Design of generic information systems contingency plan for microfinance institutions in kenya
MetadataShow full item record
The continued growth in dependence on Information Technology by microfinance institutions has increased the importance of plans to prevent the loss of information confidentiality, integrity and availability that could seriously affect overall performance. Contingency planning measures are required to minimize the damage caused in accidental or intentional disclosure, modification, or destruction of data, or the means of processing the data. The study analyzed literature in information system and developed a generic information system contingency plan. The NIST standard identified the critical steps in the development of an information system contingency plan i.e. developing the contingency planning policy statement, conduct business impact analysis, identify preventive controls, develop recovery strategies, develop the contingency plan, plan testing, training and exercises and lastly plan maintenance. The study adopted stratified random sampling with the targeted population constituting three categories: senior managers, system users, and IT department staff. From the target population summaries, discussions and conclusions were made. After conducting business impact analysis findings revealed that in micro finance institutions the least IT resources that are required to support the critical information systems in case ?f disaster include, database servers, application server, LAN/W AN with associated routers, hubs and fiber connections, electric power and desktops. The study did not take into considerations the organization structure of the MFIs management; this is because different MFI have different hierarchical structure and employee physical security in case of a disaster. The study also did not capture external entities such third party service providers and vendors. It was recommended that future work could be done on the CP to incorporate employees' safety.