Skip to content

The Importance of Business Continuity and Knowledge Management during the Pandemic Period

Business Continuity and IT Disaster Recovery Blog

The Importance of Business Continuity and Knowledge Management during the Pandemic Period
Author: Tuana İrkey and Aslıhan Tüfekci

  1. Abstract:
    Earlier in 2020 a knowledge management project was initiated with the aim of organizational performance improvement at a service company. A maturity model was applied for the gap analysis and a systematic literature review was conducted to shape the project. As the COVID-19 grew to a global scale, the aim of the project has shifted into ensuring the business continuity of the case company. Without major changes the project was carried out. At the end it was observed the company not only operated without being affected from the pandemic situation but also improved their organizational performance as aimed initially.

    1. Introduction
    Business continuity is a critical and frequently studied topic for both companies and academia. Business continuity is the process of creating prevention and recovery systems to deal with potential threats to an organization [1]. Organizations today are highly dependent on all their stakeholders; this has caused companies to face a variety of disasters, from simple power outages to fluctuations in the economies of the countries [2]. The year 2020 comes with an unexpected factor that interrupts business continuity: The pandemic. With restrictions and prohibitions following the rapid spread of COVID-19 disease, production and service processes have been adversely affected. The business world has switched to a remote working model as advised by authorities. During this fast-developing period, companies that do not have a business continuity plan have suffered business and financial losses which also showed the importance of business continuity and knowledge management one more time.

    Knowledge exchange between countries played a major role during all stages of this period—from the emergence of COVID-19 to the disease taking this name, to governments taking measures based on information obtained by early affected countries to fight the pandemic. When the knowledge is properly managed, it can help managing a crisis such as a pandemic; on a smaller scale, it can ensure that an affected company remains in the market by maintaining its business continuity.

    Knowledge management (KM) terminology has emerged from complexity in the market, competition in technology and changes in customer demands. Knowledge management is the open and planned creation, renewal and implementation of the knowledge assets of the organization considering the people, process and technology elements in order to achieve organizational goals by increasing the knowledge-based efficiency of the organization [3–6]. Literature on knowledge management shows that successful applications provide benefits such as increased business performance, increased competitive advantage, creation of new business areas and innovation, reduced costs, time savings, and increased decision-making ability to companies. This paper focuses on knowledge management’s contribute to business continuity and crisis management, other benefits not mentioned as much. Earlier that year a knowledge management project was initiated with the aim of improving the organizational performance at a service company. As the COVID-19 grew to as a global scale and effected the business world, the aim of the project has shifted into ensuring the business continuity of the case company with the emerging conditions. Without major changes in the scope and the methods the project was carried out. At the end it was observed the company not only operated without being affected from the pandemic situation but also saw an overall improvement at organizational performance as aimed initially.

    This paper consists of three parts. Firstly, the ITIL based maturity model applied at the case company to understand the present situation and the details of the conducted systematic literature review focusing on the service sector to shape the project scope are given under Materials and Methods. Secondly, under the Results, gap analysis results, findings from the systematic literature review and the overall project outcomes are given. Finally, the results of the study were summarized, and suggestions were made for future studies.

    2. Materials and Methods
    This study was carried out in an IT services company. Firstly, a maturity model with general management, service level management, business continuity, capacity management and security management sections has been established by referencing the ITIL, one of the most widely used service management frameworks, in order to understand the present situation in the company. The maturity levels of the model are as follows: Level 0— Not defined, Level 1—Defined at basic level, Level 2—Defined, Level 3—Managed, Level 4—Managed by evaluation, Level 5—Optimized. In addition to the maturity model to analyze company processes, face-to-face interviews were also conducted. The results of the gap analysis indicated that the difference between the desired situation and the present situation was due to lack of knowledge management within the company. In order to eliminate these problems, see the benefits of knowledge management and examine similar applications, a systematic literature review (SLR) as adapted from the theoretical study of Denyer and Tranfield [7] was conducted on the existing literature focusing on the service sector.

    ”Knowledge management” and ”service” were selected as primary keywords while ”framework”, ”model”, ”architecture”, and ”method” have been identified as secondary keywords for the SLR. These keywords were combined using Boolean operators and obtained queries were searched on IEEE Xplore, ACM Digital Library, Science Direct, Emerald Insight, Sage Journals, Springer Link, Taylor & Francis Online, JSTOR and Wiley Online Library databases. Year and title filters were added to queries to make the results more relevant to the study focus. Obtained resource references were exported from databases in BibTeX reference format, then transferred to the JabRef tool—an open source bibliography reference manager using BibTeX as its local file format. Using the JabRef, duplicate resources were eliminated. Rest of the resources were evaluated fundamentally using title, abstract and keyword fields. There were 90 resources deemed appropriate, and were examined in detail.

    The findings obtained from the detailed analysis of the selected sources were converted into solutions in correlation with the problems found during the gap analysis. Solutions are divided into three categories: people, processes, and technology. Each solution proposal category has been prioritized considering the purpose and scope of the study and a project plan was created afterwards. To control and monitor the project success the[1]following service metrics are defined: first response time, resolution time, closing time, number of e-mails from first response to resolution, number of requests not upheld with reason, number of reminder e-mails until resolution. Moreover, it was decided to repeat the maturity model assessment performed during the gap analysis to see the final condition.
    Most of the solutions have already been put in place including determination of knowledge needs of departments, review and redesign of business processes, selection of knowledge management tools and design of a knowledge management system and initiation of organizational culture and learning efforts with the support of human resources department when the first COVID-19 cases in Turkey were announced. Following the cases, it was decided by the company to switch to remote-work as recommended by the authorities. After this decision, the project focus is changed to ensure the business continuity to prevent the negative effects of the new rules and restrictions.

    As a first response, the design of the knowledge management system was implemented and tailored according to the business processes and department needs. A remote work plan was created together with the human resources department and put in place. Other than these quick responses, no major changes were made in project plan and applied methods. The project solutions are applied as determined with some insight gained during the remote-work experience. The project period has ended after the lifting of main prohibitions at the mid of the normalization period.

    3. Results
    The case company is a service company in the IT security field. The company closely follows laws and regulations and operates governance, risk, and compliance standards related to the IT security such as ISO/IEC 27001 information technology; security techniques; information security management systems; requirements, ISO 22301 security and resilience; business continuity management systems; requirements and Turkish Law on the Protection of Personal Data (KVKK). These standards have a great focus on business continuity, crisis management and contingency plans and the company has all suggested practices in-place and updates them regularly. This was also observed in the maturity model assessment conducted during the gap analysis. As seen in the Figure 1, the company scored close to Level 5—optimized in the security management area and again got a close score to Level 4—managed in the business continuity area. Even though the company may seem capable to handle any crisis considering their readiness levels, the remote[1]work transition is carried out using the newly implemented knowledge-based processes and the knowledge management system. This has shown that the traditional business continuity approaches are insufficient in the case of an unusual situations which effects a much wider audience and territory than any unusual event such as pandemic. On the other hand, knowledge management practices brought flexibility, easy accessibility, user friendliness, a collaborative workspace, measurement and reporting and sustainability for needed changes. During this period, not only operated business through the KMS but started online training and certification programs through the system. At the same time, many services such as training, support, maintenance, installation, and security operations are designed to be provided remotely again via the KMS. From an internal perspective, the defined service metrics showed improvement through the project. While the average first response time, resolution time, closing times are down to hours from working days, number of e-mails sent for each case has critically dropped which also helped saving time and increase employee performance. Moreover, the reminders were defined to be sent automatically by the knowledge management system—another time-saving opportunity. From a competitive perspective, the company started to provide new services and gained a new customer base while most companies in the sector were facing the risk of going out of business. Moreover, new organizational knowledge was gained which were used to update the business continuity plan and the disaster recovery to include similar risks to the pandemic period. In Figure 1, the post-study results of the maturity assessment are also given; improvement is observed in all areas, including those with high scores.

    In this case study, the knowledge management integration was designed for a general organizational change and not mainly focused on business continuity. The solutions applied were derived from service sector best practices in the literature obtained during the SLR, but this knowledge management approach still provided in-direct success for the business continuity too. This has highlighted that the knowledge management is a valuable asset for business continuity and crisis management.

    Figure 1. Maturity Model Application Results.

    The study was initiated with the solutions based on the SLR findings. However, this highlight could not be observed in the selected literature. The 90 resources as deemed appropriate were examined in detail and analyses were made. In Figure 2, the sector distribution of selected papers is given. Disaster recovery as a sector field has three contributions. In Figure 3 application area distributions according to the 34 service areas given under the ITIL [8] are shown. It is seen that only 16 out of 34 areas are contributed, one of these areas is the incident management with four contributions while risk management has one and no contribution was made to the service continuity management.


    Figure 2. Sector Distribution of Selected Sources.

    Figure 3. Service Area Distribution of Selected Sources According to ITIL Application Areas.

    4. Discussions
    Service organizations are knowledge-intensive companies. Services contain lots of knowledge coming from the continuous interaction between organizations and stakeholders. There are numerous benefits that companies can achieve by obtaining and using these knowledges. This paper highlights another benefit of knowledge management which is business continuity and crisis management process improvements. The knowledge management project initiated with the best service sector practices obtained from academic literature to improve organizational performance indirectly created an advantage for the case company during the pandemic. The company, regardless of their readiness in accordance with law, regulations and standards related to business continuity, managed the pan[1]demic period via the knowledge management processes and systems brought with the project. In contrast to traditional business continuity approaches; the centrality, flexibility and ability to collaborate with faster, easier and remote access that comes with knowledge management not only prevented the company from being adversely affected by the situation but also helped creating a competitive advantage allowing new service designs while improving overall service performance. This has shown the importance of knowledge management integrated business continuity approach.

    In the reviewed literature, it was observed from the sector distributions that knowledge management studies on disaster recovery were made but these studies fall behind the sectors such as health, government, education, and finance. It was also found from the ITIL application area distribution that two of the 16 areas contributed were risk management and incident management; but no contribution was made to the area of ser[1]vice continuity management. These analyses and distributions have also helped to make the gaps in literature more visible.

    In the near future, the pandemic and similar cases will be added to business continuity standards and risk areas. Disaster recovery, business continuity and contingency plans will start to include issues such as remote work. Thus, research considering knowledge management for service continuity, disaster recovery, remote work and similar fields should be made to close the related literature gap. It is also advised for companies to focus on knowledge management practices regarding their sector and unique business traits to obtain many benefits including improved business continuity capabilities.

    BRCCI – Business Resilience Certification Consortium International (www.brcci.org)

    We are thankful to the author for allowing us to post this insightful article on our website. BRCCI provides a comprehensive training and certification program in business resiliency, continuity and IT disaster recovery planning:

    1. 3-day CBRM (Certified Business Resilience Manager) is a comprehensive, all-in-one, 3-day Business Continuity Planning and Management Training and Certification course which is designed to teach practical methods to develop, test, and maintain a business continuity plan and establish a business continuity program.

    2. 3-day CBRITP (Certified Business Resilience IT Professional) is a comprehensive training on how to assess, develop, test, and maintain an information technology (IT) Disaster Recovery Plan for recovering IT and telecommunications systems and infrastructure in the event of a disaster or business disruption. The training provides a step-by-step methodology to ensure a reliable and effective IT disaster recovery and continuity plan consistent with the industry’s standards and best practices.

    3. 2-day CBRA (Certified Business Resilience Auditor) It provides 2 days of intensive, Business Continuity Audit training to enable students to determine the effectiveness, adequacy, quality and reliability of an organization’s Business Continuity Program. Students will learn an audit methodology to evaluate compliance of Business Continuity and IT Disaster Recovery Programs with the current industry’s best practices and standards including:

    • ISO 22301: Business Continuity Management Systems – Requirements
    • NFPA: Standard on Disaster/Emergency Management and Business Continuity Programs
    • ITIL: Information Technology Infrastructure Library

    For information on the above program, please contact BRCCI (www.brcci.org, 1-888-962-7224).

On Key

Related Posts

ISO 22301

ISO 22301 4.1 IntroductionThe Standard ISO 22301 was proposed in 2012 as a new way to implement The Business Contingency Management process regardless of the