Critical Dimensions of Disaster Recovery Planning

Disaster Recovery Planning (DRP) emerged in the 1970s, during the era of electronic data processing when mainframe systems were used to crunch data and provide reports for business analysis. The importance of DRP is undeniable especially after the 911 terrorism attack and many natural disasters experienced by many countries; much effort has then poured in to maintain a set of workable DRP. However, though high investment is allocated for information technology and DRP, there are still IT service outages interrupted the business, crippled the operations and impacted the overall organization long term strategic plan. Questions arose on why DRP could not ensure an uninterrupted IT service environment. This paper aims to study the critical dimensions impacting the development and maintenance of DRP process, specifically to understand the dimensions that contribute to a successful DRP that aims to minimize the impacts of IT service outages. This study used a theoretical model, technology-organization-environment framework (TOE) to explore the adoption of DRP process in financial institutions in Malaysia. Following IT service management concept, individual components that comprise of trading partner readiness, staff competency, roles and responsibilities were included in the study. This study evidenced that 8 dimensions were critical for the implementation of DRP, in which 2 of 3 individual components being studied were part of the lists. These 8 dimensions could be used as guidance for future successful DRP rollout and its ongoing maintenance activities; with the ultimate objective to minimize outage duration of IT services that support critical business.


Introduction
Organizations maintaining business dynamism and attain competitive edge in the global scene are getting challenging due to the demanding stakeholders and keen competition.Sustaining uninterrupted business operation is a key in an organization's strategic plan to maintain competitive edge.According to a study by University of Minnesota, 93% of firms that lose critical systems for more than 10 days file bankruptcy almost immediately; 80% of firms affected by a major incident are forced to close within 18 months (Finn, Guillot, & Taylor, 2006).After the 11 th September 2001 attack on the World Trade Centre, rampant terrorist attacks and frequent uncontrollable natural disasters, most organizations now have greater awareness of various types of business interruptions (Gallangher, 2003) and they shift focus to the planning for continuity of businesses, ensuring businesses are resilient and deploying a fast recovery after an emergency (Virgona, 2010).Their ultimate objectives are to satisfy stakeholders' needs in addition to keeping in business for as long as they can.There are three broad categories of disasters that will impact a business (Finn et al., 2006): natural, technical and human inflicted disasters.Knowing the types of disasters and plan for it are critical tasks, however the real challenge in IT environment during a disruption is ensuring that employees can always stay productive and to recover the relevant critical IT services within tolerable timeframe.DRP has been in the life of IT folks for more than 40 years (since 1970s), but there is no meaningful tool to objectively and consistently measure the organization's readiness in recovery from a disaster and their state-of-preparedness (Scott Ream, 2002b).Therefore there is a need to understand the dimensions affecting the DRP implementation so that right level of investment and efforts is spent on the right factors in order to have a successful DRP process.they spur the growth and stability of economy.In this journey, business continuity management (BCM) and DRP are instrumental as they maintain economic activities by enabling the domestic and international financial transactions to go on and prevent widespread payment or settlement disorder during a disaster (Arduini & Morabito, 2010).IT has supported the massive changes in the ways financial business is conducted; creation of financial service and product innovation cannot be achieved without technology.
An IT operating environments, typically contains a wide range of diverse application services and infrastructure components that have often evolved and expanded over time.This results in a complex network of servers and islands of software applications that can be difficult and costly to manage.It impedes the agility of the IT environment and limits the efficiency and effectiveness of the IT operations (Mercury, 2004).It is the objective of ministry of finance to ensure a chain of stable financial systems in the country (Bank Negara Malaysia, 2012).BNM has issued two guidelines for IT continuity and business continuity management (Bank Negara Malaysia, 2004, 2008).However, many instances of IT interruptions still occurred along with the strict guidelines implemented: on 16 th October 2006, Hong Leong Bank encountered an intermittent computer system outage for 5 days before a double national festivals in Malaysia (The Star, 2006).On 3 rd July 2008, Bursa Malaysia, the stock exchange of Malaysia, suspended a full day stock trading following a trading system glitch; a similar computer system interruption also occurred in year 2006 (Raj, 2008).On 22 nd December 2008, Bursa Malaysia suspended stock trading again in the afternoon for about 45 minutes due to technical issues, this was the second time in the week for a similar situation happened in the trading environment (Sarif, 2008).These incidents shook the investors' confident in the local bourses, financial market and brought inconveniences, and dissatisfaction to the bank customers and stakeholders.

Literature Review
DRP is a process focused on the development of a plan to recover IT components from disaster, it was characterized as reactive and focus only on recovery of hardware and facilities (Herbane, Elliott, & Swartz, 2004).DRP is the antecedent and it is a subset of business continuity management (BCM) that focuses on moving business operations over to a backup facility (Finn, et al.).Prior literatures recommended different number of phases to implement a BCM and DRP depending on the subject matter being focused in their respective studies (Leong & Marthandan, 2013).Literatures also showed that there were many guidelines and framework but there is no DRP implementation path; neither nor any specific tool and solutions to be rolled out into production to support the DRP (Davies, 2000;Wood, 2006).Interpretations of these reference materials differ depending on the readers' knowledge, expertise and experience.In addition, the intensity of information and references related to DRP overwhelm and confuse the implementers and blur their vision for DRP rollout.
Focus of prior DRP researches also include: assessing the possibility of moving BCM to the strategic level of the organizations to further preserve the business value (Herbane et al., 2004;Karim, 2011); identifying critical success factor for implementing BCM (Kelly, 2012); developing business impact analysis and risk assessment model for BCM implementation (Shrivastava, Payal, Kumar, & Tiwari, 2012); the kinds of interruptions from small service disruptions to full blown disasters and the types of recovery plans and activities.Chow listed 17 success factors to develop a DR plan from 4 industries: financial services, manufacturing, trading and hotel in Hong Kong (Chow, 2000).In which 5 top success factors were highlighted though the ranking may differs for different industries.They are top management support, adequate financial support, appropriate backup site, off-site storage of backup and training of recovery personnel.
According to Dogson, technology includes not only tangible artefacts but also the knowledge that enables it to be developed and used in many useful ways (Dodgson, 2000).DRP has been an important process in the IT environment, it is technology and IS innovations, following Dogson definition of technology.This study uses Technology-Organization-Environment (TOE) framework, one of Technology Diffusion Models to test the success level of adopting and implementing DRP process.
Literature analysis revealed that IT has been viewed and treated as a service (Kettinger & Lee, 1994).Businesses are raising their bar for level of IT services that resulting in the efficiency and effectiveness of IT management being put in the limelight of the top management.IT service management process implementations focus on four areas or 4Ps that stand for process, people, product and partner.This means that implementation of every IT process have to consider the development of process and configuration of toolset around the people and partner or vendor who execute the process steps.People and partner are grouped under 'Individual' dimension in this study and it should be tested for its relevance in an existing Technology Innovation Diffusion model, such as the TOE framework.This study also aims to test if TOE framework can be extended to include an individual dimension.

Purpose of This Study
This study aims to identify the critical dimensions influencing the implementation of DRP process for financial institutions in Malaysia, and to validate if the individual dimension can be added to the existing technology innovation diffusion model.This study will be contributing to the following areas: (1) As suggested by Kelly, there is lack of implementation model for BCM and DRP (Kelly, 2012) and a need to develop a DRP implementation approach by knowing the factors that influence its success or failure.(2) As suggested by Scott, there is no tool to measure the success of DRP (Scott Ream, 2002b), this study aims to develop an IT process acceptance model using an established academic model.(3) In line with the development of IT service management processes (OGC Official Site, 2008) and the context of IT as a service, there is a need to assess the relevance to include individual dimension in the TOE model.(4) It is the author's objective to study DRP in the financial industry in a developing country like Malaysia.

Disaster Recovery Planning (DRP)
During the electronic data processing era, the mainframe was introduced to the business world in the 1950s.The objective was to use computers in recording, classifying, manipulating and summarizing data.The operator of the computer environments realized the need to keep backup copies of critical data in order not to lose it.These activities were the predecessors of DRP.The DRP emerged at the late 1970s when the first standby systems and data centers were established with primarily concerned on mainframe systems (SunGuard, 2011).It is an IT function to mainframe batch applications (Hiatt, 2000).The literature on the topic of disaster recovery uses the terms "disaster recovery", "business continuity", and "contingency planning" interchangeably due to its similar benefits and objectives (Finn et al., 2006).The benefits of contingency planning are to minimize potential loss by identifying, prioritizing, and safeguarding those assets that need the most protection (Petroni, 1999).Over time, hardware and software have become more reliable, yet Internet vulnerability, viruses, and mal-ware have become the primary threats to the IT infrastructure.While DRP is still an important part of IT, the scope of recovery planning has grown to include most critical business functions (Finn et al., 2006).
For comprehensiveness, DRP was recommended to be scenario based (Dirtadian, 2008;Herbane, et al., 2004) and developed using a life-cycle approach (Petroni, 1999).Three DRP stages are recommended: systems analysis, system design and systems implementation (Petroni, 1999).In addition, many components have been included in a DR plan.Such as recovery facilities, key recovery personnel, supplies, documents and forms (Finn, et al., 2006).

Phases of DRP
DRP is a multi-phases process but the number of phases is different from one researcher to another (Leong & Marthandan, 2013).In a book on DRP for computer systems, the author recommended a 10-phase DR project (Toigo, 1996), 10 professional practices in BCM and DRP (DRII, 2008;Toigo, 1996); studies on 7-phase BCM approach (BCM Institute, 2009;Gallangher, 2003), 6-phase BCM approach (BCI, 2008), 4-phases BCM approach that includes planning for risk prevention and mitigation, emergency response, crisis restoration and program management (Ketterer, Price, & McFadden, 2007;Mainline Information System); and a case study recommended 3-phase DR contingency plans (Petroni, 1999).Despite the number of phases and activities proposed, the ultimate goals for DRP are to prepare the organization to prevent, respond and recover from any business interruptions by having some planned activities that were grouped into three to ten phases.

Critical Success Factors of DRP
Many prior studies discussed the components that made up DRP (Herbane, 2010) but few discussed the critical success factors of DRP.A researcher studied the critical factors of DRP in 4 industries in Hong Kong (i.e.banking, trading, manufacturing and hotels industry) and concluded 17 factors impacting DRP (Chow, 2000).In a conceptual paper, 27 critical success factors have been identified for BCM implementation; however, it needs further validation (Kelly, 2012).

DRP in Financial Industry
Highly regulated industries such as financial services and telecommunications are the most motivated industries to invest in DRP (Finn, et al., 2006).In Malaysia, the central bank mandated that board of director should have oversight to ensure enterprise resilience (Bank Negara Malaysia, 2004, 2008).Some countries require financial institutions to provide attestations of their risk management and business continuity preparations to their local supervisory body, such as Thailand, Singapore, Australia, Hong Kong and India (Australian Prudential Regulation Authority, 2007;Bank of Thailand, 2005;Herbane, 2010;Hong Kong Monetary Authority, 2002;Monetary Authority of Singapore, 2003).

DRP Implementation
DRP is an IT function and governed under IT governance.In the IT world, project management methodology and system development life cycle were some of the governance framework to achieve IT objective.The main objective of the project-management method is to have a basic system to manage behaviours of people who work together to satisfy the needs of their customers (Johns, 1995).Projects should be initiated to develop the DRP for computers and communication resources (Toigo, 1996); this was concurred that a deliberately well-planned project management approach should be taken in order to have a successful project with regards to IT processes (Pink Elephant, 2006).IT project success rate will improve (Skulmoski, 2001) following competency and maturity of project management methodology in an organization.In order to ensure the relevance to the ever growing business and to ensure that it works as and when needed, the disaster recovery plan must be maintained and tested at a predefined frequency (Bank Negara Malaysia, 2004, 2008;Cegiela, 2006;Emmanuele, Damiano, Sandro, & Marco, 2007;Gibb & Buchanan, 2006;Menkus, 1988;OGC 's Authorized Authors, 2001;Toigo, 1996).It was also recommended that a frequent audit program is developed to ensure that the DRP is aligned with corporate and IT governance at all times.

IT Service Continuity Management (ITSCM)
The rise of IT service management (ITSM) focuses on providing quality IT services that align IT with the business goals (Cater-Steel, Tan, & Toleman, 2007).ITSM is process-oriented where companies often employ software tools in order to support or automate all or part of these processes (Kuamoo, 2006).IT service continuity management (ITSCM) is one of the ITSM processes, was an extension of DRP (OGC 's Authorized Authors, 2001).In addition to being a critical technical component of BCM, ITSCM has incorporated the critical phases from BCM into the traditional DRP functions (Loftness & Drapeau, 2007).ITSCM's goal is to support BCM and ensure the businesses could have the IT systems back as quickly as possible after a disruption.In the development of version 3 of ITSM processes, four components were core: process, people, product (or tool) and partner (or vendor).It's about developing process and procedure to manage the IT operation environment with the right product, people and vendor in place.This includes employee working on recovery of IT services and vendors who support them.As such, individual component has been introduced since then to reflect the importance of people (include partner) in the process development (OGC Official Site, 2008).

People Component
Innovation is a broad concept involving people, processes and technology by developing scales to measure new competence acquisition (Gaynor, 2002).It was referred as initiative, practices or something known by a person or other unit of adoption (Rogers, 1995).Role of people is instrumental in promoting innovation and people competency influenced the overall effectiveness of an organization.The competency was initially defined as knowledge, skills and attitudes (Yang, Wu, Shu, & Yang, 2006) but was further refined and linked to a couple of factors that are causally related to outstanding achievement and superiority in the job (McClelland, 1973;McClelland & Boyatzis, 1980).From the ITSM perspective, people factor are core in process development too.It is the objective of this research to study the criticality of people factor in process innovation adoption.They would be considered in an attempt to extend the TOE framework from technology, organization and environment to technology, organization, environment and individual framework.

Technology-Environmental-Organization Framework
Technology has been referred to as a means of systematic knowledge transformed into tools and is considered instrumental in determining the efficiency which elements in a society are able to accomplish their tasks (Tornatzky & Fleischer, 1990).Definition of technology varied from physical components like hardware to open definitions that include software, human skill and organizational aspects of technology (Drejer, 2000).Technology is derived from human knowledge to be used for business operations to improve reliability, flexibility, productivity, efficiency and effectiveness in order to achieve business goals.Different organizations may decide to use different types of technology depending on the type of business, requirements of business for technology and organizations' strategic direction (Phoommhiphat, 2011).Innovation is anything that is new to an organization (Drucker, 1998) and it was adopted into an organization to improve its business and operational performance (Oke, Burke, & Myers, 2007;Zhongming, 2005) and enhanced abilities to offer products or services to customers (Peter, 2003).From the above definitions of technology and innovation, DRP is an innovation, a process innovation.DRP creates or improves the administrative operations and support the organization's core business.Therefore, this research would base on Swanson's IS innovation model and Tornatzky & Fleischer's "Technology-Organization-Environment framework" to explain the characteristics in which a firm embraces and implements DRP process, a technological innovation.

Technology Context
DRP focuses on the availability of services during the service hour agreed with customers; should there be outages, proper and well tested processes and procedures are in place to recover such services within the agreed timeframe (Lawler & Szygenda, 2007;OGC 's Authorized Authors, 2001;OGC Official Site, 2008).Technology readiness refers to not only the underlying physical assets but also the availability of resources to support the services (T.Teo, Tan, & Wong, 1998).They should also be reliable (Lippert & Govindarajulu, 2006) to carry out its function as needed.
Disaster related behaviour is very complex, due to its occurrence at different social times in the life of different communities (Quarantelli, 1999).Many assume that there are insurmountable tasks to complete DRP process implementation, in addition to handling the on-going daily business at primary business premises.In order to achieve a smooth and efficient recovery, technology recovery involves the systematic and sequential recovery of hardware, software, data, network and backup technologies (Dirtadian, 2008;Jon Toigo, 1996;Serrelis & Alexandris, 2007;Toigo, 1996).Implementing DRP process is a complex and expensive undertaking (Gallangher, 2003).
The technology recovery involves a series of recovery efforts for physical assets, hardware, software, data, network and backup technologies that underpin the IT services (Serrelis & Alexandris, 2007;Toigo, 1996).The backup technologies are not only confined to equipment, they should also consider the building where the technology assets are sitting in and the facility that supports the IT services (Dirtadian, 2008;Ling, 1997).In order to strengthen organization competitive edge, technology integration and readiness (Oliveira & Martins, 2010) help improve firm accomplishment and performance by having shorter recovery time, more satisfied customer service functions and lowered operations costs.

Organizational Context
An acceptable level of service quality was one of the most important objectives for implementing DRP process (Gronroos, 1984).It is the expectation of all customers to experience uninterrupted services provided by the organizations; and that the products, services or internal processes are being continuously improved to satisfy the ever changing customer needs (Chau & Tam, 1997;Iacovou, Benbasat, & Dexter, 1995;Lippert & Govindarajulu, 2006;Oliveira & Martins, 2010;Ramdani, Kawalek, & Lorenzo, 2009; T. S. H. Teo, Lin, & Lai, 2009).
Organizational compatibility refers to the implementation of DRP is in harmony with the organization's practice, value and culture.The presence of organization policy and framework will certainly support the implementation of DRP.Such as, learning and development policy, internal and external communications policy, management risk position, technical blueprint and technology process frameworks like System Development Life Cycle (SDLC) (Chau & Tam, 1997) or Project Management Methodology (Iacovou et al., 1995;Ifnedo, 2011;Ramdani et al., 2009;T. Teo et al., 1998;T. S. H. Teo et al., 2009;Zhu, Kraemer, & Xu, 2005).
Top management support and decision-maker characteristics were one of the important dimensions within the organizational context to support diffusion of technology in an organization (Ifnedo, 2011;Ramdani et al., 2009;T. Teo et al., 1998;T. S. H. Teo et al., 2009;Thong, 1999;Wang, Wang, & Yang, 2010).Mitroff stressed that no human being, business, organization or institution can continue to survive for long period without presence of quality leadership during the crisis (I.Mitroff, 2005).It was also recommended that senior management should be responsible for DRP implementation which includes robust plan development, a well-tested and well-communicated plan to all stakeholders (Woodman, 2008).

Environment Context
External pressures to the survival of the organization and business growth are one of the critical environmental factors influencing the decision to adopt IS innovation (Iacovou, et al., 1995).External pressures could further breakdown into information intensity, competitor pressure, industry competition, regulatory requirement and government support (Kuan & Chau, 2001;T. Teo, et al., 1998;Zhu, Xu, & Dedrick, 2003).
IT services are underpinned by physical and technology infrastructure.They include building location, security of the location, protection equipment such as fire prevention devices, fire and theft alarm, location monitoring systems; and data center utilities such as cooling system, hardware rack and cabling management (Khalil & Elmaghraby, 2008;Wadekar, 2007;Wiboonrat, 2008).
Consumers are cognizant of the types of IT services they buy and their rights as IT users.Service Level   (Gerbing & Anderson, 1993).The unit of analysis is the individual staff working in the financial institutions.The sampling method used in this research is purposive sampling: a nonprobability sampling that enables the researchers to use their discernment to pick samples who have the best knowledge to progress the research, which is to fulfill the objectives of the research by answering the research questions.

Data Collection
This research employed email method to administer questionnaires after considering some recommended criteria (Saunders, Lewis, & Thornhill, 2009) such as: efficiency in reaching respondents in different geographical area; prospective respondents are computer-literate and have a business email id; higher confidence that the right person is identified and possibly would reply; suitable for close-ended questions which this research employs and available time available for data collection.
In this research, 84 organizations were successfully engaged where the names of the persons in charge of IT, BCM, Audit, Risk management and Operations were obtained.1 to 5 respondents were identified from each organization.As a result, 316 questionnaires were sent via email to invite the targeted samples to participate in the survey.With an email reminder sent a week later and a phone calls made two weeks after the first email invite, 218 respondents replied.This came to a response rate of 69%.After screening the replies for survey completeness, only 208 responses were useable.As this is above 200 units, the critical sample size for analysis using SEM (Garver & Mentzer, 1999;Hoelter, 1983;Kline, 2005), it was adequate for this research.

Results
Data analysis was done in two stages.The first stage, preliminary data analysis has the objective of fine tuning the instrument in order to obtain a technically sound instrument for this research.The second stage is the final test which descriptive statistic and analysis were performed, such as frequencies, percentages and means to summarize demographic information.This was followed by factor analysis as a precursor to structural equation modeling (SEM) to confirm the grouping of items plus factors, and prepare for measurement model evaluation.A structural model developed is used to confirm the conceptual model and testing of research hypothesis.

Preliminary Data Analysis
The preliminary data analysis phases of the research process are needed to help the development of survey questionnaire (Babbie, 2001;Hussey & Hussey, 1997;Sekaran, 2003).Three instrument validation phases were performed in this research.(1) Content validation phase -practitioners and academicians familiar in the subject matters of BCM and DRP were invited to evaluate the questionnaires, appraise the form and validate the content.
(2) Pre-test the questionnaire -an exercise to evaluate the comprehensibility of questionnaire. 10 professionals in the BCM and DRP areas were invited to perform a trial run of the questionnaire.Their feedbacks related to their overall feel, experience as a survey candidate and understanding of the questions were captured and used for instrument improvement.This is necessary to know if the questionnaire will be successful (Saunders et al., 2009).
(3) Fifty candidates were invited to perform a pilot test to validate the reliability and construct of the instrument.After these three validation phases, the questionnaire was considered good to proceed to the final data gathering stage.

Final Test
Data collected during final data gathering stage were screened for removal of blank responses and outliers.Two basic assumptions in multivariate analysis (Tabachnick & Fidell, 2001) were achieved: data normality test and multicollenearity tests were performed to ensure data assumed normal and free from multicollienarity problem.Goodness of data was tested using inter-item correlation and Cronbach's Alpha reliability tests.Items were dropped to ensure that the inter-item correlation matrixes were greater than 0.3 and less than 0.9 to indicate the distance of the two items are sufficient to represent the variable but not too closely related (Hair, Black, Babin, & Anderson, 2010).The item's Cronbach's Alphas ranges above 0.6 are acceptable especially in the exploratory research (Hair et al., 2010).A factor analysis was then performed on the reduced number of items with principal components extracted.The factor loading of each of the item was greater than 0.7 to demonstrate an acceptable level of correlation and convergence between two items.KMO (Kaiser-Meyer-Olkin measure of sampling adequacy) was greater than 0.6 demonstrated internal consistency and adequate convergence between two concepts (Hair et al., 2010).The result was presented in Table 1   dimensions influencing the implementation of DRP are IT availability and reliability, technology competence, perceived business continuity benefits, top management support, external pressure to adopt DRP, business environment, staff competency, roles and responsibilities as they have relationships with DRP as evidenced from the hypotheses.Table 4 above shows the ranking of impacts for all these factors to DRP.External pressure, top management support and staff competencies are the top three critical dimensions impacting DRP.These were followed by business environment, roles and responsibilities, perceived BC benefits, technology competence and IT availability and reliability.On the other hand, complexity, organization compatibility, infrastructure readiness and trading partner readiness are not critical dimension for implementing DRP as their hypotheses were not supported by the data.The result above also shows that the 2 of 3 variables from the individual dimension (staff competency and roles and responsibilities) were among the critical dimensions influencing the DRP process implementation.This answer the second objective of this research which is individual dimension is important and it can be added to the existing TOE framework.
The above identified critical dimensions impacting DRP process implementation were as expected and align with most if not all prior researches.However, the non-identified critical dimensions of DRP may have mixed findings as compared with prior researches.For complexity factor, some prior researches support the claim of complexity of innovation encourages the adoption of the innovation (Wang et al., 2010) but some reject the claim (Chau & Tam, 1997).Which the decision factor depends on the type of IS innovation being studied.For this research, the complexity of DRP process could sometimes be underestimated and level of complexity was unintentionally reduced to match the organization's capability level.Since DRP is mandatory for financial institutions in Malaysia, the management don't see any complexity issue while implementing DRP and they resolve to have it in place at all cost.For organization compatibility factor, there were mix findings from prior research: (Wang et al., 2010) support the claim but (Lin & Lin, 2008) reject the claim.In an organization, there are many types of frameworks and governance that can work independently with little or no overlapping.It is not a pre-requirement to have any types of framework and governances in place before DRP implementation.But it is one of its deliverables to produce a disaster recovery framework at the early stage in order to guide the development and implementation of DRP.Infrastructure readiness also refers to the readiness of local utility service providers.It is a good practice to build critical business space like data centre at a location equipped with backup resources like having dual in-coming source of utility (Finn et al.).However, this is not mandatory as there are many strategies to ensure the incoming utility supply are stable and not interrupted; such as installing power generator and telecommunication lines run by different service providers.There are always alternatives to ensure minimum disruption due to infrastructure.Such as performing a site risk assessments to understand the neighborhood where the business location is in and to remediate any unacceptable risks, if any.Therefore, infrastructure readiness needs not to be a critical dimension of DRP.Trading partner readiness refers to the knowledge, expertise and experiences the trading partner posses.Such as their abilities to participate in the DRP related activities discussion, sharing of DRP process, DRP simulation, business impact analysis and continuity improvement plan.The result of this study indicates an insignificant influence between trading partner readiness and DRP success.This result is in line with most literature if not all (Lin & Lin, 2008;Wang et al., 2010) .
In summary, this study addressed some suggestions from prior researchers and contributed to the DRP industry.It presents a model for DRP implementation with 8 critical dimensions that addressed Kelly's suggestion for a need to have a disaster recovery and business continuity management implementation approach by knowing the factors that influence its success or failure (Kelly, 2012).Knowing the critical factors impacting a project to implement DRP process, managers can put more efforts and focus in them to ensure a successfully project delivery, and proper DRP maintenance after going live.This is an IT process acceptance model developed using an established academic model, TOE framework; and that it can serve as a tool to guide a successful implementation of DRP in an organization (Scott Ream, 2002b).Arising from the development of ITIL processes (OGC Official Site, 2008), individual factor has also been considered for inclusion in an academic model (TOE framework in this study); it is evidenced in this study that staff competency, roles and responsibilities indeed are critical in process implementation and could be included in future studies using TOE framework.More importantly, this DRP implementation model was performed on the financial industry in a developing country like Malaysia, which has not been attempted in prior researches.

Limitations and Future Work
Similar to other studies, this study has some areas that could not be addressed.This study focused on only one specific industry, the financial industry of a developing nation, Malaysia.While focusing on one industry allows for control of extraneous industry factors that could confound the analysis, the results could not be represented and applied to other industries and regions.Also, the implementation approach may differ between organizations in the East and in the West or between organizations in the developed and developing countries.However it is believed that the framework could be extended to other industry settings as the IT model demonstrated, the factors considered in the research were generic for all IT environment and technology setup.Respondents' attitudes play a vital role in the quality of this study.In view of most people who are busy with personal priorities, it raised concerns that the respondents did not spend the right level of time to consider the research questions and possible answers that best suit their organization.
There are few recommendations for considerations in future researches.This study was conducted on a financial landscape of a developing country; in order to generalize findings to a wider scope, further study can be conducted based on similar research issues on other industry, or in other countries.This study focus on the critical dimensions of DRP, it may lead to questions on the value of DRP to the organization.Therefore, this research model can be extended to explore the value DRP brings to the organization and its importance on the IT and business strategy map, basing on the critical dimensions discussed.In order to cover a more holistic view, it is recommended to also consider the view of customers, vendors and competitors in future research.Individual dimension was first introduced to TOE framework in this study.More researches of different IS innovation types and different industry could be considered to confirm the extended TOE framework.

Table 1 -
In