Next Article in Journal
The Structural Features and Centrality Optimization of a Firm Interlocking Network of the Nodal Cities on the South Route of the 21st-Century Maritime Silk Road: The Case of Fujian Province
Previous Article in Journal
DNA Barcoding Revealing the Parrotfish (Perciformes: Scaridae) Diversity of the Coral Reef Ecosystem of the South China Sea
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sustainability
Volume 14
Issue 22
10.3390/su142215388
sustainability-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Analysis and Evaluation of Business Continuity Measures Employed in Critical Infrastructure during the COVID-19 Pandemic

by
Katarzyna Rostek
*,
Michał Wiśniewski
and
Witold Skomra
Faculty of Management, Warsaw University of Technology, 00-661 Warsaw, Poland
*
Author to whom correspondence should be addressed.
Sustainability 2022, 14(22), 15388; https://0-doi-org.brum.beds.ac.uk/10.3390/su142215388
Submission received: 9 September 2022 / Revised: 9 November 2022 / Accepted: 16 November 2022 / Published: 18 November 2022
(This article belongs to the Special Issue Climate Change, the Pandemic and Economic Crises)
Browse Figure
Review Reports Versions Notes

Abstract

:
The purpose of the presented research was to determine the effectiveness and sufficiency of measures put in place to protect the business continuity of critical infrastructure (CI) and key services (KSs) during the COVID-19 pandemic. The wide variety of research conducted in the area of business continuity maintenance during the COVID-19 pandemic does not change the fact that there is still a research gap in this area, particularly in terms of issues related to CI and KS protection. A systematic review of scientific publications revealed the need for continued research into this topic given the fact that only 19 papers related to CI continuity and 8 directly to KS operators could be identified. Holistic and interdisciplinary research is particularly needed to organize and systematize the existing scientific knowledge on the subject, and in practical terms, help organizations and institutions to better prepare for future continuity disruptions. A survey conducted between March and May 2021 among entities operating in Poland and classified as critical infrastructure operators as well as key service operators, subcontractors, and suppliers crucial to maintaining the continuity of critical infrastructure operations revealed that entrepreneurs, surprised by the speed and aggressive nature of the pandemic, mainly resorted to protective measures that were immediately available, standard solutions that did not require excessive financial and organizational effort. But in the face of long-term pandemic threat, such measures may no longer be sufficient, so it is important to intensify research into those precautions that require readaptation of work organization and organizational processes to protect key workers, increase supply chain resilience, and protect the work process.

1. Introduction

Maintaining business continuity during the COVID-19 pandemic and seamlessly recovering from the crisis is a task that poses a significant challenge to all managers and participants in socioeconomic processes. The ISO 22301 definition of business continuity as the ability of an organization to continuously deliver a product or service within an acceptable timeframe with acceptable performance during disruptions [1] takes on particular significance with respect to the security of critical infrastructure (CI) and key services (KSs) given that the very concept of CI is centered on the assumption that these facilities are important to economic security, national defense, and the functioning of the society [2].
According to the classic definition, critical infrastructure comprises systems and assets, whether physical or virtual, that are so essential to a nation that any disruption of their services could have a serious impact on national security, economic well-being, public health or safety, or any combination thereof [3]. There is no global consensus as to which specific systems should be considered CI, but at the most general level, it includes elements that are vital to the operation of a society [4]; hence, systems such as electricity, transport, healthcare, gas and oil, telecommunications, banking and finance, emergency services, government continuity, and water supply are typically recognized as CI systems [5].
Key services, introduced into the economic and scientific debate by the NIS Directive of 21 April 2016 [6], are an elaboration on this basic understanding of CI. This redefined approach to identifying critical facilities is based on the premise that it is the unavailability of KSs that generates negative consequences for the society, the state, and the environment. Therefore, in order to identify the actual CI, it is necessary to identify the KSs characteristic for a specific critical process and their dependencies on specific vulnerable resources. Some of said resources directly influence the capacity for continued KS provision, and it is those very resources that should be considered as CI, particularly in the context of maintaining business continuity.
Observing the change in the approach to CI and KS protection over the years, it is important to note the progression from protecting specific systems and entities [7] to developing holistic policies that improve their resilience globally—politically, socially, and economically [8]. This is a consequence of the shift from a CI-centric approach to a more KS-oriented perspective. The experience of the COVID-19 pandemic further reinforced the above postulates, leading to a surge in research and publications centered around assessing the impact of different types of precautions on the ability to maintain business continuity during a crisis and the efficiency of recovery from the same once restrictions and limitations are lifted. The research conducted in this area is twofold—global and individual to reflect the directions of CI and KS protection outlined above. In the global dimension, researchers try to characterize particular phenomena and develop practical recommendations for management, economics, finance, and law. In the individual dimension, the effectiveness of actions taken and measures applied is assessed, and the ability of a specific organization or group of organizations to flexibly adapt to a crisis situation is analyzed.
The wide variety of research conducted in the area of business continuity maintenance during the COVID-19 pandemic notwithstanding, the systematic review of scientific papers carried out in the present study (Section 2) revealed that there is still a research gap in this area, particularly in terms of CI and KS protection. In this context, two research questions were formulated:
RQ1: What specific topics of existing academic research address business continuity in the context of the pandemic, including considerations pertaining to CI protection and KS provision?
RQ2: What has been the effectiveness and sufficiency of the measures actually put in place to protect CI business continuity during the pandemic, as reflected in the present study and secondary research?
The answer to RQ1 was derived from a systematic literature review presented in Section 2. The answer to RQ2 is contained in Section 3, Section 4 and Section 5, where the results of the quantitative survey are presented, discussed, and related to the literature reports analyzed in Section 2. A summary of the entire paper with indications for further research is presented in Section 6.

2. Systematization of the Relevant Literature

Business continuity management (BCM) is a management process based on a risk and business impact assessment to build organizational resilience [9]. CI and KS operators treat BCM as a mandatory part of their core business. Therefore, they can be considered as the group with the highest culture development of business continuity plans, protection measures, and social impact in the security field. Given the above, it is reasonable to investigate the effectiveness and sufficiency of the protections they applied during a pandemic. The systematic literature review shown in Figure 1 is subordinated to this thesis.
  • Step 1
The current situation of pandemic and post-pandemic recovery has activated academic circles towards business and organizational continuity research. As indicated by the results of Table 1, there has been considerable interest in the topics of both business continuity and the impact of the COVID-19 pandemic, but there are still few studies that combine the two.
The search results presented in Table 1 demonstrate that there is a significant research gap in terms of interdisciplinary studies investigating business continuity management issues during the COVID-19 pandemic. Based on the above, requirements were formulated for a systematic literature review aimed at identifying research focusing on business continuity during the COVID-19 pandemic. The literature review was conducted based on the two scientific databases, WoS CC and Scopus, as these are the databases commonly used in bibliometric and systematic analyses of literature and research papers [10,11].
  • Step 2
Exploration of the existing literature concerning one-way and two-way relationships between the terms of business continuity and the COVID-19 pandemic involved filtering the databases using a specific set of keywords. The selection of an appropriate set of keywords was preceded by the identification of terms, synonyms, and abbreviations related to “business continuity” and “COVID-19”, as used in the most frequently cited or most recent scientific publications thematically related to business continuity and the COVID-19 pandemic, based on the entries in the WoS CC and Scopus databases associated with the areas of management science and economics.
Based on the results, a query was formulated to search for relationships between the topics of business continuity and the COVID-19 pandemic across titles, keywords, and abstracts, without timeframe or language restrictions. The query was entered into the Scopus (Q1) and WoS CC (Q2) databases in October 2021:
Q1: TITLE-ABS-KEY (business AND continuity AND COVID-19 OR pandemic OR epidemic OR SARS-CoV-2).
Q2: TS = ((“business continuity”) AND (“COVID-19” OR “pandemic” OR “epidemic” OR “SARS-CoV-2”)).
In the WoS CC database, 119 papers matching the criteria were identified; in the Scopus database, 276 papers. After eliminating duplicates and papers posted without abstracts, a total of 295 unique publications were qualified for further analysis. The resulting dataset was analyzed using machine learning methods, under the latent Dirichlet allocation (LDA) model. LDA is a generative probabilistic model in which documents are represented as random mixtures over latent topics, where each topic is characterized by a distribution over words [12]. Structures similar to LDA are often studied in Bayesian statistical modeling, where they are referred to as hierarchical models [13], or as conditionally independent hierarchical models [14].
Analysis of the data showed that the highest degree of coherence was obtained by dividing the analyzed set into 16 themes (coherence coefficient 0.298). There was some overlap between four themes in this configuration. Therefore, the division into eight themes (coherence coefficient 0.288) was the first option to not include overlapping themes.
Theme 2.1 covers the impact of disasters in a general meaning, including pandemics (especially pandemic influenza), on the implementation of organizational and operational continuity plans, e.g., [15,16,17]. The most common keywords in this selection were as follows: pandemic, disaster, business, plan, flu, and risk.
Theme 2.2 addresses the most sensitive area of pandemic impact, which is business continuity in the context of supply chain resilience to the COVID-19 crisis, e.g., [18,19,20,21]. The most common keywords in this selection were as follows: business, pandemic, covid, continuity, risk, impact, plan, crisis, strategy, resilience, and supply chain.
Theme 2.3 presents the impact of the COVID-19 pandemic on business continuity in the context of defining emergency plans, crisis response, and organizational management model, e.g., [22,23,24]. The most common keywords in this selection were as follows: pandemic, business, continuity, covid, plan, crisis, work, model, organization, response, and emergency.
Theme 2.4 refers to the characterization of the COVID-19 pandemic crisis in the context of response strategies, e.g., [25,26,27]. This is a particularly important topic because of the effectiveness and efficiency of management in view of the next crises. The most common keywords in this selection were as follows: business, continuity, pandemic, company, covid, crisis, risk, strategy, and response.
Theme 2.5 contains considerations on organizational preparedness for the COVID-19 crisis in the context of its critical services, e.g., [28,29,30]. The most common keywords in this selection were as follows: business, pandemic, continuity, crisis, covid, preparedness, service, and critical.
Theme 2.6 focuses on the provision of medical services during pandemics. In this context, the references made were not only to the COVID-19 pandemic but also to previous similar occurrences, e.g., [31,32]. The most common keywords in this selection were as follows: health, pandemic, service, care, risk, business, and continuity.
Theme 2.7 presents the patient’s perspective and health system continuity during the COVID-19 pandemic, e.g., [33,34,35]. The most common keywords in this selection were as follows: business, pandemic, continuity, covid, patient, system, health, and care.
Theme 2.8 is not determined by any keywords and included only seven qualifiable publications. Due to the difficulty of establishing a central theme and the small size of the sample, a decision was made to exclude it from further analysis.
In summary, it is possible to determine two main thematic lines of this research—general, considering the pandemic and its impact in a generalized meaning (where the main representatives are the themes 2.1, 2.3–2.5), and specific, referring to specific areas of this impact (where the main representatives are the themes 2.2, 2.6–2.8).
  • Step 3
At this stage of the systematic literature review, the focus was on analyzing publications pertaining to CI and KS operators. To this end, the available scientific papers were reviewed again, with the intention of establishing a set of keywords that uniquely identify relevant studies. The databases were searched again by combining keywords characterizing business continuity, COVID-19, CI, and KSs in the form of queries Q3 (Scopus) and Q4 (WoS CC):
Q3: TITLE-ABS-KEY ((“business continuity”) AND (COVID-19 OR pandemic OR epidemic OR SARS-CoV-2) AND (“critical infrastructure” OR “critical base” OR “critical substructure” OR “critical services” OR “key services” OR “key resources” OR “essential services” OR “crisis management”)).
Q4: TS = ((“business continuity”) AND (“COVID-19” OR “pandemic” OR “epidemic” OR “SARS-CoV-2”) AND (“critical infrastructure” OR “critical base” OR “critical substructure” OR “critical services” OR “key services” OR “key resources” OR “essential services” OR “crisis management”)).
The search yielded 27 papers from the Scopus database and 14 papers from the WoS CC database. After removing duplicates and papers not containing abstracts, the final result was a collection of 29 papers. In this case, the LDA analysis was not applied due to the scarcity of records in the analyzed set. An attempted analysis using the LDA method indicated that the highest coherence coefficient was for 29 themes, which meant that each study would be treated as a separate, significantly different area of research. For this reason, the analysis of this collection of studies was carried out using the method of narrative analysis [36], which allowed the final identification of five distinct thematic groups.
Theme 3.1 comprised studies largely indicating (more broadly than just in the context of the COVID-19 pandemic) the need for and effectiveness of using business continuity plans under pandemic conditions [20,33]. In this group, attention was paid, among other things, to situations where business requirements force the system performance to closely align with market demand and, at the same time, to account for the shortage of reserves that are necessary to meet the challenges of emergency situations, such as a pandemic [37,38,39].
Theme 3.2 comprised texts indicating the operational risk management tools derived from the theory of management science as effective and necessary in the process of preparing the organization for the potential occurrence of a threat. Papers in this group included a study discussing strategies for mitigating the socioeconomic–environmental risks of emergencies resulting from the COVID-19 pandemic [22]. Other studies in this group included considerations on the use of risk assessment to identify areas for which a business continuity plan should be developed in the event of a crisis [25], and the use of risk management methods to better identify risks associated with resuming or continuing operations under COVID-19 pandemic conditions, including effective and sufficient protective measures [40].
Theme 3.3 comprised papers showing the effectiveness of using other management tools that are not exclusively associated with risk management. In this group, attention was drawn, among other things, to the advisability of using process analysis to identify areas that require protection. Under this approach, operational resilience is achieved by identifying critical processes and resources, and consequently by protecting said resources and ensuring the business continuity of said processes [19]. Other elaborations providing a more in-depth insight included studies on the simulation and use of different scenarios in decision making [20,41]. The summary of this group creates a conclusion that the inclusion of risk and crisis management strategies in business continuity management facilitates better resilience of businesses to the effects of negative phenomena and incidents [24].
Theme 3.4 comprised studies on the role of leadership in times of crisis. Among other things, this group highlighted the advantages of an agile organization and strong leadership in the context of organizational adaptation to pandemic conditions [42]. Also included here were research findings on transformational leadership and communication systems as business continuity tools during COVID-19 [43]. In addition, the role of crisis management managers was also highlighted as an appropriate and effective crisis response tool [44].
Theme 3.5 comprised texts that indicate the effectiveness of specific actions to ensure business continuity in organizations. The research papers included in this group confirmed the effectiveness of teleworking, testing for SARS-CoV-2, and modifying the organization of customer service by changing communication contact points within the organization. With these measures in place, the organization’s operational capacity was limited only due to decisions of state authorities, but never completely undermined [32]. Another study discussing the efficacy of selected precautions in production processes proved not only their effectiveness for the duration of the pandemic, but also their applicability afterward. This is due to the fact that the protection measures employed have effectively created a new functional model of an organization that facilitates stability in terms of the intended level of production without the need to significantly increase employment in order to achieve and maintain this stability in the event of a major disruption [45]. This group of papers also included a study presenting the results of a survey conducted in a group of 118 CI experts affiliated with the European Reference Network for Critical Infrastructure Protection coordinated by the European Commission’s Joint Research Centre. The study examined the actions taken by CI operators to ensure the business continuity of the companies they manage [46].
In summary, the above considerations confirm the validity and usefulness of research output developed even before the pandemic and aimed at increasing CI flexibility, adaptability, and resilience to change, the overall premise thereof being that in the long term, risks cannot be avoided but vulnerability thereto can and indeed should be effectively reduced [47]. Ongoing cross-sectoral research has revealed the importance and potential of interorganizational relationships such as networking, which have helped to significantly diminish problems of resource unavailability or supply chain disruptions [46]. An analysis performed from the perspective of public administration entities revealed that nationwide CI disruptions were most often due to staff absenteeism and interruptions of the supply chains of the CI operators [48]. These observations have global implications that bear significantly on the overall perception of management, especially in terms of reducing warehouse stocks, which are dependent on the high efficiency and consistency of supply chains.
In addition to general research, in-depth case studies are also conducted with a view to identifying the specific precautions and solutions put in place by businesses, as well as their respective effectiveness and utility during the COVID-19 pandemic [49,50]. Interestingly, some of said studies indicate that the COVID-19 pandemic has fundamentally changed the approach to management, particularly with regard to the role of leadership and sustainability management [51], as well as the operational and business models that will henceforth continually entrench and advance business continuity management [45]. From the perspective of economic analysis, the protective measures employed ought to be effective in terms of limiting the impact of the crisis on business operations, as well as the impact on the continuity of supply chains and the ability to maintain customer relationships during a period of reduced contact. The global analysis of this phenomenon led to certain conclusions regarding the effectiveness of crisis response, which was found to be primarily dependent on the following [52]: the agility of business processes and the use of digital technologies in the communication of these processes, the existence of technical provisions useful to ensure the sustainability of operations during the transition phase and to support the smooth adaptation of the organization to a changing business situation, adopting efficient business analytics methods and tools that effectively support intraorganizational communication and decision making, and the ability to create differentiated and modular product/service portfolios and adaptable business models that foster faster improvement.

3. Materials and Methods

The study based on a CAWI internet survey was conducted in a target-selected respondent group. The survey took place in March and May 2021 and was made available, via the Government Security Centre (GSC), to all entities operating in Poland (100% population) and classified as follows:
  • Critical infrastructure operators within the meaning of the Act of 26 April 2007 on crisis management (Journal of Laws of 2020, item 1856), which should be understood as systems and their functionally related objects, including construction facilities, equipment, installations, services, that are key to the security of the state and its citizens and that serve to ensure the efficient functioning of public administration entities, as well as institutions and entrepreneurs;
  • Key service operators within the meaning of the Act of 5 July 2018 on the National Cyber Security System (Journal of Laws of 2020, item 1369), which should be understood as operators of services being critical to maintaining critical social or economic activities and listed in the list of key services;
  • Subcontractors and suppliers who are key to maintaining the continuity of critical infrastructure operations within the meaning of the Act of 31 March 2020 on special solutions related to preventing, counteracting, and combating COVID-19, other infectious diseases, and crisis situations caused by them and some other acts (Journal of Laws 2020, item 568).
Since the above characteristics often occur complimentarily (e.g., a CI owner is also a KS operator, and may also be a key supplier to maintaining business continuity at other CI and KS operators), the structure of the surveyed population included 77% CI operators, 40% KS operators, and 60% key subcontractors and suppliers maintaining CI business continuity. Most of them (51% of the population) are former CI operators and key subcontractors and suppliers at the same time. This means that most of the entities surveyed were responsible not only for the business continuity of their own organization, but also for related organizations in the supply network. This fact significantly affected the scope of the formulated questions in the research survey.
The survey was structured by type of protection measures to reflect both the applicable government regulations and recommendations, in particular concerning the protection of CI and KSs, and the accumulated practical experience in terms of relevant types of protective measures. For this purpose, the protection categories used were extracted from the content of the analyzed articles. Table 2 lists the particular categories used in the research survey.
A total of 73 responses were returned in the survey structured as follows:
  • General part—including characteristics of the conducted activity, the experienced level of infections and disruptions caused by the SARS-CoV-2 virus;
  • Questions addressed to all respondents with regard to the deployment and assessment of particular protection measures: formal and legal, individual, collective, and in terms of work organization;
  • Questions to production entities regarding the deployment and evaluation of production process protection measures;
  • Questions to non-production entities regarding the deployment and evaluation of measures employed to protect work processes (other than the production process).
The effectiveness of the employed protective measures was evaluated on the 5-point Likert scale interpreted as follows:
1—ineffective;
2—low efficiency;
3—average efficiency;
4—above average efficiency;
5—high efficiency.
The respondents’ professional competence, confirmed by the GSC (the institution tasked with disseminating and conducting the survey), ensured the high reliability of the answers provided.
As regards the results of the general part of the questionnaire, the respondents surveyed were primarily CI operators (56 entities, 77% of the surveyed population)—public, national entities with at least 250 employees and an annual turnover of over EUR 10 million. Work in such entities is typically carried out in 3 shifts, 7 days a week. Nearly 1/3 of the entities (20 entities, 27% of the population) declared involvement in production activities, which was important from the perspective of testing the applicability and effectiveness of work process protection measures in both production and non-production environments. The surveyed organizations declared having faced the problem of infections and related business disruptions (Table 3).
The results in Table 3 indicate that during the pandemic (until March 2021), the surveyed respondents experienced low (up to 10% of the workforce) to medium (11–50% of the workforce) incidence of infections. The resulting disturbances did not adversely affect the ability of the organization to maintain business continuity (only 1 case of suspension of operations) but did nonetheless adversely affect work processes in some cases due to quarantine requirements (11 entities, 15% of the population) or other reasons (8 entities, 11% of the population).

4. Results

The survey respondents were asked about the implementation of specific actions under the predefined categories of protective measures. The number of activities included in respective categories varied (Table 4). Not all of the activities listed in the survey were put into practice by the respondents. The number of measures declared by more than 90% of the respondents as employed during the COVID-19 pandemic (most popular measures) also varied between particular categories (Table 4).
Based on the results in Table 4, three levels of popularity applicable to the protective measures in each category could be identified (Table A1): unpopular actions, average-popularity actions, and popular actions.
Unpopular actions are those for which the percentage of non-applicability (“average percentage of the population not taking action” column) was higher than the average percentage of the whole population not employing these measures in the specified category (“population-wide” cell). Average-popularity actions are those for which the percentage of non-applicability was at most equal to the average percentage of the whole population not employing these measures in a given category, but at the same time was not less than 10%. Finally, popular actions are those for which the level of applicability was over 90% of the whole population.
When analyzing the results presented in Table A1 (Appendix A), it should be noted that in the first three categories of protection measures (formal, individual, and collective) the numbers of popular and unpopular protection measures are proportional. On the other hand, the two subsequent categories (work organization and organization of work processes) show a clear decrease in the use of specific measures. Steps that did not directly follow from the generally applicable formal and legal regulations and pandemic restrictions we less frequent, similarly to those requiring major organizational changes (e.g., special arrangement of the workspace), technological changes (e.g., automated transport), or additional financial outlays (e.g., parallel backups for leadership positions). Unpopular solutions also included protection measures that significantly affected the comfort of work and the level of employee satisfaction (e.g., giving up air conditioning, obliging employees to remain on standby outside normal working hours at the workplace or another place designated by the employer).
Actions rated above 3 on a Likert scale were considered effective in terms of maintaining business continuity during the COVID-19 pandemic. On average, the highest effectiveness was reported in the areas of formal and legal protection measures, work organization, and production process organization (Table 5). However, it should be noted that the highest proportions of measures deemed as effective were observed in the context of personal protective equipment (40% of all actions) and work area protection equipment (25% of all actions).
Specific actions deemed as effective and the average effectiveness ratings given thereto are presented in Table A2 (Appendix A). It is notable that these measures were simultaneously (with one exception) characterized by high applicability, with over 90% of the respondents employing the same. The largest numbers of such activities belong to the individual protection (4 activities of 10 total) and work organization protection (5 activities of 20 total) measures. Their specificity is the typicality and the universality of their use, not only in CI facilities, but in any organization during a pandemic, such as hand disinfection, covering the nose and mouth, teleconferencing, or measures to reduce the density of people in buildings.
Activities rated below 3 on the adopted Likert scale were considered ineffective activities in terms of maintaining business continuity during the COVID-19 pandemic. On average, the lowest effectiveness was reported in the group of collective protection measures, the area of organization of other (non-production) work processes, and individual protection (Table 6).
It should be noted that the rankings of individual protection measures presented in Table 5 and Table 6 are almost identical, which confirms the higher effectiveness of formal protection measures, as well as measures in the work organization area and production process organization area, relative to measures in terms of individual protection, collective protection, and other (non-production) work processes. At the same time, there are twice as many protective measures deemed to be ineffective as there are those assessed as effective.
The leaders in the group of ineffective activities (Table A3) are protection measures of the work organization (9 activities of 20 total) and the production process (7 activities of 11 total). This group was dominated by activities that negatively affect the comfort and psyche of employees (for example, full face covering, cancellation of air conditioning, limiting the number of entry points to facilities) and require a great deal of organizational effort and financial outlay (for example, parallel backups for leadership positions, automatic record of production plan execution, automated transport, deliberate workspace arrangement to minimize the need for employee contacts).
The specific activities identified as ineffective by the respondents correspond to those not used by many of the respondents. As follows from the above specific analyses, actions deemed as ineffective were, quite naturally, avoided by the respondents. On the other hand, the actions considered effective were universally employed by a vast majority of the surveyed population. The average level of non-applicability of ineffective solutions was 35%, while for effective measures this ratio was only 3% (Table 7).
It is therefore reasonable to hypothesize that based on previous experience in terms of CI and KS protection, the respondents avoided using and testing protective measures that they had previously identified as ineffective.
To summarize the results obtained in the survey, it should be noted that the most popular business continuity measures were easily available, were commonly used, did not require extensive expenditures or organizational effort, and were most often required directly by law. Less popular measures were typically those not directly imposed by formal and legal regulations and pandemic restrictions, and ones that required substantial organizational and technological changes or additional financial outlays. Finally, unpopular measures were those that significantly reduced employee comfort and satisfaction, regardless of their effectiveness in terms of maintaining business continuity.

5. Discussion

The conducted literature review and previous research experience allowed us to prepare a research survey whose results reflect the sufficiency and effectiveness of the protective measures employed by Polish CI and KS operators during the recent pandemic. The survey was unique in terms of the scope and multidimensionality of the questions, which pertained to the formal–legal, personal, collective, and organizational protection measures.
Our assessment of the resilience of Polish CI and KS operators revealed that it proved sufficient to maintain business continuity during the pandemic. This was evidenced by the fact that despite the moderate to medium incidence of infections among the surveyed population (from 10 to 50% of the workforce) and the resulting quarantine requirements (in 54% of cases), only eight entities reported interruption of operations (11% of the surveyed population), and only one reported complete suspension thereof (1.5% of the surveyed population).
The effectiveness of security measures put in place by the respondents was largely influenced by compliance with risk mitigation recommendations from a variety of advisory and regulatory sources (Table 8).
The above results indicate an urgent need for a public and widely moderated debate on the effectiveness of security management and business continuity to be undertaken in the political, economic, and social domains. Since the unquestionable motivator for action is appropriate legislation, national governments should analyze in detail which protection measures, omitted or reduced during the current pandemic, should be included in the event of another threat. The results also underscore the need for systemic solutions within the scope outlined by the OECD in 2019 [8]. This, in turn, reinforces the importance of continued research on the effectiveness of particular protective measures, as the resulting general knowledge can prove extremely valuable in mitigating both present and future risks.
Viewed from the perspective of an organization as a member of a community, committed to the principles of sustainable development and social responsibility, the above results should also be considered in the context of three distinct profiles applicable to such measures—preventive, intraorganizational, and extraorganizational.
  • Preventive measures
The pandemic has changed business attitudes toward preventive measures implemented to secure business continuity. Admittedly, most CI and KS operators had business continuity protocols in place even before the pandemic (60% of the surveyed population), but the experience of COVID-19 significantly increased this percentage (84% of the surveyed population). Practically the entire surveyed population developed detailed procedures for dealing with infections (90–98% of the respondents), and in more than 40% of cases, these procedures were employed more than 10 times. A parallel comparison survey of non-CI and non-KS entities showed that the use of business continuity plans was high also in that population (67% of the surveyed population). Unfortunately, the comparative analysis also revealed that protective procedures were used by only half of the same (53% of the surveyed population), and crisis management plans were put in place by only a third thereof (33%). This seems to corroborate the thesis that preventive measures and good preparedness for an impending crisis or disaster can effectively reduce the consequences and losses resulting from such events, and that all organizations, not only CI and KS operators, should routinely employ this type of measures. The thesis is further supported by the results of other ongoing studies that point to the need to introduce business continuity and crisis management plans not only in enterprises, but also in public administration institutions [46], and present the organizational and financial consequences of not having such plans, as observed at the beginning of the current pandemic [22].
  • Intraorganizational measures
In addition to the much-needed preventive solutions, the most common measures implemented by entrepreneurs during the pandemic could be described as intraorganizational and included ready-made solutions in terms of formal and legal protection, individual protection, collective protection, work organization, and the organization of the work process. Indeed, most of the same fell under the category of formal and legal or individual measures. Other types of solutions were selected very carefully in response to particular needs, but also subject to the applicable financial, time, HR-related, and organizational limitations. For example, the predominance of measures implemented to protect the organization of the work process was clearly noticeable in production enterprises, while non-production enterprises were more careful to protect the organization of work in a more general sense. Naturally, this is hardly surprising given the fact that the manufacturing environment is particularly vulnerable to business continuity risks related to employee health [45]. And although at the time of the survey, the protection measures in place appeared to be sufficient, one must consider the possibility that they may not be enough in the long term. It is therefore crucial that preventive measures and internal organizational solutions are carefully planned and prepared during relatively peaceful periods if we are to ensure lasting and reliable resilience in times of crisis and disaster. As demonstrated in other ongoing research, it is necessary to facilitate both scientific diagnostic studies [46] and organizational self-assessment [49] to evaluate the actual effectiveness, sufficiency, and adequacy of the protective measures currently in place.
  • Extraorganizational measures
The last group of measures discussed above pertained to external organizational protection, i.e., the organization’s social responsibility for the safety of its customers, co-operators, contractors, and society as a whole. The specific measures in this group related to two distinct aspects: protection of customers, contractors, and co-workers coming in contact with the entity, and supply chain disruptions.
As follows from the present and other studies [31], in terms of minimizing the contribution of an organization’s employees to the spread of infections in the organization’s environment, it is extremely important that relevant governmental regulations and restrictions are strictly followed both inside and outside the place of employment. Hence, there is an advantage of Asian over European countries in this regard, as Eastern culture is characterized by much stronger discipline and strict adherence to the letter of the law. The social responsibility of companies and institutions was particularly noticeable during the pandemic. It seems that there was no entity that did not realize the responsibility and the impact it has on the health and safety of its environment. This is one aspect of the pandemic that should be considered positive and integrates all economic and social entities.
The analysis indicated a particularly strong commitment to the implementation of such measures in production enterprises. This is understandable, given that companies from this subgroup are particularly vulnerable to disruptions of the supply chain which is crucial to their ability to continue operations and fulfill orders [52]. Hence, the scope of the protective measures employed in this subgroup had to go beyond the internal scope of the entities themselves [54]. It should be emphasized that the consequences of the disruption of international supply chains caused by the pandemic are still being felt, despite most of the pandemic restrictions having been lifted and the return to at least seeming normalcy. This fact also leads to a completely different approach to business continuity planning that is no longer a matter of individual preparedness, but rather a strategy encompassing the entire network of collaboration and dependency, in accordance with the currently prevailing Industry 4.0 approach [55].

6. Conclusions

  • Research insights
The presented results for RQ1 clearly indicated the subject areas wherein the existing academic studies effectively address business continuity issues in the context of the pandemic, particularly in terms of CI protection and KS provision. Eight leading research themes were identified in academic research pertaining to business continuity management during the pandemic, and five themes were specific to the same area of research but conducted among CI and KS operators. A systematic analysis of scientific publications evidenced the urgent need for further research on this topic seeing as only 19 papers on CI continuity and 8 papers related directly to KS operators could be identified. The topics that were identified in both step 2 and step 3 of the systematic literature analysis dominantly concerned the following: the impact of disasters, including pandemics (flu pandemic in particular), on the implementation of organizational plans and continuity of its operations; the supply chain resilience to the COVID-19 crisis; and the organization’s preparedness for a COVID-19 crisis in the context of its critical services and processes. In particular, research of a holistic and interdisciplinary nature is needed to facilitate scientific organization and systematization of thematic knowledge and provide practical guidelines for organizations and institutions to help them better prepare for future epidemic events.
In terms of the results relevant to RQ2, the applicability and effectiveness of CI business continuity protection measures employed during the pandemic were determined by conducting a survey in a group composed of CI and KS operators and their key suppliers and manufacturers. The sufficiency of the precautions implemented was confirmed in view of the fact that complete suspension of operations was necessary only in 1 out of 73 cases examined. Nevertheless, the observed pattern shows that entrepreneurs, surprised by the speed and aggressive nature of the pandemic, mainly resorted to protective measures that were immediately available, standard solutions that did not require excessive financial and organizational effort. But in the face of long-term pandemic threat, such measures may no longer be sufficient, so it is important to intensify research into those precautions that require readaptation of work organization and processes to protect key workers, increase supply chain resilience, and protect the work process. The study presented in this paper focuses on such highly advanced and non-universal solutions that can transform future operating environments while significantly reducing their vulnerability to business interruption, which in the case of CI and KS operators is not only an organizational challenge but more importantly a social responsibility. Against this context and taking into account the three analytical profiles highlighted in the discussion section, conclusions were formulated, the final findings of which are presented below.
Preventive measures and good preparedness for impending crises or disasters can effectively reduce the consequences and losses resulting from the same. Therefore, all organizations, not only CI and KS operators, should broadly employ this type of measures, and business continuity planning should become as prevalent as risk assessment or crisis management planning. If we are to ensure high resistance to crisis and disaster, preventive measures and internal organizational solutions should be carefully planned and prepared during relatively peaceful periods. This, however, requires both in-depth scientific diagnostics and organizational capacity for self-assessment in terms of the effectiveness, sufficiency, and adequacy of the protective measures already in place. Operating under conditions of social responsibility and sustainable development not only means that extraorganizational measures become equally important as the other two discussed categories, but also guarantees the survival of cross-organizational supply chains, thus ensuring business continuity for all participants therein.
  • Research limitations and further studies
The primary limitation of the survey presented above was the scope of the questions included which, although pertaining to five key security areas, did not encompass all issues relevant to effective preparation for future threats. Thus, it is necessary to continue research in areas outlined by existing literature but not considered in the above analysis. Above all, future research should include the following: assessment of the mental and physical condition of workers, in particular key employees and managers [45,56]; the social impact of the organization and its protective measures and the possibility for the organization to become involved in support programs launched in the region (social responsibility) [52]; the impact of the environment and existing environmental solutions on the organization’s ability to maintain business continuity (sustainability development) [49]; opportunities to increase organizational flexibility and resilience by taking advantage of scientific and technological advances [27]; and implementation of effective learning-by-doing techniques to improve existing protective measures as well employee competences and skills [22]. The purpose of such a focus for further research is not only to meet the demand for holistic and interdisciplinary research on the pandemic in various areas of social impact, including CI and SK, but also to find answers to questions about the changes that have irrevocably transformed our economies and societies after the COVID-19 pandemic period [57,58].
To recapitulate, it should be reiterated that while crises and disasters are unavoidable, the scale and severity of their impact largely depend on us and our determination in preparing for such occurrences, which can be significantly aided by further scientific research exploring these issues, and the scope and diversity of this research will determine future success.

Author Contributions

Methodology and conceptualization, K.R. and M.W.; survey conduct, W.S., writing and editing, K.R. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by IDUB against COVID-19 project granted by Warsaw University of Technology under the program Excellence Initiative: Research University (IDUB); grant No. 1820/54/201/2020.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Informed consent was obtained from all subjects involved in the study.

Data Availability Statement

Not applicable.

Acknowledgments

The research survey was developed and completed with the involvement and cooperation of the Government Security Center.

Conflicts of Interest

The authors declare no conflict of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript; or in the decision to publish the results.

Appendix A

Table
Table A1. Classification of the popularity of detailed actions for each analyzed category of protection measures (author’s own elaboration).
Table A1. Classification of the popularity of detailed actions for each analyzed category of protection measures (author’s own elaboration).
Unpopular ActionsActions of Average PopularityPopular Actions
Formal and legal protection measures:
An action plan in case someone at a meeting exhibits symptoms of COVID-19Job hazard assessmentStay-at-home policy in case of contact with an infected person
A plan for transferring a person exhibiting symptoms of COVID-19 to emergency servicesA plan for isolating a person exhibiting symptoms of COVID-19 within the workplace Procedures for identifying persons who have come in contact with a worker diagnosed with COVID-19
Training completed with proven knowledge of procedures in different situations related to COVID-19 pandemicInternal control of compliance with formal and legal requirements for epidemic preventionBusiness continuity plan
Commitment of workers to a 14-day quarantine upon return from a country with SARS-CoV-2 incidenceSelf-monitoring of employees returning from business trips for 14 days after return Procedures for identifying areas where an employee with confirmed COVID-19 has been present
Establishment of a crisis management teamAn action plan to prevent SARS-CoV-2 infection at the meetings
A contingency plan for outbreaks in the communities wherein the company operatesRegistration of visitor data
Suspension of activities
Individual protection measures:
Workwear storage areaGlovesPromotion of regular and thorough hand washing by employees, contractors, and customers
Full protective clothing (e.g., overalls)Training in the use of personal protective equipmentEnforcement of recommendations to cover mouth and nose
Covering the full faceTemperature measurement before workCovering the nose and mouth (masks, visors, etc.)
Measurement of oxygen saturation before work
Collective protection measures:
Filtration and/or regular ventilation (air exchange) in roomsLimitation of the number of people using a room at any one time (production sites, offices, and common areas)Notification to employees, suppliers, contractors, and customers that anyone with even a mild cough or low-grade fever (37.3 C or higher) must stay home
Periodic COVID-19 testing at the employer’s expenseFlexible working hours and flexible breaksPosters, videos to raise awareness of COVID-19 among employees
Cancellation of air conditioningInfection prevention trainingCleaning procedures for individual stations (disinfection)
Conditions for the shortening of the compulsory quarantine in connection with the periodic COVID-19 testing agreed with the District Public Health Inspector Regular scheduled surface disinfection
Work organization protection measures:
Special protection (testing, limited access, limited contact) for employees with unique competenciesEmployee work schedules planned to minimize contact between employees with equivalent positionsTeleconferencing
Conditions for key personnel to be in seclusion (either on site or in a dedicated area) when remote working is not possible (operator services, laboratory staff, etc.)Introduction/modification of monitoring of housekeeping workPostponement or suspension of workplace events that involve close and prolonged contact between participants, including social gatherings
Non-assignment of high-risk tasks to workers who have pre-existing medical conditions, are pregnant, or are over 60 years of age Permanent teams of workers to handle specific jobsAlternating work—rotation (dividing workers into teams that do not interact with each other)
Limiting the number entry points to facilitiesRestricting or excluding buffet dining options and switching to a “take-away” mode“Permanently” assigned equipment/tools used in the work process
Obligation for employees to remain on standby outside normal working hours in the workplace or in another place designated by the employer Employee work schedules planned to minimize contact between employees working in the same department
Instructing employees to work overtime to the extent necessary to ensure the continued operation of the business or station
Parallel backups for leadership positions
Unidirectional movement pathways
Employees confined to designated areas during work breaks
Production process protection measures:
Electronic work instructionsPaper records reduced or eliminated and replaced by electronic recordsDisinfection of work items (products)
Remote quality controlPerformance of maintenance and repair activities during non-production shiftsMaintenance of a minimum distance of 1.5 m between workstations
Automatic record of production plan execution
Deliberate workspace arrangement to minimize the need for employee contacts (e.g., access to storage areas, materials and components, tools)
Automated transport
Airlocks between rooms
Other work process protection measures
Workstation access protection (e.g., glass, Plexiglas walls, distance barriers, floor markings)Maintenance of a minimum distance of 1.5 m between workstations
Deliberate workspace arrangement to minimize the need for employee contact (e.g., access to materials and components, tools)Paper records reduced or eliminated and replaced by electronic records
Airlocks between rooms
Table
Table A2. Specific actions considered by the respondents as effective in the context of business continuity (author’s own elaboration).
Table A2. Specific actions considered by the respondents as effective in the context of business continuity (author’s own elaboration).
Specific ActionAverage Application EffectivenessNumber of Entities Not Applying the ActionPercentage of Population Not Applying the Action
Formal and legal protection measures (population of 73 respondents):
Staying at home after contact with an infected person4.4422.74%
Individual protection measures (population of 73 respondents):
Hand disinfection4.4000.00%
Enforcement of recommendations to cover mouth and nose4.2911.37%
Promotion of regular and thorough hand washing by employees, contractors, and customers4.2511.37%
Covering the nose and mouth4.0111.37%
Collective protection measures (population of 73 respondents):
Notification to employees, suppliers, contractors, and customers that anyone with even a mild cough or low-grade fever (37.3 C or higher) must stay home4.1434.11%
Social distancing4.1100.00%
Work organization protection measures (population of 73 respondents):
Teleconferencing4.5311.37%
Reduction of the number of meetings, deliberations in the form of direct physical contact4.4700.00%
Postponement or suspension of workplace events that involve close and prolonged contact between participants, including social gatherings4.3222.74%
Alternating work—rotation (division of employees into teams that do not contact each other)4.1434.11%
Measures to reduce the density of people in buildings4.0345.48%
Production process protection measures (population of 20 respondents):
A minimum distance of 1.5 m between pitches4.0515.00%
Disinfection of work items (products)4.0015.00%
Other work process protection measures (population of 53 respondents):
A minimum distance of 1.5 m between workstations3.74611.32%
Table
Table A3. Activities considered by the respondents as ineffective in the context of business continuity (author’s own elaboration).
Table A3. Activities considered by the respondents as ineffective in the context of business continuity (author’s own elaboration).
Specific ActionAverage Application EfficiencyNumber of Entities Not Employing the MeasurePercentage of Population Not Employing the Measure
Formal and legal protection measures (population of 73 respondents):
Commitment of workers to a 14-day quarantine upon return from a country with high SARS-CoV-2 incidence2.881824.66%
Contingency plan for outbreaks in the communities wherein the company operates2.822331.51%
Suspension of activities1.294967.12%
Individual protection measures (population of 73 respondents):
Workwear storage area2.932128.77%
Gloves2.851317.81%
Full face covering2.112939.73%
Full protective clothing2.052838.36%
Measurement of oxygen saturation before work0.296386.30%
Collective protection measures (population of 73 respondents):
Filtration and/or regular ventilation (air exchange) in rooms2.842128.77%
Periodic COVID-19 testing at the employer’s expense2.343142.47%
Cancellation of air conditioning1.554460.27%
Conditions for the shortening of the compulsory quarantine in connection with the periodic COVID-19 testing agreed with the District Public Health Inspector0.865575.34%
Work organization protection measures (population of 73 respondents):
Special protection (testing, limited access, limited contacts) of employees with unique competences2.811824.66%
Limiting the number of entry points to facilities2.812534.25%
Non-assignment of high-risk tasks to workers who have preexisting medical conditions, are pregnant, or are over 60 2.632230.14%
Identification of individuals with increased susceptibility to SARS-CoV-2 infection2.532635.62%
Obligation for employees to be on standby for work outside normal working hours in the workplace or any other place designated by the employer2.332939.73%
Obligatory overtime to the extent necessary to ensure the continued operation of the business or station2.253142.47%
Parallel backups for leadership positions2.103345.21%
Employees confined to designated areas during work breaks1.584257.53%
Unidirectional movement pathways1.424156.16%
Production process protection measures (population of 20 respondents):
Remote quality control2.90630.00%
Performance of maintenance and repair activities during non-production shifts2.75525.00%
Electronic work instructions2.55630.00%
Automatic record of production plan execution2.40735.00%
Deliberate workspace arrangement to minimize the need for employee contacts (e.g., access to storage areas, materials and components, tools)2.15840.00%
Automated transport1.651155.00%
Airlocks between rooms0.951365.00%
Other work process protection measures (population of 53 respondents):
Workstation access protection (e.g., glass, plexiglass walls, distance barriers)2.701935.85%
Deliberate workspace arrangement to minimize the need for employee contact (e.g., access to materials and components, tools)2.452037.74%
Airlocks between rooms0.943973.58%

References

  1. PN-EN ISO 22301:2020-04; Business Continuity Management. ISO: Warsaw, Poland, 2020.
  2. President’s Commission on Critical Infrastructure Protection. Critical Foundations: Protecting America’s Infrastructures; The White House: Washington, DC, USA, 1997. [Google Scholar]
  3. U.S. General Accounting Office. Critical Infrastructure Protection, Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use; Report to Congressional Requesters, GAO-12-92; U.S. General Accounting Office: Washington, DC, USA, 2011.
  4. Alexander, D.E. Critical infrastructure. In Encyclopedia of Crisis Management; Penuel, K.B., Statler, M., Hagen, R., Eds.; Sage: Thousand Oaks, CA, USA, 2013; pp. 208–211. [Google Scholar]
  5. COM/2006/0786. Communication from the Commission on a European Programme for Critical Infrastructure Protection. Available online: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A52006DC0786 (accessed on 1 September 2022).
  6. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems across the Union. Available online: https://eur-lex.europa.eu/eli/dir/2016/1148/oj (accessed on 1 September 2022).
  7. Alcaraz, C.; Zeadally, S. Critical infrastructure protection: Requirements and challenges for the 21st century. Int. J. Crit. Infrastruct. Prot. 2015, 8, 53–66. [Google Scholar] [CrossRef]
  8. OECD. Good Governance for Critical Infrastructure Resilience; OECD Reviews of Risk Management Policies; OECD Publishing: Paris, France, 2019. [Google Scholar]
  9. Torabi, S.A.; Soufi, H.R.; Sahebjamnia, N. A new framework for business impact analysis in business continuity management (with a case study). Saf. Sci. 2014, 68, 309–323. [Google Scholar] [CrossRef]
  10. Rejeb, A.; Rejeb, K.; Zailani, S.; Keogh, J.G.; Appolloni, A. Examining the interplay between artificial intelligence and the agri-food industry. Artif. Intell. Agric. 2022, 6, 111–128. [Google Scholar] [CrossRef]
  11. Treiblmaier, H.; Rejeb, A.; Strebinger, A. Blockchain as a driver for smart city development: Application fields and a comprehensive research agenda. Smart Cities 2020, 3, 853–872. [Google Scholar] [CrossRef]
  12. Horn, N.; Gampfer, F.; Buchkremer, R. Latent Dirichlet Allocation and t-Distributed Stochastic Neighbor Embedding Enhance Scientific Reading Comprehension of Articles Related to Enterprise Architecture. AI 2021, 2, 179–194. [Google Scholar] [CrossRef]
  13. Gelman, A.; Carlin, J.B.; Stern, H.S.; Rubin, D.B. Bayesian Data Analysis; Chapman and Hall/CRC: Boca Raton, FL, USA, 1995. [Google Scholar]
  14. Kass, R.E.; Steffey, D. Approximate Bayesian inference in conditionally independent hierarchical models (parametric empirical Bayes models). J. Am. Stat. Assoc. 1989, 84, 717–726. [Google Scholar] [CrossRef]
  15. Fischhoff, B.; de Bruin, W.B.; Güvenç, Ü.; Caruso, D.; Brilliant, L. Analyzing disaster risks and plans: An avian flu example. J. Risk Uncertain. 2006, 33, 131–149. [Google Scholar]
  16. Itzwerth, R.; Moa, A.; MacIntyre, C.R. Australia’s influenza pandemic preparedness plans: An analysis. J. Public Health Policy 2018, 39, 111–124. [Google Scholar] [CrossRef] [PubMed]
  17. Hofbauer, S.; Quirchmayr, G. Assuring long-term operational resilience in a pandemic: Lessons learned from COVID-19. In Proceedings of the 12th International Conference on Advances in Information Technology, Bangkok, Thailand, 29 June–1 July July 2021; pp. 1–9. [Google Scholar]
  18. Norrman, A.; Jansson, U. Ericsson’s proactive supply chain risk management approach after a serious sub-supplier accident. Int. J. Phys. Distrib. Logist. Manag. 2004, 34, 434–456. [Google Scholar] [CrossRef]
  19. Craighead, C.W.; Blackhurst, J.; Rungtusanatham, M.J.; Handfield, R.B. The Severity of Supply Chain Disruptions: Design Characteristics and Mitigation Capabilities. Decis. Sci. 2007, 38, 131–156. [Google Scholar] [CrossRef]
  20. Ivanov, D. Predicting the impacts of epidemic outbreaks on global supply chains: A simulation-based analysis on the coronavirus outbreak (COVID-19/SARS-CoV-2) case. Transp. Res. Part E: Logist. Transp. Rev. 2020, 136, 101922. [Google Scholar] [CrossRef] [PubMed]
  21. Kumar, A.; Mangla, S.K.; Kumar, P.; Song, M. Mitigate risks in perishable food supply chains: Learning from COVID-19. Technol. Forecast. Soc. Change 2021, 166, 120643. [Google Scholar] [CrossRef]
  22. Goromaru, H.; Kokogawa, T.; Ueda, Y.; Fukaya, S. Study of New Normal Business Continuity to Improve Resilience Against Uncertain Threat. J. Disaster Res. 2021, 16, 31–39. [Google Scholar] [CrossRef]
  23. Kandel, N. Is there a business continuity plan for emergencies like an Ebola outbreak or other pandemics? J. Bus. Contin. Emerg. Plan. 2015, 8, 295–298. [Google Scholar]
  24. Buganová, K.; Mošková, E.; Šimíčková, J. Increasing the Resilience of Transport Enterprises through the Implementation of Risk Management and Continuity Management. Transp. Res. Procedia 2021, 55, 1522–1529. [Google Scholar] [CrossRef]
  25. Mennen, M.G.; Van Tuyll, M.C. Dealing with future risks in the Netherlands: The National Security Strategy and the National Risk Assessment. J. Risk Res. 2015, 18, 860–876. [Google Scholar] [CrossRef]
  26. Dwiedienawati, D.; Tjahjana, D.; Faisal, M.; Gandasari, D.; Abdinagoro, S.B. Transformational leadership, communication quality influences to perceived organization effectiveness and employee engagement and employee retention during the COVID-19 pandemic. J. Adv. Res. Dyn. Control Syst. 2020, 12, 773–787. [Google Scholar] [CrossRef]
  27. Acciarini, C.; Boccardelli, P.; Vitale, M. Resilient companies in the time of COVID-19 pandemic: A case study approach. J. Entrep. Public Policy 2021, 10, 336–351. [Google Scholar] [CrossRef]
  28. Coghlan, N.; Archard, D.; Sipanoun, P.; Hayes, T.; Baharlo, B. COVID-19: Legal implications for critical care. Anaesthesia 2020, 75, 1517–1528. [Google Scholar] [CrossRef]
  29. Belso-Martínez, J.A.; Mas-Tur, A.; Sánchez, M.; López-Sánchez, M.J. The COVID-19 response system and collective social service provision. Strategic network dimensions and proximity considerations. Serv. Bus. 2020, 14, 387–411. [Google Scholar] [CrossRef]
  30. Warwick, M.; Roshen, F. The global macroeconomic impacts of COVID-19: Seven scenarios. Cent. Appl. Macroecon. Anal. (CAMA) Work. Pap. 2020, 19, 1–43. [Google Scholar]
  31. Kim, E.A. Social distancing and public health guidelines at workplaces in Korea: Responses to coronavirus disease-19. Saf. Health Work 2020, 11, 275–283. [Google Scholar] [CrossRef] [PubMed]
  32. Pharm, B.S.; Hua, Y.J.; Yao, H.Q.; Thangaraju, S. Managing a Renal Transplant Programme During the COVID-19 Pandemic: Practical Experience from a Singapore Transplant Centre. Ann. Acad. Med. Singap. 2020, 49, 652–660. [Google Scholar]
  33. Mo, Y.; Deng, L.; Zhang, L.; Lang, Q.; Liao, C.; Wang, N.; Huang, H. Work stress among Chinese nurses to support Wuhan in fighting against COVID-19 epidemic. J. Nurs. Manag. 2020, 28, 1002–1009. [Google Scholar] [CrossRef] [PubMed] [Green Version]
  34. Matisāne, L.; Paegle, L.; Eglīte, M.; Akūlova, L.; Linde, A.A.; Vanadziņš, I.; Grīntāle, I. Reasons for Low Protection of Vulnerable Workers from COVID-19—Results from the Quantitative and Qualitative Study on Working Life in Latvia. Int. J. Environ. Res. Public Health 2021, 18, 5188. [Google Scholar] [CrossRef] [PubMed]
  35. Caetano, R.; Silva, A.B.; Guedes, A.C.C.M.; Paiva, C.C.N.D.; Ribeiro, G.D.R.; Santos, D.L.; Silva, R.M.D. Challenges and opportunities for telehealth during the COVID-19 pandemic: Ideas on spaces and initiatives in the Brazilian context. Cadernos de Saúde Pública 2020, 36. [Google Scholar] [CrossRef]
  36. Clandinin, D.J.; Connelly, F.M. Narrative Inquiry: Experience and Story in Qualitative Research; John Wiley & Sons: Hoboken, NJ, USA, 2004. [Google Scholar]
  37. Boin, A.; McConnell, A. Preparing for critical infrastructure breakdowns: The limits of crisis management and the need for resilience. J. Contingencies Crisis Manag. 2007, 15, 50–59. [Google Scholar] [CrossRef]
  38. Itzwerth, R.L.; MacIntyre, C.R.; Shah, S.; Plant, A.J. Pandemic influenza and critical infrastructure dependencies: Possible impact on hospitals. Med. J. Aust. 2006, 185 (Suppl. 10), S70–S72. [Google Scholar] [CrossRef]
  39. Rinaldi, S.M.; Peerenboom, J.P.; Kelly, T.K. Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Syst. Mag. 2001, 21, 11–25. [Google Scholar]
  40. Sneddon, J. Pandemic Risk Management; Protecting People While Ensuring Business Continuity. Process Safety Progress. 2021, 41, 8–13. [Google Scholar] [CrossRef]
  41. Schätter, F.; Hansen, O.; Herrmannsdörfer, M.; Wiens, M.; Schultmann, F. Conception of a simulation model for business continuity management against food supply chain disruptions. Procedia Eng. 2015, 107, 146–153. [Google Scholar] [CrossRef]
  42. Mather, P. Leadership and governance in a crisis: Some reflections on COVID-19. J. Account. Org. Change 2020, 16, 579–585. [Google Scholar] [CrossRef]
  43. Arvidsson, B.; Johansson, J.; Guldåker, N. Critical infrastructure, geographical information science and risk governance: A systematic cross-field review. Reliab. Eng. Syst. Saf. 2021, 213, 107741. [Google Scholar] [CrossRef]
  44. Oostlander, S.A.; Bournival, V.; O’Sullivan, T.L. The roles of emergency managers and emergency social services directors to support disaster risk reduction in Canada. Int. J. Disaster Risk Reduct. 2020, 51, 101925. [Google Scholar] [CrossRef] [PubMed]
  45. Gomes, R.F.D.S.; Gauss, L.; Lacerda, D.P. Fast-response measures to mitigate the COVID-19 health and economic impacts within the organizations: The case of Thyssenkrupp Elevator Brazil. Production 2021, 31, e20200062. [Google Scholar] [CrossRef]
  46. Galbusera, L.; Cardarilli, M.; Giannopoulos, G. The ERNCIP Survey on COVID-19: Emergency & Business Continuity for fostering resilience in critical infrastructures. Saf. Sci. 2021, 139, 105161. [Google Scholar]
  47. Rehak, D.; Senovsky, P.; Hromada, M.; Lovecek, T. Complex approach to assessing resilience of critical infrastructure elements. Int. J. Crit. Infrastruct. Prot. 2019, 25, 125–138. [Google Scholar] [CrossRef]
  48. RCB. Wyniki Ankiety Dotyczącej Epidemii COVID-19 w Ocenie Jednostek Samorządu Terytorialnego; Wydział Oceny Ryzyka i Planowania Rządowego Centrum Bezpieczeństwa: Warsaw, Poland, 2021. [Google Scholar]
  49. Hesami Arani, M.; Moslemzadeh, M.; Fallahzadeh, O.; Khorvash, H.; Dakhilpour, M.; Mohammadzadeh, M. Assessment of COVID-19 control strategies in a steel industry using SWOT matrix. Toxicol. Ind. Health 2021, 37, 353–364. [Google Scholar] [CrossRef]
  50. Alsharif, H.Z.H.; Shu, T.; Obrenovic, B.; Godinic, D.; Alhujailli, A.; Abdullaev, A.M. Impact of entrepreneurial leadership and bricolage on job security and sustainable economic performance: An empirical study of Croatian companies during COVID-19 pandemic. Sustainability 2021, 13, 11958. [Google Scholar] [CrossRef]
  51. Su, R.; Obrenovic, B.; Du, J.; Godinic, D.; Khudaykulov, A. COVID-19 Pandemic Implications for Corporate Sustainability and Society: A Literature Review. Int. J. Environ. Res. Public Health 2022, 19, 1592. [Google Scholar] [CrossRef]
  52. Margherita, A.; Heikkil, Ä. Business Continuity in the COVID-19 Emergency: A Framework of Actions Undertaken by World-Leading Companies. Bus. Horiz. 2021, 64, 683–695. [Google Scholar] [CrossRef] [PubMed]
  53. Wangikar, P.; Giridhar, T.R.; Shanmugam, P.S.T. Managing COVID-19 Lockdown Impacts: Sustaining GLP Compliance and Man Material Medium (MMM) Strategy for Augmenting Prevention of Workplace Infections. Int. J. Toxicol. 2021, 40, 143–152. [Google Scholar] [CrossRef] [PubMed]
  54. Sopha, B.M.; Purnamasari, D.M.; Ma’mun, S. Barriers and Enablers of Circular Economy Implementation for Electric-Vehicle Batteries: From Systematic Literature Review to Conceptual Framework. Sustainability 2022, 14, 6359. [Google Scholar] [CrossRef]
  55. Rajak, S.; Mathiyazhagan, K.; Agarwal, V.; Sivakumar, K.; Kumar, V.; Appolloni, A. Issues and analysis of critical success factors for the sustainable initiatives in the supply chain during COVID-19 pandemic outbreak in India: A case study. Res. Transp. Econ. 2022, 93, 101114. [Google Scholar] [CrossRef]
  56. Billock, R.M.; Haring Sweeney, M.; Steege, A.L.; Michaels, R.; Luckhaupt, S.E. Identifying essential critical infrastructure workers during the COVID-19 pandemic using standardized industry codes. Am. J. Ind. Med. 2022, 65, 548–555. [Google Scholar] [CrossRef]
  57. Lin, H.H.; Hsu, I.C.; Lin, T.Y.; Tung, L.M.; Ling, Y. After the Epidemic, Is the Smart Traffic Management System a Key Factor in Creating a Green Leisure and Tourism Environment in the Move towards Sustainable Urban Development? Sustainability 2022, 14, 3762. [Google Scholar] [CrossRef]
  58. Huang, S.; Liu, H. Impact of COVID-19 on stock price crash risk: Evidence from Chinese energy firms. Energy Econ. 2021, 101, 105431. [Google Scholar] [CrossRef]
Sustainability 14 15388 g001 550
Figure 1. Methodology of the conducted systematic literature review (author’s own elaboration).
Figure 1. Methodology of the conducted systematic literature review (author’s own elaboration).
Sustainability 14 15388 g001
Table
Table 1. Search results for “Business continuity” AND “COVID-19” in Scopus and Web of Science Core Collection databases (author’s own elaboration).
Table 1. Search results for “Business continuity” AND “COVID-19” in Scopus and Web of Science Core Collection databases (author’s own elaboration).
FilterScopusWoS CC
“Business continuity”2484
Query: TITLE-ABS-KEY (“Business continuity”) 		1356
Query: TS = (“Business continuity”)
“COVID-19”206,524
Query: TITLE-ABS-KEY (“COVID-19”)		177,356
Query: TS = (“COVID-19”)
“Business continuity” AND “COVID-19”126
Query: TITLE-ABS-KEY (“Business continuity” AND “COVID-19”)		72
Query: TS = (“Business continuity” AND “COVID-19”)
Table
Table 2. Categories of protection measures described in the analyzed literature (author’s own elaboration).
Table 2. Categories of protection measures described in the analyzed literature (author’s own elaboration).
Protection Categories Analyzed in the Original StudyReference to the Scope of the Secondary Research Analyzed
Formal and legal protection measures[22,27,31,34,45,47,49,52,53]
Individual protection measures[27,31,34,45,49,52,53]
Collective protection measures[27,31,34,45,46,49,52,53]
Work organization protection measures[31,34,45,46,49,52,53]
Production process protection measures[31,34,45,52]
Other work process protection measures[27,31,34,45,52,53]
Table
Table 3. Analysis of the incidence of infections and disruptions caused by the COVID-19 pandemic in the study group (author’s own elaboration).
Table 3. Analysis of the incidence of infections and disruptions caused by the COVID-19 pandemic in the study group (author’s own elaboration).
Category Analyzed in the Research GroupSubgroup SizePercentage of the Population
Incidence of infections
High: more than 50% infected00%
Low: 1–10% infected 4561.6%
Medium: 11–50% infected 2432.9%
No infections45.5%
Quarantine
Occurred, but work proceeded smoothly2838.4%
Occurred, work proceeded but was limited1115.1%
Did not occur3446.6%
Operational disturbances
Occurred811.0%
Did not occur6589.0%
Suspension of operations
Occurred11.4%
Did not occur7298.6%
Table
Table 4. Number and level of application of specific actions assigned to particular categories of protection measures (author’s own elaboration).
Table 4. Number and level of application of specific actions assigned to particular categories of protection measures (author’s own elaboration).
Category of Protective MeasuresNumber of Specific Actions TakenAverage Percentage of the Population Not Taking ActionNumber of Measures Employed by >90% of PopulationPercentage of Measures Employed by >90% of Population
Formal and legal protection measures1720.06%423.53%
Individual protection measures1026.03%330.00%
Collective protection measures1126.77%436.36%
Work organization protection measures2024.45%630.00%
Production process protection measures1127.73%327.27%
Other work process protection measures535.09%00.00%
Population-wide:7426.69%2027.03%
Table
Table 5. Effectiveness of particular protection measure categories in the context of maintaining business continuity as rated by the research group entities (author’s own elaboration).
Table 5. Effectiveness of particular protection measure categories in the context of maintaining business continuity as rated by the research group entities (author’s own elaboration).
Category of ProtectionAverage Application EfficiencyNumber of Effective Actions Percentage of Effective Actions
Formal and legal protection measures4.4415.88%
Work organization protection measures4.30525.00%
Production process protection measures4.30218.18%
Individual protection measures4.24440.00%
Collective protection measures4.12218.18%
Other work process protection measures3.74120.00%
Population-wide:4.191520.27%
Table
Table 6. Protection measures rated by the respondents as ineffective in terms of maintaining business continuity (author’s own elaboration).
Table 6. Protection measures rated by the respondents as ineffective in terms of maintaining business continuity (author’s own elaboration).
Category of Protection MeasuresAverage Application EfficiencyNumber of Ineffective ActionsPercentage of Ineffective Actions
Collective protection measures1.90436.36%
Other work process protection measures2.03360.00%
Individual protection measures2.05550.00%
Production process protection measures2.19763.64%
Work organization protection measures2.27945.00%
Formal and legal protection measures2.33317.65%
Population-wide:2.133141.89%
Table
Table 7. A comparative analysis of effective and ineffective measures identified by the respondents (author’s own elaboration).
Table 7. A comparative analysis of effective and ineffective measures identified by the respondents (author’s own elaboration).
Category of Specific ActionsAverage Action EffectivenessAverage Number of Actors in the Population Not Employing the ActionAverage Percentage of the Population Not Employing the Action
all specific actions2.821830.00%
effective actions4.1923.07%
ineffective actions2.152643.03%
Table
Table 8. Sources of knowledge and advice on pandemic impact risk reduction indicated by the surveyed entities (author’s own elaboration).
Table 8. Sources of knowledge and advice on pandemic impact risk reduction indicated by the surveyed entities (author’s own elaboration).
InitiativeSubgroup SizePopulation Percentage
Own initiative34.1%
Government guidelines1013.7%
Industry recommendations00.0%
Other initiatives6082.2%
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Rostek, K.; Wiśniewski, M.; Skomra, W. Analysis and Evaluation of Business Continuity Measures Employed in Critical Infrastructure during the COVID-19 Pandemic. Sustainability 2022, 14, 15388. https://0-doi-org.brum.beds.ac.uk/10.3390/su142215388

AMA Style

Rostek K, Wiśniewski M, Skomra W. Analysis and Evaluation of Business Continuity Measures Employed in Critical Infrastructure during the COVID-19 Pandemic. Sustainability. 2022; 14(22):15388. https://0-doi-org.brum.beds.ac.uk/10.3390/su142215388

Chicago/Turabian Style

Rostek, Katarzyna, Michał Wiśniewski, and Witold Skomra. 2022. "Analysis and Evaluation of Business Continuity Measures Employed in Critical Infrastructure during the COVID-19 Pandemic" Sustainability 14, no. 22: 15388. https://0-doi-org.brum.beds.ac.uk/10.3390/su142215388

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop