Information security and business continuity management in interorganizational IT relationships

Abstract

PurposeThis paper aims to understand how managers of IT and information security aim to enhance information security and business continuity management in interorganizational IT relationships, such as outsourcing, cloud computing and interorganizational systems.Design/methodology/approachAn explorative study of large multinational or local organizations operating in Finland was conducted. In total, 18 IT and information security managers were interviewed with semi‐structured questions.FindingsFirst, the author discovered that several methods such as contracts, audits and standards were applied to balance power relationships between organizations or transfer responsibilities to other parties. The objectives of these methods are different within organizations. Second, the paper presents a comprehensive view of different security and continuity solutions in interorganizational IT relationships. The findings have practical value for IT managers and information security experts.Research limitations/implicationsThe interviews were conducted in different organizations. Therefore, it is suggested that a single in‐depth study that examines the phenomenon on different organizational levels within one organization would supplement the findings. Further studies on the power, trust and control balance of interorganizational IT relationships are required.Originality/valueThis paper builds on and expands information security and business continuity literature by illustrating that audits and standards play different roles in interorganizational IT relationships within organizations, and that contracts form the basis of those relationships. Information security problems and business continuity breaches caused by external partners and outsourcing vendors affect the reputation and value of the client company. Therefore, managers must have the means to ensure the continuity of operations.