Purpose The purpose of this article is to identify the role of cloud computing services in business continuity and disaster recovery plans and delineate responsibilities for their execution. In recent times, there has been a huge upsurge in the usage of cloud service models such as infrastructure-as-a-service, platform-as-a-service, software-as-a-service and disaster recovery-as-a-service. However, in case of an emergency event or during contract negotiations, a question might arise as to who should be accountable and responsible for the content and execution of recovery plans. The main stakeholders in this scenario are cloud service providers and cloud consumers. Design/methodology/approach After a review of academic articles, standards, guidelines and vendor documentation, a proposal for assigning accountability and responsibility for business continuity and disaster recovery plans is presented, based on the RACI (responsible, accountable, consulted and informed) matrix. In this regard, a critical information infrastructure protection plan, a disaster recovery plan, an information systems contingency plan and a business continuity plan have been elaborated on in the article. Findings RACI matrices are presented for three general cloud service models and for three DRaaS models (managed, assisted and self-service). Accountability and responsibilities depend on the deployed cloud service model and the roles of cloud service providers and cloud consumers. Originality/value The proposed model for accountability and responsibility assignment provides a guideline for the allocation of responsibilities to roles not only during recovery but also during contract negotiations between cloud service providers and cloud consumers. By delving into business continuity and disaster recovery processes and activities, similar yet nuanced RACI matrices should be developed, as presented in this paper. They need to be customised for the specific context.
Read full abstract