Where academic tradition
meets the exciting future

Information Security and Business Continuity Management in Interorganizational IT Relationships

Jonna Järveläinen, Information Security and Business Continuity Management in Interorganizational IT Relationships. Information Management & Computer Security 20(5), 332 – 349, 2012.


This paper aims to understand how managers of IT and information security aim to enhance information security and business continuity management in interorganizational IT relationships, such as outsourcing, cloud computing and interorganizational systems.
An explorative study of large multinational or local organizations operating in Finland was conducted. In total, 18 IT and information security managers were interviewed with semi-structured questions.
First, we discovered that several methods such as contracts, audits and standards were applied to balance power relationships between organizations or transfer responsibilities to other parties. The objectives of these methods are different within organizations. Secondly, we present a comprehensive view of different security and continuity solutions in interorganizational IT relationships. The findings have practical value for IT managers and information security experts.
Research limitations
The interviews were conducted in different organizations. Therefore, it is suggested that a single in-depth study that examines the phenomenon on different organizational levels within one organization would supplement the findings. Further studies on the power, trust and control balance of interorganizational IT relationships are required.
This paper builds on and expands information security and business continuity literature by illustrating that audits and standards play different roles in interorganizational IT relationships within organizations, and that contracts form the basis of those relationships. Information security problems and business continuity breaches caused by external partners and outsourcing vendors affect the reputation and value of the client company. Therefore, managers must have the means to ensure the continuity of operations.

BibTeX entry:

  title = {Information Security and Business Continuity Management in Interorganizational IT Relationships},
  author = {Järveläinen, Jonna},
  journal = {Information Management & Computer Security},
  volume = {20},
  number = {5},
  pages = {332 – 349},
  year = {2012},
  keywords = {information security management, business continuity management, interorganizational IT relationships, outsourcing, software as a service, interorganizational systems},

Belongs to TUCS Research Unit(s): UTU Information Systems Science (ISS)

Edit publication