| dc.description.abstract | The world we live in is full of uncertainties. A day that seemingly started well may spring surprises, some
pleasant and others nasty. Much as we may not like them, disasters will happen.
At the work place, they will interrupt our normal business, affecting our mission critical Information
Systems. Losses may be great. The extent of loss will definitely depend on what is done after a disaster,
but more importantly, on what contingency plans were in place prior to the disaster. The survival of the
affected organization and return to normal business operations may well rely on tireless preparation,
resourcing, rehearsals, simulation, training and, most signiflcantly, leadership.
A research survey has been carried out in some organizations in Nairobi, Kenya aimed at analyzing the
planning, design and implementation of ICT contingency strategies, and more specifically, the level of
preparation by the organizations to handle a disaster or disasters affecting their Information Systems.
Organizations were selected only if they relied on ICT to carry out their core business. They were pickec
from Educational, financial, governmental, manufacturing and service oriented organizations, and the
sample size was taken through judgmental sampling.
In this survey, a comparison of existing disaster recovery plans with internationally recognized standards
has been done. An investigation of the levels of investment in Information Systems related Disaster
recovery planning in comparison with investment in prevention and avoidance of Information Systems
disasters has also been done. The research also delved into investigating why some organizations in the
survey had not implemented Disaster recovery plans for their Information Systems. The reasons are
given in the report. Challenges faced by organizations that had already implemented Disaster recovery
plans have been discussed and some possible solutions to these challenges given.
Generally speaking, the survey portrays a worrying picture. Even though a third of the organizations in
the survey had a documented disaster recovery plan, only a tenth met the most basic requirements of
internationally recognized standards of Disaster recovery planning. This point towards poor standards
of planning, designing and implementing disaster recovery plans. Results indicated that most
organizations concentrated more on disaster avoidance compared to disaster recovery planning.
Investment in qisastei recovery planning was not directly proportional to availability requirements of
organizations' mission critical Information Systems. In fact, only organizations in the financial sector
showed a serious attempt at ICT contingency planning.
Reasons commonly sited as influencing the lack of well documented Information Systems disaster
recovery plans included lack of support from senior management, prohibitive cost, emphasis on core
business, lack of skills and considering occurrence of a disaster as remote, among others.
The study recommends that a well documented disaster recovery plan at some scale, depending on
availability requirements of an organization's mission critical Information Systems, ought to exist as a
matter of necessity. No organization should be comfortable operating without some form of a Business
Continuity Plan (BCP). International standards of Business continuity planning should be adopted
paying attention to the peculiar operating environment of the organization. More specifically, the study
recommends developing business continuity planning as an organizational culture, allocating sufficient
budgetary support _forBCP, Industry regulators playing a more visible role in ICT policy control, and fo
the country, implementing a detailed National ICT policy that covers all major aspects of ICT including
regulation and control of ICT contingency planning.
In a nut shell, the study points out that most organizations may be ill equipped to handle a disaster
affecting their mission critical Information Systems, and needed to have woken up yesterday to this
reality.
Finally, suggestions for further study and research have been given. | en |
