JDR Vol.15 No.5 pp. 546-555
doi: 10.20965/jdr.2020.p0546


Business Continuity Management: A Preliminary Systematic Literature Review Based on ScienceDirect Database

Kananut Charoenthammachoke*1, Natt Leelawat*1,*2,†, Jing Tang*3, and Akira Kodaka*4

*1Department of Industrial Engineering, Faculty of Engineering, Chulalongkorn University
254 Phayathai Road, Pathumwan, Bangkok 10330, Thailand

*2Disaster and Risk Management Information Systems Research Group, Chulalongkorn University, Bangkok, Thailand

Corresponding author

*3International School of Engineering, Faculty of Engineering, Chulalongkorn University, Bangkok, Thailand

*4Graduate School of System Design and Management, Keio University, Kanagawa, Japan

December 16, 2019
June 29, 2020
August 1, 2020
BCM, business continuity management, systematics literature review

Business Continuity Management (BCM) is commonly known as one of the most effective programs to use in the face of crisis, incident, and disaster, specifically for organizations to continue or resume their operations. Over time, the concept has gained popularity and has developed into one of the strategies in a resilience plan. The purpose of this study is to explore the trend of BCM, the subject, and the relationship between BCM and associated study fields through a preliminary systematic literature review. This research used the articles from ScienceDirect database from January 1, 1999, to December 31, 2018. This study analyzed the collected articles using their publication years, journal titles, countries, and relevant study fields. The result found that several papers have been published since 1999, which focus predominantly on the BCM standard. The rate of publication on BCM had escalated in 2015. There were 82 papers about BCM. The issues were categorized into ten main subjects. Among them, the most frequently mentioned are Information Technology (IT) security, followed by implementing BCM into diverse study disciplines, implementing new toolkits into BCM associated studies, BCM improvement, resilience, lessons learned, supply chain, and BCM advantages. The gap of the research lays a foundation for future studies in similar fields.

Cite this article as:
K. Charoenthammachoke, N. Leelawat, J. Tang, and A. Kodaka, “Business Continuity Management: A Preliminary Systematic Literature Review Based on ScienceDirect Database,” J. Disaster Res., Vol.15 No.5, pp. 546-555, 2020.
Data files:
  1. [1] M. Wahlstrom and D. Guha-Sapir, “The human cost of natural disasters 2015: a global perspective,” Centre for Research on the Epidemiology of Disasters (CRED), 2015.
  2. [2] A. Hiles, “The Definitive Handbook of Business Continuity Management,” 2nd edition, Wiley, John & Sons, 1994.
  3. [3] I. S. Papapdakis and W. T. Ziemba, “Derivative Effects of the 1999 Earthquake in Taiwan to U.S. Personal Computer Manufacturers,” P. R. Kleindorfer and M. R. Sertel (Eds.), “Mitigation and Financing of Seismic Risk: Turkish and International Perspectives,” NAIV Science Series Volume 3, pp. 261-276, Springer, 2001.
  4. [4] K. Kamei, “How the Great East Japan earthquake affected corporate risk management,” Faculty of Societal Safety Sciences, Kansai University (Ed.), “The Fukushima and Tohoku Disaster: A Review of the Five-Year Reconstruction Efforts,” pp. 217-234, Butterworth-Heinemann, 2018.
  5. [5] G. M. Heng and J. Wong, “Business Continuity Planning for Small and Medium-Sized Enterprises,” APEC summit on Promoting SME Business Continuity Planning: Best Practices of SMEs’ Employment of Business Continuity Planning, 2015.
  6. [6] P. Thammarux, N. Leelawat, and M. Matsuoka, “Seismic hazard evaluation system development for BCP assessment of Thai tourist startups,” Proc. of the 7th Asia Conf. on Earthquake Engineering (7ACEE), 2018.
  7. [7] S. Sapapthai, N. Leelawat, J. Tang, A. Kodaka, C. Chintanapakdee, E. Ino, and K. Watanabe, “Stakeholder Analysis Approach for Area Business Continuity Management: A Systematic Review,” J. Disaster Res., Vol.15, No.5, 2020.
  8. [8] K. Meechang, N. Leelawat, J. Tang, A. Kodaka, and C. Chintanapakdee, “The acceptance of using information technology for disaster risk management: A systematic review,” Engineering J., Vol.24, No.4, 2020.
  9. [9] C. Pounder, “The revised version of BS7799 – so what’s new?,” Comput. Secur., Vol.18, Issue 4, pp. 307-311, 1999.
  10. [10] T. P. Lillywhite, “Implementing BS7799 in the UK National Health Service,” Comput. Fraud. Secur., Vol.2004, Issue 2, pp. 4-8, 2004.
  11. [11] J. S. Broderick, “ISMS, security standards and security regulations,” Inf. Secur. Tech. Rep., Vol.11, Issue 1, pp. 26-31, 2006.
  12. [12] F. Gibb, S. Buchanan, and S. Shah, “An integrated approach to process and service management,” Int. J. Inf. Manag., Vol.26, Issue 1, pp. 44-58, 2006.
  13. [13] Q.-J. Yeh and A. J.-T. Chang, “Threats and countermeasures for information system security: A cross-industry study,” Inf. Manag., Vol.44, Issue 5, pp. 480-491, 2007.
  14. [14] D. V. Forte, “The role of the Information Security Manager in cutting-edge companies,” Netw. Secur., Vol.2009, Issue 8, pp. 4-5, 2009.
  15. [15] M. S. Saleh and A. Alfantookh, “A new comprehensive framework for enterprise information security risk management,” Appl. Comput. Inform., Vol.9, Issue 2, pp. 107-118, 2011.
  16. [16] K. J. Mizgier, M. Hora, S. M.Wagner, and M. P. Jüttner, “Managing operational disruptions through capital adequacy and process improvement,” Eur. J. Oper. Res., Vol.245, Issue 1, pp. 320-332, 2015.
  17. [17] P. Neirotti and E. Paolucci, “Assessing the strategic value of Information Technology: An analysis on the insurance sector,” Inf. Manag., Vol.44, Issue 6, pp. 568-582, 2007.
  18. [18] B. Van de Walle and A.-F. Rutkowski, “A fuzzy decision support system for IT Service Continuity threat assessment,” Decis. Support. Syst., Vol.42, Issue 3, pp. 1931-1943, 2006.
  19. [19] J. Järveläinen, “IT incidents and business impacts: Validating a framework for continuity management in information systems,” Int. J. Inf. Manag., Vol.33, Issue 3, pp. 583-590, 2013.
  20. [20] Y.-P. Ou Yang, H.-M. Shieh, and G.-H. Tzeng, “A VIKOR technique based on DEMATEL and ANP for information security risk control assessment,” Inf. Sci., Vol.232, pp. 482-500, 2013.
  21. [21] S.-H. Li, D. C. Yen, S.-C. Chen, P. S. Chen, W.-H. Lu, and C.-C. Cho, “Effects of virtualization on information security,” Comput Stand. Interfaces, Vol.42, pp. 1-8, 2015.
  22. [22] S. M. Haghighi and S. A. Torabi, “A novel mixed sustainability-resilience framework for evaluating hospital information systems,” Int. J. Med. Inf., Vol.118, pp. 16-28, 2018.
  23. [23] A. Herrera and L. Janczewski, “Issues in the Study of Organisational Resilience in Cloud Computing Environments,” Proced. Tech., Vol.16, pp. 32-41, 2014.
  24. [24] D. D. C. Alves, M. Manhães, and G. D. Almeida, “Business Continuity Management (BCM) Applied to Transpetro’s National Operational Control Center – CNCO,” Proced. Comput. Sci., Vol.55, pp. 431-440, 2015.
  25. [25] S. Unnikrishnan, R. Iqbal, A. Singh, and I. M. Nimkar, “Safety Management Practices in Small and Medium Enterprises in India,” Saf. Health Work., Vol.6, Issue 1, pp. 46-55, 2015.
  26. [26] L. Jingye and T. Takehiro, “Practical Process for Introducing Smart Business Continuity Management of Smart City in Japan,” Proced. Eng., Vol.146, pp. 288-295, 2016.
  27. [27] M. Niemimaa, “Information systems continuity process: Conceptual foundations for the study of the ‘social’,” Comput. Secur., Vol.65, pp. 1-13, 2017.
  28. [28] E. Taniguchi, R. G. Thompson, and T. Yamada, “Incorporating risks in City Logistics,” Proced. Soc. Behav. Sci., Vol.2, Issue 3, pp. 5899-5910, 2010.
  29. [29] A. C. S. Linney, W. G. Kernohan, and R. Higginson, “The identification of competencies for an NHS response to chemical, biological, radiological, nuclear and explosive (CBRNe) emergencies,” Int. Emerg. Nurs., Vol.19, Issue 2, pp. 96-105, 2011.
  30. [30] B. Anderson and P. Adey, “Governing events and life: ‘Emergency’ in UK Civil Contingencies,” Political. Geogr., Vol.31, Issue 1, pp. 24-33, 2012.
  31. [31] A. Aleksić, M. Stefanović, S. Arsovski, and D. Tadić, “An assessment of organizational resilience potential in SMEs of the process industry, a fuzzy approach,” J. Loss Prev. Process Ind., Vol.26, Issue 6, pp. 1238-1245, 2013.
  32. [32] M. McGuinness and N. Johnson, “Exploiting Social Capital and Path-dependent Resources for Organisational Resilience: Preliminary Findings from a Study on Flooding,” Proced. Econ. Financ., Vol.18, pp. 447-455, 2014.
  33. [33] H. S. Loh and V. V. Thai, “Managing Port-Related Supply Chain Disruptions: A Conceptual Paper,” Asian J. Shipp. Logist., Vol.30, Issue 1, pp. 97-116, 2014.
  34. [34] S. A. Torabi, H. R. Soufi, and N. Sahebjamnia, “A new framework for business impact analysis in business continuity management (with a case study),” Saf. Sci., Vol.68, pp. 309-323, 2014.
  35. [35] S. A. Torabi, R. Giahi, and N. Sahebjamnia, “An enhanced risk assessment framework for business continuity management systems,” Saf. Sci., Vol.89, pp. 201-218, 2016.
  36. [36] M. Rabbani, H. R. Soufi, and S. A. Torabi, “Developing a two-step fuzzy cost–benefit analysis for strategies to continuity management and disaster recovery,” Saf. Sci., Vol.85, pp. 9-22, 2016.
  37. [37] B. Loganayagi and S. Sujatha, “Enhanced Cloud Security by Combining Virtualization and Policy Monitoring Techniques,” Proced. Eng., Vol.30, pp. 654-661, 2012.
  38. [38] J. Kuroiwa, “Peru sustainable (resilient) cities programme 1998–2012. Its application 2014–2021,” Proced. Econ. Financ., Vol.18, pp. 408-415, 2014.
  39. [39] T. Gore and T. B. Fischer, “Uncovering the factors that can support and impede post-disaster EIA practice in developing countries: The case of Aceh Province, Indonesia,” Environ. Impact. Assess. Rev., Vol.44, pp. 67-75, 2014.
  40. [40] U. Soni, V. Jain, and S. Kumar, “Measuring supply chain resilience using a deterministic modeling approach,” Comput. Ind. Eng., Vol.74, pp. 11-25, 2014.
  41. [41] F. Schättera, O. Hansenb, M. Herrmannsdörferb, M. Wiensa, and F. Schultmann, “Conception of a Simulation Model for Business Continuity Management Against Food Supply Chain Disruptions,” Proced. Eng., Vol.107, pp. 146-153, 2015.
  42. [42] K. J. Mizgier, S. M. Wagner, and M. P. Jüttner, “Disentangling diversification in supply chain networks,” Int. J. Prod. Econ., Vol.162, pp. 115-124, 2015.
  43. [43] Z. Zeng and E. Zio, “An integrated modeling framework for quantitative business continuity assessment,” Process. Saf. Environ. Prot., Vol.106, pp. 76-88, 2017.
  44. [44] A. Wibowo, Diana, M. Subekti, and Hendro, “Building Scalable and Resilient Database System to Mitigate Disaster and Performance Risks,” Proced. Comput. Sci., Vol.135, pp. 25-34, 2018.
  45. [45] Q.-Y. Sun, X.-Y. Li, and F. Yu, “Designing an emergency continuity plan for a megacity government: A conceptual framework for coping with natural catastrophes,” Int. J. Crit. Infrastruct. Prot., Vol.13, pp. 28-35, 2016.
  46. [46] N. Sahebjamnia, S. A. Torabi, and S. A. Mansouri, “Building organizational resilience in the face of multiple disruptions,” Int. J. Prod. Econ., Vol.197, pp. 63-83, 2018.
  47. [47] M. F. Blos, S. L. Hoeflich, and P. E. Miyagi, “A General Supply Chain Continuity Management Framework,” Proced. Comput. Sci., Vol.55, pp. 1160-1164, 2015.
  48. [48] P. Mensah, Y. Merkuryev, and S. Manak, “Developing a Resilient Supply Chain Strategy by Exploiting ICT,” Proced. Comput. Sci., Vol.77, pp. 65-71, 2015.
  49. [49] J. Pan and X. Su, “Life Cycle Approach for Facility Resilience Information Modeling (FRIM),” Proced. Eng., Vol.118, pp. 28-36, 2015.
  50. [50] M. Zhalechian, S. A. Torabi, and M. Mohammadi, “Hub-and-spoke network design under operational and disruption risks,” Transp. Res. Part E: Logist. Transp. Rev., Vol.109, pp. 20-43, 2018.
  51. [51] M. Jesús Sáenz, E. Revilla, and B. Acero, “Aligning supply chain design for boosting resilience,” Bus. Horiz., Vol.61, Issue 3, pp. 443-452, 2018.
  52. [52] R. V. Wyk, P. Bowen, and A. Akintoye, “Project risk management practice: The case of a South African utility company,” Int. J. Proj. Manag., Vol.26, Issue 2, pp. 149-163, 2008.
  53. [53] F. Jallat and C. J. Shultz, “Lebanon: From cataclysm to opportunity – Crisis management lessons for MNCs in the tourism sector of the Middle East,” J. World Bus., Vol.46, Issue 4, pp. 476-486, 2011.
  54. [54] A. Prazeres and E. Lopes, “Disaster Recovery – A Project Planning Case Study in Portugal,” Proced. Tech., Vol.9, pp. 795-805, 2013.
  55. [55] H. Kachali, Z. R. Whitman, J. R. Stevenson, and J. Vargo, “Industry sector recovery following the Canterbury earthquakes,” Int. J. Disaster Risk Reduct., Vol.12, pp. 42-52, 2015.
  56. [56] E. Y. Yildirim, G. Akalp, S. Aytac, and N. Bayarm, “Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey,” Int. J. Inf. Manag., Vol.31, Issue 4, pp. 360-365, 2011.
  57. [57] S. Bennett, “Insecurity in the Supply of Electrical Energy: An Emerging Threat?,” Electr. J., Vol.24, Issue 10, pp. 51-69, 2011.
  58. [58] G. Samantha, “The Impact of Natural Disasters on Micro, Small and Medium Enterprises (MSMEs): A Case Study on 2016 Flood Event in Western Sri Lanka,” Proced. Eng., Vol.212, pp. 744-751, 2018.
  59. [59] K. Faertes, “Reliability of Supply Chains and Business Continuity Management,” Proced. Comput. Sci., Vol.55, pp. 1400-1409, 2015.
  60. [60] R. Rajesh and V. Ravi, “Supplier selection in resilient supply chains: a grey relational analysis approach,” J. Clean. Prod., Vol.86, pp. 343-359, 2015.
  61. [61] S. Andriulo, M. A. Arleo, F. de Carlo, M. G. Gnoni, and M. Tucci, “Effectiveness of maintenance approaches for High Reliability Organizations,” IFAC-PapersOnLine, Vol.48, Issue 3, pp. 466-471, 2015.
  62. [62] P. Mensah, Y. Merkuryev, and F. Longo, “Using ICT in Developing a Resilient Supply Chain Strategy,” Proced. Comput. Sci., Vol.43, pp. 101-108, 2015.
  63. [63] S. A. Torabi, M. Baghersad, and S. A. Mansouri, “Resilient supplier selection and order allocation under operational and disruption risks,” Transp. Res. Part E: Logist. Transp. Rev., Vol.79, pp. 22-48, 2015.
  64. [64] J. D. Nosworthy, “Y2K contingency planning: Taking BCM into the 21st century,” Comput. Secur., Vol.18, Issue 8, pp. 693-704, 1999.
  65. [65] B. Herbane, D. Elliott, and E. M. Swartz, “Business Continuity Management: time for a strategic role?,” Long Range Plan., Vol.37, Issue 5, pp. 435-457, 2004.
  66. [66] R. Stanson, “Beyound disaster recovery: the benefits of business continuity,” Comput. Fraud. Secur., Vol.2005, Issue 7, pp. 18-19, 2005.
  67. [67] R. Power and D. Forte, “You don’t need a weatherman to know which way the wind blows: business continuity in the 21st century,” Comput. Fraud. Secur., Vol.2006, Issue 8, pp. 17-19, 2006.
  68. [68] M. Power, “The risk management of nothing,” Accounting, Org. Soc., Vol.34, Issues 6-7, pp. 849-855, 2009.
  69. [69] Z. Auzzir, R. Haigh, and D. Amaratunga, “Impacts of Disaster to SMEs in Malaysia,” Proced. Eng., Vol.212, pp. 1131-1138, 2018.
  70. [70] M. F. Rebelo, G. Santos, and R. Silva, “Integration of management systems: towards a sustained success and development of organizations,” J. Clean. Prod., Vol.127, pp. 96-111, 2016.
  71. [71] F. Gibb and S. Buchanan, “A framework for business continuity management,” Int. J. Inf. Manag., Vol.26, Issue 2, pp. 128-141, 2006.
  72. [72] H. Baba, T. Watanabe, M. Nagaishi, and H. Matsumoto, “Area Business Continuity Management, a New Opportunity for Building Economic Resilience,” Proced. Econ. Financ., Vol.18, pp. 296-303, 2014.
  73. [73] C. Isouchi, “District continuity plans for large-scale disaster coordination: Case Study in Kagawa District,” J. Disaster Res., Vol.12, No.4, pp. 733-740, 2017.
  74. [74] P. Thammarux, A. Suppasri, N. Leelawat, M. Matsuoka, and F. Imamura, “Disaster emergency response plan of the Royal Thai Embassy in Tokyo, Japan: A review,” J. Disaster Res., Vol.14, No.7, pp. 959-971, 2019.

*This site is desgined based on HTML5 and CSS3 for modern browsers, e.g. Chrome, Firefox, Safari, Edge, Opera.

Last updated on May. 19, 2024