You are here: Home Contents V4 N1 V4N1_Surendra.html
Personal tools

The Ethics of IT Disaster Recovery Planning: Five Case Studies



Full text

Journal of Information System Security
Volume 4, Number 1 (2008)
Pages 2140
ISSN 1551-0123
Nanda Surendra — West Virginia University, USA
A. Graham Peace — West Virginia University, USA
Daniel Connolly — West Virginia University, USA
Information Institute Publishing, Washington DC, USA




Several highly visible and publicized disasters during the past five years, and the increasing realization that Information Technology (IT) is vital to the functioning of several core business processes, are motivating many companies to invest large amounts in IT disaster recovery. According to a recent survey (Witty, 2006), nearly 50% of companies invest almost 10% of their IT budget in this area. However, there is very limited published academic research on IT disaster recovery. A large number of practitioner articles are available, most of which focus on technology and procedures. This paper adds to the Information Systems academic research, and supplements the practitioner research, by focusing attention on the ethical and social aspects of IT disaster recovery. In an exploratory study, case studies at five organizations from different industry sectors were conducted. Three commonly accepted ethical theories - Stockholder Theory, Stakeholder Theory and Social Contract Theory - were applied, to analyze (1) how a disaster is defined, (2) how business and IT service priorities are determined in a disaster recovery or business continuity plan, and (3) how a disaster recovery or business continuity plan is operationalized. It was found that the Stockholder Theory framework dominates the disaster recovery planning process, with little attention paid to the stakeholders identified by the Stakeholder and Social Contract Theories.




IT Disaster Recovery Planning, Business Continuity Planning, Business Ethics




Benton, D. (2007), “Disaster Recovery: A Pragmatist’s Viewpoint,” Disaster Recovery Journal, 20(1): 79-81.

Cerullo, V. and Cerullo, M.J. (2004), “Business Continuity Planning: A Comprehensive Approach,” Information Systems Management, 21 (3): 70 – 78.

Chow, W.S. (2000), “Success factors for IS disaster recovery planning in Hong Kong,” Information Management & Computer Security, 8 (2): 80-86.

Freeman, R.E. (1984), Strategic Management: A stakeholder approach, Pittman Publishing, New York.

Friedman, M. (1962), Capitalism and Freedom, University of Chicago Press, Chicago.

Hasnas, J. (1998), “The Normative Theories of Business Ethics: A Guide for the Perplexed,” Business Ethics Quarterly, 8 (1): 19-42.

Hecht, J.A. (2002), “Business Continuity Management,” Communications of the Association for Information Systems, 8: 444-450.

Introna, L. and Whittaker, L. (2004), “Truth, Journals, and Politics: The Case of the MIS Quarterly,” Information Systems Research: Relevant Theory and Informed Practice,  Kluwer Academic Publishers, Dordrecht, pp.103-120.

Kendall, K.E., Kendall, J.E. and Lee, K.C. (2005), “Understanding Disaster Recovery Planning through a Theatre Metaphor: Rehearsing for a Show that Might Never Open,” Communications of the Association for Information Systems, 16 (51): 1001-1012.

Kirschenbaum, A. (2006), “The Missing Link in Business Continuity,” Disaster Recovery Journal, 19(4). Available online at

Lee, A.S. (1989), “A Scientific Methodology for MIS Case Studies,” MIS Quarterly, 13 (1): 33-50.

Ross, S.C., Tyran, C.K., Auer, D.J., Junell, J.M. and Williams, T.G. (2005), “Up In Smoke: Rebuilding After an IT Disaster,” Journal of Cases on Information Technology, 7 (2): 31-49.

Schmidt, K. (2006), High Availability and Disaster Recovery, Springer, Berlin.

Shao, B.B.M. (2005), “Optimal Redundancy Allocation for Information Technology Disaster Recovery in the Network Economy,” IEEE Transactions on Dependable and Secure Computing, 2 (3): 262-267.

Smith, J.H. (2003), “The Shareholders vs. Stakeholders Debate,” MIT Sloan Management Review, Summer 2003: 85-90.

Smith, J.H. and Hasnas, J. (1999), “Ethics and Information Systems: The Corporate Domain,” MIS Quarterly, 23(1): 109-127.

Viswanathan, S. (2006), “Seven Habits of Highly Effective Data Centers”, Disaster Recovery Journal, 19 (2), Available online at

Witty, R.J. (2006), “2005 BCM/DR Survey Results from Gartner, DRJ,” Disaster Recovery Journal, 19 (4), Available online at

Yin, R.K. (2003), Case Study Research, Third Edition, Sage Publications, Thousand Oaks, CA.