| dc.description.abstract | The continued growth in dependence on Information Technology by microfinance institutions
has increased the importance of plans to prevent the loss of information confidentiality, integrity
and availability that could seriously affect overall performance. Contingency planning measures
are required to minimize the damage caused in accidental or intentional disclosure, modification,
or destruction of data, or the means of processing the data.
The study analyzed literature in information system and developed a generic information system
contingency plan. The NIST standard identified the critical steps in the development of an
information system contingency plan i.e. developing the contingency planning policy statement,
conduct business impact analysis, identify preventive controls, develop recovery strategies,
develop the contingency plan, plan testing, training and exercises and lastly plan maintenance.
The study adopted stratified random sampling with the targeted population constituting three
categories: senior managers, system users, and IT department staff. From the target population
summaries, discussions and conclusions were made. After conducting business impact analysis
findings revealed that in micro finance institutions the least IT resources that are required to
support the critical information systems in case ?f disaster include, database servers, application
server, LAN/W AN with associated routers, hubs and fiber connections, electric power and desktops.
The study did not take into considerations the organization structure of the MFIs management;
this is because different MFI have different hierarchical structure and employee physical security
in case of a disaster. The study also did not capture external entities such third party service
providers and vendors. It was recommended that future work could be done on the CP to
incorporate employees' safety. | en |
