營運持續管理成熟度之研究－以銀行業為例

黃明達(Ming-Dar Hwang)；朱庭逸(Tyng-Yhi Chi)

營運持續管理 ； BCM ； RMN模型 ； 成熟度 ； Business continuity Management ； BCM ； RMN Model ； Maturity

電腦稽核

28期（2013 / 07 / 13）

90 - 106

繁體中文

金融機構營運管理系統於持續發展過程中，受限於緊迫時程與資源重置，承受了極大的考驗。國內多數金融機構自民國80年以來，皆陸續擬定災害復原計畫與建置備援系統，應相對成熟，卻很少企業曾真正啟動，常淪為備而不用的計畫，並未真正得到應有重視。近年國內外災難頻傳，遂陸續回頭審視管理機制，發現不夠深入與完整。而營運持續管理以災難備援為基礎並行之有年，由點到面進一步擴展而成，惟未有管理工具瞭解評估實際成熟程度，供各界檢視自身營運持續管理能力之參考。本研究係針對學者Randeree（2012）提出BCM 模型之營運持續要求及不同評估面向，將個案持續進行八年之營運發展軌跡導入模型。綜合顧問與專家建議，客觀定義成熟標準進行歷年比較分析，以瞭解成熟水準及如何改善的具體作法。最後將研究結果，提出作業標準程序供金融機構參考使用，逐步提昇營運持續管理之成熟度，作為管理機制的調整依據與指引，增進其營運持續能力，為企業創造最大利潤與提升競爭力。

Most of banking institutions in the process of sustainable development, limit to the urgency of time and resources to reset, to taking stress withstand a great test. The majority of domestic banking institutions since 1991, are one after another to develop a disaster recovery plan (DRP﹒)and build a redundant system, should be relatively mature, but very few companies had actually started DRP﹒., keep it for possible future use meant as a precautionary measure.「Yet, DRP does not always receive the attention it deserves?」 Domestic and international disasters were frequent in recent years, then begin to look back at the management regulation, and found are not enough depth and complete. The business continuity management rely on the basis of disaster recovery, and running more years. From basic to complex and further expansion made but there are no management tools to understand the actual maturity of the business continuity management capabilities of reference for public view.The case eight years of operation and development trajectory import model, the comprehensive consulting with experts suggest, Objective definition of a mature standard calendar year comparative analysis, to understand the level of maturity and how to improve practice. Finally, the study puts forward the operating standard procedures for financial institutions use and reference. Gradually improve the operation of the maturity of the ongoing management, as adjusted basis and guidelines for management mechanism, Enhance the sustainability of its operations for enterprises to create maximum profits and enhance their competitiveness. his study continued for scholars BCM model of operating requirements and different assessmentoriented, Eight years of operating history of the development trajectory import model. Comprehensive consultants and experts suggest, objective definition of mature standards for comparative gap of the yearly analysis, to understand the maturity level and how to improve practice. Finally, the results proposed standard operation of procedures for banking institutions to be used as a reference, and gradually improve the maturity of the business continuity management, to enhance its business continuity capabilities, as adjusted basis and guidelines for the management regulation, to create maximum profits for enterprises and enhance their competitiveness.

1. 江衍勳，IT災害復原簡介（ITDisasterRecovery）巡迴篇v3，國家資通安全會報技服中心，2009年。
2. W.Edwards Deming, Elementary Principles of the Statistical Control of Quality, Japanese Union of Scientists and Engineers, 1950. 註( 4).
3. 紀佳妮，營運持續計畫之災害復原實作，資策會與行政院國家資通安全會報技術服務中心，2011年。
4. Gartner Group.Gartner, Inc. (NYSE: IT ) , is the world 's leading information technology research and advisory company, 1979..
5. Titulaer, R., e.a.; Kwaliteit bij Burgerzaken:; stap voor stap op weg naar rekenschap, http://www.zenc.nl/rekenschap/h3.htm , 2001.
6. 銀行局全球資訊網，網址http://www.banking.gov.tw/Layout/，Accessed2012/11/20。
7. Arduini, F.,Morabito, V.(2010).Business Continuity and the Banking Industry.communications of the ACM,53(3),121-126.
8. Boehmer, W.(2009).Performance, survivability, and cost aspects of Business Continuity Processes According to BS25999.International Journal on Advances in Security,2(4),312-324.
9. British Standards Institution(2003).Guide to Business Continuity Management(PAS 56).London:British Standards Institution=BSI.
10. British Standards Institution(2006).Code of practice for Business Continuity Management (BS 25999- 1).London:British Standards Institution=BSI.
11. Christopher, K.,Jordan, S.(2010).Best Practices in IT Disaster Recovery Planning Among US Banks.Journal of Internet Banking and Commerce,15(1)
12. Hoffer, J.(2001).Backing up business-Industry trend or event.Health Management Technology
13. International Standard Organization(2012).ISO 22301.
14. Mohan, L.,Rai, S.(2006).Business continuity model: a reality check for banks in India.Journal of Internet Banking and Commerce,11(2)
15. Moulton, R.,Coles, R. S.(2003).Applying Information Security Governance.Computers and Security,2,274-281.
16. Naujoks, U.(Ed.),Bartlett, B.(Ed.)(2002).Business Continuity.London:
17. Niazi, M.,Wilson, D.,Zowghi, D.(2005).A maturity model for the implementation of software process improvement: an empirical study.The Journal of Systems and Software,74,152-172.
18. Noakes-Fry, N.,Diamond, T.(2001).Gartner ResearchGartner Research,未出版
19. Paulk, M.C.,Curtis, B.,Chrissis, M.B.,Weber, C.V.(1995).,Los Alamitos, CA:Software Engineering Institute=SEI.
20. Randeree,Mahal,Narwani(2012).a business continuity management maturity model for the uae banking sector.Business Process Management Journal,18(3),472-492.
21. shropshire, Jordan,kadlec, christopher(2009).Developing the it disaster recovery planning construct.Journal of Information Technology Management,3(4),37-56.
22. Smit, N.(2005).Erasmus University.
23. Spremic, M.,Ivanov, M.,Jakovic, B.(2011).IT governance and information system auditing practice in credit institutions in the Republic Of Croatia.international journal of applied mathematics and informatics,6(2),427-438.
24. Wunnava, Shalini,Ellis, Selwyn(2008).DISASTER Recovery planning: a pmt-based conceptual model(research-in-progress).Proceedings of the Southern Association for Information Systems Conference,Richmond, VA, USA:
25. Yin(2004).Case study research: Design and methods.Beverly Hills, CA:Sage Publishing.
26. 李紀珠(1991)。國政研究報告國政研究報告,未出版
27. 邱奕菁、張翼(2010)。從高科技產業探討災後企業持續營運管理之復原成功因素。工安衛生月刊
28. 曾、李介文(2011)。資訊系統災難備援規劃的新挑戰。電腦稽核期刊
29. 經濟部工業局。企業營運持續管理技術手冊。
30. 蘇建源、蔡旻修、阮金聲(2011)。以個案分析法探討金融業之企業營運持續管理。電腦稽核期刊

1. 黃劭彥、陳天意、王志誠(2017)。法令遵循控制機制成熟度模型之研究—以個資管理為例。管理與法遵，2(1)，89-131。