{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T21:13:56Z","timestamp":1770412436166,"version":"3.49.0"},"reference-count":52,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2012,11,23]],"date-time":"2012-11-23T00:00:00Z","timestamp":1353628800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,11,23]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>This paper aims to understand how managers of IT and information security aim to enhance information security and business continuity management in interorganizational IT relationships, such as outsourcing, cloud computing and interorganizational systems.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>An explorative study of large multinational or local organizations operating in Finland was conducted. In total, 18 IT and information security managers were interviewed with semi\u2010structured questions.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>First, the author discovered that several methods such as contracts, audits and standards were applied to balance power relationships between organizations or transfer responsibilities to other parties. The objectives of these methods are different within organizations. Second, the paper presents a comprehensive view of different security and continuity solutions in interorganizational IT relationships. The findings have practical value for IT managers and information security experts.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>The interviews were conducted in different organizations. Therefore, it is suggested that a single in\u2010depth study that examines the phenomenon on different organizational levels within one organization would supplement the findings. Further studies on the power, trust and control balance of interorganizational IT relationships are required.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>This paper builds on and expands information security and business continuity literature by illustrating that audits and standards play different roles in interorganizational IT relationships within organizations, and that contracts form the basis of those relationships. Information security problems and business continuity breaches caused by external partners and outsourcing vendors affect the reputation and value of the client company. Therefore, managers must have the means to ensure the continuity of operations.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685221211286511","type":"journal-article","created":{"date-parts":[[2013,3,25]],"date-time":"2013-03-25T11:48:26Z","timestamp":1364212106000},"page":"332-349","source":"Crossref","is-referenced-by-count":31,"title":["Information security and business continuity management in interorganizational IT relationships"],"prefix":"10.1108","volume":"20","author":[{"given":"Jonna","family":"J\u00e4rvel\u00e4inen","sequence":"first","affiliation":[]}],"member":"140","reference":[{"key":"key2022012120322043200_b1","doi-asserted-by":"crossref","unstructured":"Albrechtsen, E. and Hovden, J. (2009), \u201cThe information security digital divide between information security managers and users\u201d, Computers & Security, Vol. 28 No. 6, pp. 476\u201090.","DOI":"10.1016\/j.cose.2009.01.003"},{"key":"key2022012120322043200_b2","doi-asserted-by":"crossref","unstructured":"Ali, M., Kurnia, S. and Johnston, R.B. (2008), \u201cDyadic model of interorganizational systems (IOS) adoption maturity\u201d, Proceedings of the 41st Annual Hawaii International Conference on System Sciences, IEEE, Waikoloa, HI, USA, p. 8.","DOI":"10.1109\/HICSS.2008.18"},{"key":"key2022012120322043200_b3","doi-asserted-by":"crossref","unstructured":"Bayuk, J. (2009), Enterprise Security for the Executive: Setting the Tone from the Top, Praeger Publishers, Santa Barbara, CA.","DOI":"10.5040\/9798400646492"},{"key":"key2022012120322043200_b4","doi-asserted-by":"crossref","unstructured":"Butler, B.S. and Gray, P.H. (2006), \u201cReliability, mindfulness, and information systems\u201d, MIS Quarterly, Vol. 30 No. 2, p. 211.","DOI":"10.2307\/25148728"},{"key":"key2022012120322043200_b5","doi-asserted-by":"crossref","unstructured":"Cerullo, V. and Cerullo, M.J. (2004), \u201cBusiness continuity planning: a comprehensive approach\u201d, Information Systems Management, Vol. 21 No. 3, pp. 70\u20108.","DOI":"10.1201\/1078\/44432.21.3.20040601\/82480.11"},{"key":"key2022012120322043200_b6","doi-asserted-by":"crossref","unstructured":"Dibbern, J., Goles, T., Hirschheim, R. and Jayatilaka, B. (2004), \u201cInformation systems outsourcing\u201d, ACM SIGMIS Database, Vol. 35 No. 4, pp. 6\u2010102.","DOI":"10.1145\/1035233.1035236"},{"key":"key2022012120322043200_b7","doi-asserted-by":"crossref","unstructured":"Doomun, M.R. (2008), \u201cMulti\u2010level information system security in outsourcing domain\u201d, Business Process Management Journal, Vol. 14 No. 6, pp. 849\u201057.","DOI":"10.1108\/14637150810916026"},{"key":"key2022012120322043200_b8","unstructured":"Eloff, J.H.P. and Eloff, M. (2003), \u201cInformation security management: a new paradigm\u201d, Proceedings of the 2003 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology, South African Institute for Computer Scientists and Information Technologists, Republic of South Africa, pp. 130\u20106."},{"key":"key2022012120322043200_b9","doi-asserted-by":"crossref","unstructured":"Fang, F., Parameswaran, M., Zhao, X. and Whinston, A. (2012), \u201cAn economic mechanism to manage operational security risks for inter\u2010organizational information systems\u201d, Information Systems Frontiers, September, pp. 1\u201018.","DOI":"10.1007\/s10796-012-9348-y"},{"key":"key2022012120322043200_b10","doi-asserted-by":"crossref","unstructured":"Fink, D. (1994), \u201cA security framework for information systems outsourcing\u201d, Information Management & Computer Security, Vol. 2 No. 4, pp. 3\u20108.","DOI":"10.1108\/09685229410068235"},{"key":"key2022012120322043200_b11","doi-asserted-by":"crossref","unstructured":"Gibb, F. and Buchanan, S. (2006), \u201cA framework for business continuity management\u201d, International Journal of Information Management, Vol. 26 No. 2, pp. 128\u201041.","DOI":"10.1016\/j.ijinfomgt.2005.11.008"},{"key":"key2022012120322043200_b12","doi-asserted-by":"crossref","unstructured":"Goo, J. and Huang, C.D. (2008), \u201cFacilitating relational governance through service level agreements in IT outsourcing: an application of the commitment\u2010trust theory\u201d, Decision Support Systems, Vol. 46 No. 1, pp. 216\u201032.","DOI":"10.1016\/j.dss.2008.06.005"},{"key":"key2022012120322043200_b13","unstructured":"Hardy, C.A. and Williams, S.P. (2010), \u201cManaging information risks and protecting information assets in a Web 2.0 era\u201d, Proceedings of the 23rd Bled eConference eTrust: Implications for the Individual, Enterprises and Society, Bled, Slovenia, 20\u201023 June."},{"key":"key2022012120322043200_b14","doi-asserted-by":"crossref","unstructured":"Hart, P. and Saunders, C. (1997), \u201cPower and trust: critical factors in the adoption and use of electronic data interchange\u201d, Organization Science, Vol. 8 No. 1, pp. 23\u201042.","DOI":"10.1287\/orsc.8.1.23"},{"key":"key2022012120322043200_b15","doi-asserted-by":"crossref","unstructured":"Heiskanen, A., Newman, M. and Eklin, M. (2008), \u201cControl, trust, power, and the dynamics of information system outsourcing relationships: a process study of contractual software development\u201d, The Journal of Strategic Information Systems, Vol. 17 No. 4, pp. 268\u201086.","DOI":"10.1016\/j.jsis.2008.10.001"},{"key":"key2022012120322043200_b16","doi-asserted-by":"crossref","unstructured":"Herbane, B. (2010a), \u201cSmall business research: time for a crisis\u2010based view\u201d, International Small Business Journal, Vol. 28 No. 1, pp. 43\u201064.","DOI":"10.1177\/0266242609350804"},{"key":"key2022012120322043200_b17","doi-asserted-by":"crossref","unstructured":"Herbane, B. (2010b), \u201cThe evolution of business continuity management: a historical review of practices and drivers\u201d, Business History, Vol. 52 No. 6, pp. 978\u20101002.","DOI":"10.1080\/00076791.2010.511185"},{"key":"key2022012120322043200_b18","doi-asserted-by":"crossref","unstructured":"Herbane, B., Elliott, D. and Swartz, E. (2004), \u201cBusiness continuity management: time for a strategic role?\u201d, Long Range Planning, Vol. 37 No. 5, pp. 435\u201057.","DOI":"10.1016\/j.lrp.2004.07.011"},{"key":"key2022012120322043200_b19","doi-asserted-by":"crossref","unstructured":"Hong, K.\u2010S., Chi, Y.\u2010P., Chao, L.R. and Tang, J.\u2010H. (2003), \u201cAn integrated system theory of information security management\u201d, Information Management & Computer Security, Vol. 11 No. 5, pp. 243\u20108.","DOI":"10.1108\/09685220310500153"},{"key":"key2022012120322043200_b20","doi-asserted-by":"crossref","unstructured":"Klein, H.K. and Myers, M.D. (1999), \u201cA set of principles for conducting and evaluating interpretive field studies in information systems\u201d, MIS Quarterly, Vol. 23 No. 1, pp. 67\u201093.","DOI":"10.2307\/249410"},{"key":"key2022012120322043200_b21","doi-asserted-by":"crossref","unstructured":"Lacity, M.C., Khan, S., Yan, A. and Willcocks, L.P. (2010), \u201cA review of the IT outsourcing empirical literature and future research directions\u201d, Journal of Information Technology, Vol. 25 No. 4, pp. 395\u2010433.","DOI":"10.1057\/jit.2010.21"},{"key":"key2022012120322043200_b22","doi-asserted-by":"crossref","unstructured":"Lawson\u2010Body, A. and O'Keefe, T.P. (2006), \u201cInterorganizational relationships in the context of SMEs' B 2 B e\u2010commerce\u201d, Journal of Electronic Commerce in Organizations, Vol. 4 No. 4, pp. 1\u201028.","DOI":"10.4018\/jeco.2006100101"},{"key":"key2022012120322043200_b23","doi-asserted-by":"crossref","unstructured":"Luoma\u2010aho, V. and Paloviita, A. (2010), \u201cActor\u2010networking stakeholder theory for today's corporate communications\u201d, Corporate Communications: An International Journal, Vol. 15 No. 1, pp. 49\u201067.","DOI":"10.1108\/13563281011016831"},{"key":"key2022012120322043200_b24","unstructured":"Luor, T.T., Lu, H.\u2010P., Tao, Y.\u2010H., Lin, T.M.Y. and Tung, C.\u2010H. (2008), \u201cDeterminants of client intention of software outsourcing vendors: a model from Taiwan's financial industry\u201d, Journal of the Academy of Business & Economics, Vol. 8 No. 2, pp. 159\u201066."},{"key":"key2022012120322043200_b25","doi-asserted-by":"crossref","unstructured":"Lyytinen, K. and Damsgaard, J. (2011), \u201cInter\u2010organizational information systems adoption \u2013 a configuration analysis approach\u201d, European Journal of Information Systems, Vol. 20 No. 5, pp. 496\u2010509.","DOI":"10.1057\/ejis.2010.71"},{"key":"key2022012120322043200_b27","doi-asserted-by":"crossref","unstructured":"Ma, Q. and Pearson, J.M. (2005), \u201cISO 17799: \u2018Best practices\u2019 in information security management?\u201d, Communications of the Association for Information Systems, Vol. 15 No. 1.","DOI":"10.17705\/1CAIS.01532"},{"key":"key2022012120322043200_b26","doi-asserted-by":"crossref","unstructured":"Ma, Q., Johnston, A.C. and Pearson, J.M. (2008), \u201cInformation security management objectives and practices: a parsimonious framework\u201d, Information Management & Computer Security, Vol. 16 No. 3, pp. 251\u201070.","DOI":"10.1108\/09685220810893207"},{"key":"key2022012120322043200_b28","doi-asserted-by":"crossref","unstructured":"Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J. and Ghalsasi, A. (2011), \u201cCloud computing \u2013 the business perspective\u201d, Decision Support Systems, Vol. 51 No. 1, pp. 176\u201089.","DOI":"10.1016\/j.dss.2010.12.006"},{"key":"key2022012120322043200_b29","doi-asserted-by":"crossref","unstructured":"Moreira, E.S., Martimiano, L.A.F., Brand\u00e3o, A.J.S. and Bernardes, M.C. (2008), \u201cOntologies for information security management and governance\u201d, Information Management & Computer Security, Vol. 16 No. 2, pp. 150\u201065.","DOI":"10.1108\/09685220810879627"},{"key":"key2022012120322043200_b30","doi-asserted-by":"crossref","unstructured":"Myers, M.D. and Newman, M. (2007), \u201cThe qualitative interview in IS research: examining the craft\u201d, Information and Organization, Vol. 17 No. 1, pp. 2\u201026.","DOI":"10.1016\/j.infoandorg.2006.11.001"},{"key":"key2022012120322043200_b32","unstructured":"Official Statistics of Finland (2010a), Finnish Enterprises 2009 (E\u2010publication), Statistics Finland, Helsinki, available at: www.tilastokeskus.fi\/til\/syr\/2009\/syr_2009_2010\u201011\u201026_fi.pdf (accessed 9 June 2011)."},{"key":"key2022012120322043200_b31","unstructured":"Official Statistics of Finland (2010b), Statistics Finland \u2013 Use of Information Technology in Enterprises, available at: www.tilastokeskus.fi\/til\/icte\/2010\/icte_2010_2010\u201011\u201025_tie_001_en.html (accessed 12 September 2011)."},{"key":"key2022012120322043200_b33","doi-asserted-by":"crossref","unstructured":"Pereira, J.V. (2009), \u201cThe new supply chain's frontier: information management\u201d, International Journal of Information Management, Vol. 29 No. 5, pp. 372\u20109.","DOI":"10.1016\/j.ijinfomgt.2009.02.001"},{"key":"key2022012120322043200_b34","unstructured":"Puhakainen, P. (2006), A Design Theory for Information Security Awareness, University of Oulu, Oulu."},{"key":"key2022012120322043200_b35","unstructured":"Ranta, N. (2011), \u201cT\u00e4ss\u00e4 syy OP:n poikkeuksellisiin ongelmiin (This is the reason for exceptional problems of OP Bank)\u201d, Kauppalehti, 25 January."},{"key":"key2022012120322043200_b36","doi-asserted-by":"crossref","unstructured":"Rao, S. and Perry, C. (2003), \u201cConvergent interviewing to build a theory in under\u2010researched areas: principles and an example investigation of internet usage in inter\u2010firm relationships\u201d, Qualitative Market Research: An International Journal, Vol. 6 No. 4, pp. 236\u201047.","DOI":"10.1108\/13522750310495328"},{"key":"key2022012120322043200_b37","unstructured":"Ratnasingam, P.P. (2001), Interorganizational Trust in Business to Business E\u2010commerce, Erasmus Research Institute of Management (ERIM), Rotterdam."},{"key":"key2022012120322043200_b38","doi-asserted-by":"crossref","unstructured":"Romano, N.C., Pick, J.B. and Roztocki, N. (2010), \u201cA motivational model for technology\u2010supported cross\u2010organizational and cross\u2010border collaboration\u201d, European Journal of Information Systems, Vol. 19 No. 2, pp. 117\u201033.","DOI":"10.1057\/ejis.2010.17"},{"key":"key2022012120322043200_b39","unstructured":"Sheffi, Y. and Rice, J.B. (2005), \u201cA supply chain view of the resilient enterprise\u201d, MIT Sloan Management Review, Vol. 47 No. 1, pp. 41\u20108."},{"key":"key2022012120322043200_b40","doi-asserted-by":"crossref","unstructured":"Siponen, M. and Willison, R. (2009), \u201cInformation security management standards: problems and solutions\u201d, Information & Management, Vol. 46 No. 5, pp. 267\u201070.","DOI":"10.1016\/j.im.2008.12.007"},{"key":"key2022012120322043200_b44","unstructured":"Starr, R., Newfrock, J. and Delurey, M. (2003), \u201cEnterprise resilience: managing risk in the networked economy\u201d, Strategy and Business, Vol. 30, Spring, pp. 70\u20109."},{"key":"key2022012120322043200_b45","doi-asserted-by":"crossref","unstructured":"Steinfield, C.W., Markus, M.L. and Wigand, R.T. (2011), \u201cCooperative advantage and vertical information system standards: an automotive supply chain case study\u201d, Proceedings of the 44st Annual Hawaii International Conference on System Sciences (HICSS), IEEE Computer Society, Kauai, HI, USA, pp. 1\u201010.","DOI":"10.1109\/HICSS.2011.130"},{"key":"key2022012120322043200_b46","doi-asserted-by":"crossref","unstructured":"Straub, D.W. and Welke, R.J. (1998), \u201cCoping with systems risk: security planning models for management decision making\u201d, MIS Quarterly, Vol. 22 No. 4, pp. 441\u201069.","DOI":"10.2307\/249551"},{"key":"key2022012120322043200_b47","doi-asserted-by":"crossref","unstructured":"Sultan, N.A. (2010), \u201cReaching for the \u2018cloud\u2019: how SMEs can manage\u201d, International Journal of Information Management, Vol. 31 No. 3, pp. 272\u20108.","DOI":"10.1016\/j.ijinfomgt.2010.08.001"},{"key":"key2022012120322043200_b48","unstructured":"US Census Bureau (2011), US Census Bureau E\u2010Stats 2009, available at: www.census.gov\/econ\/estats\/ (accessed 12 September)."},{"key":"key2022012120322043200_b41","doi-asserted-by":"crossref","unstructured":"von Solms, B. and von Solms, R. (2004), \u201cThe 10 deadly sins of information security management\u201d, Computers & Security, Vol. 23 No. 5, pp. 371\u20106.","DOI":"10.1016\/j.cose.2004.05.002"},{"key":"key2022012120322043200_b42","doi-asserted-by":"crossref","unstructured":"von Solms, R. (1998), \u201cInformation security management (3): the Code of Practice for Information Security Management (BS 7799)\u201d, Information Management & Computer Security, Vol. 6, pp. 224\u20105.","DOI":"10.1108\/09685229810240158"},{"key":"key2022012120322043200_b43","doi-asserted-by":"crossref","unstructured":"von Solms, R. (1999), \u201cInformation security management: why standards are important\u201d, Information Management & Computer Security, Vol. 7 No. 1, pp. 50\u20108.","DOI":"10.1108\/09685229910255223"},{"key":"key2022012120322043200_b49","doi-asserted-by":"crossref","unstructured":"Wagner, E.L., Scott, S.V. and Galliers, R.D. (2006), \u201cThe creation of \u2018best practice\u2019 software: myth, reality and ethics\u201d, Information and Organization, Vol. 16 No. 3, pp. 251\u201075.","DOI":"10.1016\/j.infoandorg.2006.04.001"},{"key":"key2022012120322043200_b50","doi-asserted-by":"crossref","unstructured":"Walsham, G. (1995), \u201cInterpretive case studies in IS research: nature and method\u201d, European Journal of Information Systems, Vol. 4 No. 2, pp. 74\u201081.","DOI":"10.1057\/ejis.1995.9"},{"key":"key2022012120322043200_b51","doi-asserted-by":"crossref","unstructured":"Wang, Y.S., Wu, S.C., Lin, H.H. and Wang, Y.Y. (2010), \u201cThe relationship of service failure severity, service recovery justice and perceived switching costs with customer loyalty in the context of e\u2010tailing\u201d, International Journal of Information Management, Vol. 31 No. 4, pp. 350\u20109.","DOI":"10.1016\/j.ijinfomgt.2010.09.001"},{"key":"key2022012120322043200_b52","doi-asserted-by":"crossref","unstructured":"Wu, W.W., Lan, L.W. and Lee, Y.T. (2011), \u201cExploring decisive factors affecting an organization's SaaS adoption: a case study\u201d, International Journal of Information Management, Vol. 31 No. 6, pp. 556\u201063.","DOI":"10.1016\/j.ijinfomgt.2011.02.007"}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685221211286511","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685221211286511\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685221211286511\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:09:26Z","timestamp":1753402166000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/20\/5\/332-349\/184579"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,11,23]]},"references-count":52,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2012,11,23]]}},"alternative-id":["10.1108\/09685221211286511"],"URL":"https:\/\/doi.org\/10.1108\/09685221211286511","relation":{},"ISSN":["0968-5227"],"issn-type":[{"value":"0968-5227","type":"print"}],"subject":[],"published":{"date-parts":[[2012,11,23]]}}}