Since (1996) Knight and Pretty published their study about the impact of catastrophes on shareholder value, the need for a business continuity management system (BCMS) became clear. Once a BCMS is in place, the corresponding risks can be insured against. The BS 25999 certificate can serve as proof of implementation. It requires defined business continuity plans (BCP). However, processes based on BCPs are rarely tested. Therefore, little knowledge is available to confirm their proper functioning and their non-functional properties. This paper addresses the verification of BCPs. We show how to model, simulate and verify normal business processes and business processes that are based on a BCP. As a formal method, we use process algebra and modal logic to explain the semantics of conceptual business process models. Our study places emphasis on questions regarding the potential capacity and duration of a process based on a BCP as well as those of an organizational security policy. By doing this, we are able to demonstrate that ex-ante evaluation is not only possible but also effective. ©2009 IEEE.
|Title of host publication||Proceedings of the 2009 IEEE Toronto International Conference - Science and Technology for Humanity (TIC-STH'09, Toronto ON, Canada, September 26-27, 2009)|
|Publisher||Institute of Electrical and Electronics Engineers|
|Publication status||Published - 2009|