Help? 2021. Available online: https://connect.ebsco.com/s/?language=en_US (accessed on 22 January 2021).
  37. ISO 22316; Security and Resilience—Organizational Resilience—Principles and Attributes. ISO: Geneva, Switzerland, 2017.
  38. King, D.L. Moving Towards a Business Continuity Culture. Netw. Secur. 2003, 2003, 12–17. [Google Scholar] [CrossRef]
  39. Ernest-Jones, T. Business continuity strategy—The life line. Netw. Secur. 2005, 2005, 5–9. [Google Scholar] [CrossRef]
  40. Burtles, J. The hexagon hypothesis: Six disruptive scenarios. J. Bus. Contin. Emerg. Plan. 2015, 9, 60–69. [Google Scholar]
  41. Speight, P. Business Continuity. J. Appl. Secur. Res. 2011, 6, 529–554. [Google Scholar] [CrossRef]
  42. Adamou, C. Business continuity management in international organisations. J. Bus. Contin. Emerg. Plan. 2014, 7, 221–229. [Google Scholar]
  43. Păunescu, C.; Argatu, R. Critical functions in ensuring effective business continuity management. Evid. Rom. Companies. J. Bus. Econ. Manag. 2020, 21, 497–520. [Google Scholar]
  44. Labus, M.; Despotović-Zrakić, M.; Bogdanović, Z.; Barać, D.; Popović, S. Adaptive E-Business Continuity Management: Evidence from the Financial Sector. Comput. Sci. Inf. Syst. 2020, 17, 553–580. [Google Scholar] [CrossRef]
  45. McClain, M.A. Employee crisis communication and disaster assistance planning: Providing disaster assistance to employees and their families. J. Bus. Contin. Emerg. Plan. 2007, 1, 213–220. [Google Scholar]
  46. Alhazmi, O.H.; Malaiya, Y.K. Assessing Disaster Recovery Alternatives: On-Site, Colocation or Cloud. In Proceedings of the 2012 IEEE 23rd International Symposium on Software Reliability Engineering Workshops, Dallas, TX, USA, 27–30 November 2012. [Google Scholar]
  47. Iovan, S.; Ivanus, C.; Recovery, D.; Continuity, B. “Constantin Brancusi” University of Targu-Jiu. Econ. Ser. 2013, 4, 153–158. [Google Scholar]
  48. Suguna, S.; Suhasini, A. Overview of data backup and disaster recovery in cloud. In Proceedings of the International Conference on Information Communication and Embedded Systems (ICICES2014), Chennai, India, 27–28 February 2014. [Google Scholar]
  49. Brás, J.; Guerreiro, S. Designing Business Continuity Processes Using DEMO: An Insurance Company Case Study. In Enterprise a—Nd Organizational Modeling and Simulation; Pergl, R., Molhanec, M., Babkin, E., Fosso Wamba, S., Eds.; Lecture Notes in Business Information Processing 272; EOMAS: Ljubljana, Slovenia, 2016. [Google Scholar]
  50. Budiman, K.; Arini, F.; Sugiharti, E. Disaster recovery planning with distributed replicated block device in synchronized API systems. J. Phys. Conf. Ser. 2020, 1567. [Google Scholar] [CrossRef]
  51. Tjoa, S.; Jakoubi, S.; Quirchmayr, G. Enhancing Business Impact Analysis and Risk Assessment Applying a Risk-Aware Business Process Modeling and Simulation Methodology. In Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, Barcelona, Spain, 4–7 March 2008. [Google Scholar]
  52. Spremic, M. Considering It Governance Mechanisms in Business Continuity Management. An Enterprise Odyssey. In International Conference Proceedings; Faculty of Economics and Business, University of Zagreb: Zagreb, Croatia, 2014; pp. 732–745. [Google Scholar]
  53. Niemimaa, M. Interdisciplinary Review of Business Continuity from an Information Systems Perspective: Toward an Integrative Framework. Commun. Assoc. Inf. Syst. 2015, 37, 69–102. [Google Scholar] [CrossRef]
  54. Orikasa, V.T.I.V.H.; Yoshida, V.T. Fujitsu’s Business Continuity Plan Development Methodology. Fujitsu Sci. Tech. J. 2007, 43, 168–177. [Google Scholar]
  55. Benyoucef, M.; Forzley, S. Business Continuity Planning and Supply Chain Management. Supply Chain. Forum Int. J. 2007, 8, 14–22. [Google Scholar] [CrossRef]
  56. Arenas, A.E.; Massonet, P.; Ponsard, C.; Aziz, B. Goal-Oriented Requirement Engineering Support for Business Continuity Planning. In Advances in Conceptual Modeling, Proceedings of the ER 2015 Workshops AHA, CMS, EMoV, MoBID, MORE-BI, MReBA, QMMQ, and SCME, Stockholm, Sweden, 19–22 October 2015; Springer International Publishing: Berlin/Heidelberg, Germany, 2015. [Google Scholar]
  57. Pramudya, G.; Fajar, A. Business continuity plan using ISO 22301:2012 in IT solution company (pt. ABC). Int. J. Mech. Eng. Technol. 2019, 10, 865–872. [Google Scholar]
  58. Rinehardt, C. Business continuity: Mitigating and responding to ensure continuous customer support. Transfusion 2010, 50, 1604–1607. [Google Scholar] [CrossRef] [PubMed]
  59. Valackienė, A.; Žostautienė, D. Changes Management as the Presumption for Business Continuity. Changes Soc. Bus. Environ. 2013, 5, 207–212. [Google Scholar]
  60. Herbane, B. The evolution of business continuity management: A historical review of practices and drivers. Bus. Hist. 2010, 52, 978–1002. [Google Scholar] [CrossRef]
  61. Aronis, S.; Stratopoulos, G. Implementing business continuity management systems and sharing best practices at a European bank. J. Bus. Contin. Emerg. Plan. 2016, 9, 203–217. [Google Scholar]
  62. Müller, R. Governance, governmentality and project performance: The role of sovereignty. Int. J. Inf. Syst. Proj. Manag. 2019, 7, 5–17. [Google Scholar] [CrossRef]
Applsci 13 11846 g001
Figure 1. BCMS components, relevant activities, and gap analysis. Source: [22].
Figure 1. BCMS components, relevant activities, and gap analysis. Source: [22].
Applsci 13 11846 g001
Applsci 13 11846 g002
Figure 2. Search string filtering flow. Source: own development (2023).
Figure 2. Search string filtering flow. Source: own development (2023).
Applsci 13 11846 g002
Applsci 13 11846 g003
Figure 3. Number of publications between 2000 and 2020. Source: own development (2023).
Figure 3. Number of publications between 2000 and 2020. Source: own development (2023).
Applsci 13 11846 g003
Applsci 13 11846 g004
Figure 4. Number of publications by journal title. Source: own development (2023).
Figure 4. Number of publications by journal title. Source: own development (2023).
Applsci 13 11846 g004
Applsci 13 11846 g005
Figure 5. Number of publications by keyword used. Source: own development (2023).
Figure 5. Number of publications by keyword used. Source: own development (2023).
Applsci 13 11846 g005
Applsci 13 11846 g006
Figure 6. Number of publications by search term in keywords, title, or abstract. Source: own development (2023).
Figure 6. Number of publications by search term in keywords, title, or abstract. Source: own development (2023).
Applsci 13 11846 g006
Applsci 13 11846 g007
Figure 7. Number of publications by extraction data question. Source: own development (2023).
Figure 7. Number of publications by extraction data question. Source: own development (2023).
Applsci 13 11846 g007
Applsci 13 11846 g008
Figure 8. Areas represented in the publications included in the SLR. Source: [2].
Figure 8. Areas represented in the publications included in the SLR. Source: [2].
Applsci 13 11846 g008
Table 1. Keywords and synonyms.
Table 1. Keywords and synonyms.
PICOCKeywordSynonym
Intervention Ibusiness continuity plandisaster recovery plan
Intervention IIguidelineguidance
strategy
Comparisonframeworkapproach
methodology
procedure
program
Outcomestreamlineagile, optimise, improve
encourage, bolster, support
boost, expedite, speed up, increase
Table 2. Specific database strings used.
Table 2. Specific database strings used.
DatabaseFull String
EBSCOhost(“business continuity plan *” OR “disaster recovery plan *”) AND (guidelin * OR strateg * OR guidance *) AND (framework * OR approach * OR methodology * OR procedur * OR program *) AND (streamlin * OR bolster * OR encourage * OR expedit * OR optimiz * OR “speed up” OR support * OR improv * OR boost * OR assist * OR increase * OR agil *)
Scopus(“business continuity plan *” OR “disaster recovery plan *”) AND (guideline * OR strateg * OR guidance *) AND (framework * OR approach * OR methodolog * OR procedur * OR program *) AND (streamlin * OR bolster * OR encourag * OR expedit * OR optimiz * OR “speed up” OR support * OR improv * OR boost * OR assist * OR increas * OR agil *)
ScienceDirect(“business continuity plan” OR “disaster recovery plan”) AND (guideline OR strategy OR strategical OR guidance) AND (framework OR approach OR methodology OR methodological OR procedure OR program) AND (streamline OR bolster OR encourage OR expedite OR optimize OR “speed up” OR support OR improve OR boost OR assist OR increase OR agile)
* Any combination of characters.
Table 3. Research objects in the BC area.
Table 3. Research objects in the BC area.
Research ObjectMain Studies
BC Culture[38]
Strategy[3,39,40,41]
BC Management[17,42,43,44]
Crisis communication and Disaster Planning[45,46,47,48,49,50]
Risk Management and Business Impact Analysis (BIA)[51]
Contingency Planning[27]
ICT Governance in BCM[52]
Information Systems Continuity[53]
BCP[13,54,55,56,57]
Supply Chain Management[55]
Continuous Support to Customer[58]
Change Management[59]
Table 4. Quantitative synthesis of publications by BCM component.
Table 4. Quantitative synthesis of publications by BCM component.
BCM ComponentNumber of Publications
Administration Support29
BC Teams19
Understanding the Organisation31
Risk Assessment167
Business Impact Analysis58
BCM Strategy121
ICT Strategy129
Alternatives to Critical Functions26
BCP Design and Implementation163
BC Training20
BCP Testing, Maintenance, and Analysis68
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Russo, N.; Mamede, H.S.; Reis, L.; Martins, J.; Branco, F. Exploring a Multidisciplinary Assessment of Organisational Maturity in Business Continuity: A Perspective and Future Research Outlook. Appl. Sci. 2023, 13, 11846. https://doi.org/10.3390/app132111846

AMA Style

Russo N, Mamede HS, Reis L, Martins J, Branco F. Exploring a Multidisciplinary Assessment of Organisational Maturity in Business Continuity: A Perspective and Future Research Outlook. Applied Sciences. 2023; 13(21):11846. https://doi.org/10.3390/app132111846

Chicago/Turabian Style

Russo, Nelson, Henrique São Mamede, Leonilde Reis, José Martins, and Frederico Branco. 2023. "Exploring a Multidisciplinary Assessment of Organisational Maturity in Business Continuity: A Perspective and Future Research Outlook" Applied Sciences 13, no. 21: 11846. https://doi.org/10.3390/app132111846

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop