| dc.description.abstract | The problem facing organizations is what to do when their premises are left unusable for an unacceptable length of time. The intention will be to restart essential operations with a minimum of delay within an acceptable length of time, probably with a reduced capacity in temporary premises. Just a few minutes of system downtime can cost an entity several thousands, or even millions, in lost revenue.
A case study was carried out to analyze the concept of BCP, why it is important and examined how it has been put into practice at agricultural research institutes in Kenya. 13 out of a total of 15 respondents were interviewed and from various data sources, information collected related to the likelihood of security threats occurring, the probable impact of security threats, the computed risk value of security threats, the perceived origin of security threats, existing security architectures, factors affecting security and the status ofBCP and DRP Implementation.
The study concluded that the security exposures with the highest risk value were technological exposures. It also concluded that technological exposures are the most likely to occur whereas natural disasters and extreme weather would be the least likely to occur. The study also showed that the financial resource of the organization is the most probable factor considered in the organizations security development whereas government pressure is the least probable factor considered in the organizations' security development.
The security measures implemented in the examined organizations were all good. However, owing to the exposure profile perceived by the organization'S staff and coupled with some best practice recommendations, there are some critical measures that were also noted to have been omitted. Some of the BCP best practice activities that had not been implemented include the lack of a BCP committee; inadequate documentation on the information systems used in the organizations; lack of a budget to conduct the BCP; lack of periodic tests of the BCP; and inadequate user involvement in the BCP process | en_US |
