A Resilience Engineering Approach for the Risk Assessment of IT Services
Abstract
:1. Introduction
2. Materials and Methods
- Tier I, which consists of a screening level where the main properties of the system are identified and prioritized;
- Tier II, where the description of the system structure is defined, and bottlenecks are identified;
- Tier III, which includes the modeling of the interactions between the sub-systems and different scenarios, can be analyzed to verify the system’s performance under uncertainties.
2.1. The Functional Resonance Analysis Method (FRAM)
- Definition of the goal of the analysis;
- Identification and definition of the functions;
- Definition of the variability of each one of the functions;
- Variability aggregation;
- Identification of possible solutions.
- Input (I), representing the function’s starter or transformer;
- Output (O), which is the result of the function’s transformation;
- Precondition (P), i.e., what should happen to allow the function’s transformation;
- Resource (R), i.e., what is needed for the function’s activation or transformation in order to achieve the output;
- Time (T), representing the time constraints that can affect the function;
- Control (C), i.e., the control and monitoring modes of the function.
- Endogenous or internal variability;
- Exogenous or external variability;
- Influenced by upstream functions, i.e., when a functional upstream-downstream coupling occurs.
- Elimination;
- Prevention;
- Facilitation;
- Protection;
- Monitoring;
- Dampening.
2.2. Research Approach
- Re-hosting (lift-and-shift)
- Re-platforming (lift-tinker-and-shift)
- Re-purchasing (move to a different product)
- Refactoring
- Retiring
- Retaining.
- Connectivity and webserver of the Hosting service (external);
- Hosting service configuration (internal);
- Provision of applications for the management of the Hosting service (external);
- Configuration of the Hosting platform (internal);
- Domain name transfer/registration (external);
- Domain name transfer/registration (internal);
- Domain Name System (DNS) service (external);
- Domain Name System (DNS) configuration (internal);
- Provision of applications for the system migration (external);
- Management of customers and access to data (internal).
- The 6Rs approach to defining the proper strategies for IT system migration: in order to decide the proper strategy, the decision tree model proposed by Lloyd [43] was used.
- The Critical-to-Quality (CTQ) technique was used by means of a survey among the IT platform customers.
- Phase I, which is aimed at the definition of the main requirements and features of the migration process that have to be supplied, the output of this phase is represented by the definition and characterization of the performance requirements for the proper selection of the providers of the new IT platform.
- Phase II, which concerns the risk analysis of the migration process that has to be supplied, the output of this phase encompasses the detection of process criticalities and its optimization.
3. Case Study
- 1c.
- Transfer request (P): in the request, the company specifies the characteristics and features of the platform as well as the motivations behind the request; the acceptance of the supplier’s offer by the company is the precondition of the evaluation and execution phases of the migration process; in the offer, the provider must specify the details of the migration procedures and the execution times.
- 2c.
- Web service analysis (P): this activity is aimed at clarifying the features and applications of the server that has to be migrated, taking into account both hardware (e.g., CPU, type of HDD, RAM, etc.) and software (e.g., operative system, applications, CDN, etc.) characteristics; the output of this analysis consists of a document reporting all the information collected (e.g., the URL, the technical specification of the platform, etc.).
- 3c.
- Web hosting analysis (P): the goal of this activity consists of the definition of a report that includes an evaluation of both the current provider and the new ones based on the customer needs that emerged in the first phase of the procedure.
- 4c.
- Domain name analysis (P): since the domain name has to be transferred from the current provider to a new one, all the services related to the DNS should be analyzed; the output of this analysis consists of a technical report including all the features related to the DNS (an example of the services related to the DNS is the provision of an e-mail (electronic mail) system).
- 5c.
- DNS provider analysis (P): this activity is related to the verification of the characteristics of all the services related to the DNS that have to be provided; the company has to decide whether to keep a unique provider or select two different suppliers (e.g., one as a maintainer for the name and domain registration and one for the management of the DNS services).
- 6c.
- Configuration of the services related to the domain name (P): once the provider for the management of the DNS services is chosen, the DNS services must be configured to reduce the unavailability time during the migration.
- 7c.
- Backup of the source system (E): this activity consists of performing the backup of the current platform; the output is represented by archive files and images to be used during the tests and the transfer into the new system.
- 8c.
- Migration test (E): this test is aimed at verifying that the new server and the files generated by the backup are complete and correct. With this goal in mind, a different address is used, creating a clone platform while the current platform is still running.
- 9c.
- Functionality test (C/E): the clone platform is tested to verify all its functionalities and make corrections and modifications if needed in order to guarantee the full accessibility of services.
- 10c.
- New server configuration (E): once the functionality test is concluded, the new server that will host the platform is configured.
- 11c.
- Request for transfer of the domain name (E): the request for transfer of the domain name is made, and once the transfer is confirmed by the new service provider, the control panel is accessible.
- 12c.
- Platform installation (E): the platform is installed and all tools that are necessary for the migration are configured.
- 13c.
- Platform migration (E): all the files generated during the backup are transferred to the new system.
- 14c.
- Consistency test and services verification (C): both the accessibility and functionality of all services of the new platform are verified.
- 15c.
- Completing the migration (C/E): the migration process is completed and the platform is accessible to the customers.
- Precision: “acceptable”;
- Time: “in time”.
- the request for transfer was postponed, it occurs when the migration is completed;
- the use of a temporary domain (alias domain) was foreseen so that if the migration fails or the services on the new platform are unstable, it is possible to go back from the alias domain to the current domain, deleting the redirect to the temporary solution.
- 1n.
- Transfer request;
- 2n.
- Web service analysis;
- 3n.
- Web hosting analysis;
- 4n.
- Domain name analysis;
- 5n.
- DNS provider analysis;
- 6n.
- Backup of the source system;
- 7n.
- Migration test;
- 8n.
- Functionality test;
- 9n.
- New server configuration;
- 10n.
- Platform installation;
- 11n.
- Platform migration;
- 12n.
- Redirecting the source domain to a temporary domain;
- 13n.
- Consistency test and services verification;
- 14n.
- Request for transfer of the domain name;
- 15n.
- Configuration of all the services related to the domain name;
- 16n.
- Completing the migration.
4. Discussion
5. Conclusions
Supplementary Materials
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Martínez, K.; Claudio, D. Expanding Fundamental Boundaries between Resilience and Survivability in Systems Engineering: A Literature Review. Sustainability 2023, 15, 4811. [Google Scholar] [CrossRef]
- Reyers, B.; Moore, M.-L.; Haider, L.J.; Schlüter, M. The contributions of resilience to reshaping sustainable development. Nat. Sustain. 2022, 5, 657–664. [Google Scholar] [CrossRef]
- Folke, C.; Carpenter, S.; Elmqvist, T.; Gunderson, L.; Holling, C.S.; Walker, B. Resilience and sustainable development: Building adaptive capacity in a world of transformations. AMBIO J. Hum. Environ. 2002, 31, 437–440. [Google Scholar] [CrossRef] [PubMed]
- Carpenter, S.R.; Arrow, K.J.; Barrett, S.; Biggs, R.; Brock, W.A.; Crépin, A.-S.; Engström, G.; Folke, C.; Hughes, T.P.; Kautsky, N.; et al. General Resilience to Cope with Extreme Events. Sustainability 2012, 4, 3248–3259. [Google Scholar] [CrossRef]
- Lay, E.; Branlat, M.; Woods, Z. A practitioner’s experiences operationalizing Resilience Engineering. Reliab. Eng. Syst. Saf. 2015, 141, 63–73. [Google Scholar] [CrossRef]
- United Nations Office for Disaster Risk Reduction, Report of the Open-Ended Intergovernmental Expert Working Group on Indicators and Terminology Relating to Disaster Risk Reduction, United Nations General Assembly, Geneve (CH). Available online: https://digitallibrary.un.org/record/852089 (accessed on 26 June 2023).
- Hollnagel, E.; Woods, D.D.; Leveson, N. Resilience Engineering: Concepts and Precepts; Ashgate: Aldershot, UK, 2006. [Google Scholar]
- Hollnagel, E.; Wears, R.L.; Braithwaite, J. From Safety-I to Safety-II: A White Paper. Published Simultaneously by the University of Southern Denmark, University of Florida, USA, and Macquarie University, Australia: The Resilient Health Care Net. 2015. Available online: https://www.england.nhs.uk/signuptosafety/wp-content/uploads/sites/16/2015/10/safety-1-safety-2-whte-papr.pdf (accessed on 7 April 2023).
- Farooqi, A.; Ryan, B.; Cobb, S. Using expert perspectives to explore factors affecting choice of methods in safety analysis. Saf. Sci. 2022, 146, 105571. [Google Scholar] [CrossRef]
- Yousefi, A.; Rodriguez Hernandez, M.; Lopez Peña, V. Systemic accident analysis models: A comparison study between AcciMap, FRAM, and STAMP. Process Saf. Prog. 2018, 38, e12002. [Google Scholar] [CrossRef]
- Patriarca, R.; Bergström, J.; Di Gravio, G.; Costantino, F. Resilience engineering: Current status of the research and future challenges. Saf. Sci. 2018, 102, 79–100. [Google Scholar] [CrossRef]
- Patriarca, R.; Di Gravio, G.; Costantino, F.; Falegnami, A.; Bilotta, F. An Analytic Framework to Assess Organizational Resilience. Saf. Health Work 2018, 9, 265–276. [Google Scholar] [CrossRef]
- De Leo, F.; Elia, V.; Gnoni, M.G.; Tornese, F. Integrating Safety-I and Safety-II Approaches in Near Miss Management: A Critical Analysis. Sustainability 2023, 15, 2130. [Google Scholar] [CrossRef]
- Hollnagel, E. FRAM: The Functional Resonance Analysis Method: Modelling Complex Socio-Technical Systems; CRC Press: London, UK, 2012. [Google Scholar] [CrossRef]
- Grabbe, N.; Kellnberger, A.; Aydin, B.; Bengler, K. Safety of automated driving: The need for a systems approach and application of the Functional Resonance Analysis Method. Saf. Sci. 2020, 126, 104665. [Google Scholar] [CrossRef]
- Le Coze, J.C. The ‘new view’ of human error. Origins, ambiguities, successes and critiques. Saf. Sci. 2022, 154, 105853. [Google Scholar] [CrossRef]
- Li, W.; He, M.; Sun, Y.; Cao, Q. A proactive operational risk identification and analysis framework based on the integration of ACAT and FRAM. Reliab. Eng. Syst. Saf. 2019, 186, 101–109. [Google Scholar] [CrossRef]
- Patriarca, R.; Bergström, J.; Di Gravio, G. Defining the functional resonance analysis space: Combining Abstraction Hierarchy and FRAM. Reliab. Eng. Syst. Saf. 2017, 165, 34–46. [Google Scholar]
- Falegnami, A.; Costantino, F.; Di Gravio, G.; Patriarca, R. Unveil key functions in socio-technical systems: Mapping FRAM into a multilayer network. Cogn. Technol. Work 2020, 22, 877–899. [Google Scholar] [CrossRef]
- Delikhoon, M.; Zarei, E.; Banda, O.V.; Faridan, M.; Habibi, E. Systems Thinking Accident Analysis Models: A Systematic Review for Sustainable Safety Management. Sustainability 2022, 14, 5869. [Google Scholar] [CrossRef]
- Leveson, N. A systems approach to risk management through leading safety indicators. Reliab. Eng. Syst. Saf. 2015, 136, 17–34. [Google Scholar] [CrossRef]
- Yu, D.J.; Schoon, M.L.; Hawes, J.K.; Lee, S.; Park, J.; Rao, P.S.C.; Siebeneck, L.K.; Ukkusuri, S.V. Toward general principles for resilience engineering. Risk Anal. 2020, 40, 1509–1537. [Google Scholar] [CrossRef]
- Patriarca, R.; Di Gravio, G.; Woltjer, R.; Costantino, F.; Praetorius, G.; Ferreira, P.; Hollnagel, E. Framing the FRAM: A literature review on the functional resonance analysis method. Saf. Sci. 2020, 129, 104827. [Google Scholar] [CrossRef]
- Aven, T. Risk assessment and risk management: Review of recent advances on their foundation. Eur. J. Oper. Res. 2016, 253, 1–13. [Google Scholar] [CrossRef]
- Wagner, C.; Hudic, A.; Maksuti, S.; Tauber, M.; Pallas, F. Impact of critical infrastructure requirements on service migration guidelines to the cloud. In Proceedings of the 2015 3rd International Conference on Future Internet of Things and Cloud, Rome, Italy, 24–26 August 2015; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, USA; pp. 1–8. [Google Scholar]
- Choubey, R.; Dubey, R.; Bhattacharjee, J. A survey on cloud computing security, challenges and threats. Int. J. Comput. Sci. Eng. 2011, 3, 1227–1231. [Google Scholar]
- DIGICRT, Massive Fire Destroyed OVH Strasbourg Data Center. 2022. Available online: https://constellix.com/news/massive-fire-destroyed-ovh-strasbourg-data-center (accessed on 26 June 2023).
- Medina, A. Inside the Fastly Outage: Analysis and Lessons Learned, ThousandEyes, Cisco Systems. 2021. Available online: https://www.thousandeyes.com/blog/inside-the-fastly-outage-analysis-and-lessons-learned (accessed on 26 June 2023).
- Zhou, Z.; Matsubara, Y.; Takada, H. Developing Reliable Digital Healthcare Service Using Semi-Quantitative Functional Resonance Analysis. Comp. Syst. Sci. Eng. 2023, 45, 35–50. [Google Scholar] [CrossRef]
- de Carvalho, E.A.; Gomes, J.O.; Jatobá, A.; da Silva, M.F.; de Carvalho, P.V.R. Employing resilience engineering in eliciting software requirements for complex systems: Experiments with the functional resonance analysis method (FRAM). Cogn. Technol. Work 2021, 23, 65–83. [Google Scholar] [CrossRef]
- Zhou, J.; Hai, T.; Jawawi, D.N.A.; Wang, D.; Lakshmanna, K.; Maddikunta, P.K.R.; Iwendi, M. A lightweight energy consumption ensemble-based botnet detection model for IoT/6G networks. Sustain. Energy Technol. Assess. 2023, 60, 103454. [Google Scholar] [CrossRef]
- Theoharidou, M.; Tsalis, N.; Gritzalis, D. In Cloud We Trust: Risk-Assessment-as-a-Service. In Trust Management VII; Springer: Berlin/Heidelberg, Germany, 2013; Volume 401, pp. 100–110. [Google Scholar] [CrossRef]
- Sendi, A.S.; Cheriet, M. Cloud Computing: A Risk Assessment Model. In Proceedings of the 2014 IEEE International Conference on Cloud Engineering, London, UK, 8–11 December 2014; pp. 147–152. [Google Scholar] [CrossRef]
- Tecnalia, The MEDINA Project. Available online: https://medina-project.eu/mission-and-vision/ (accessed on 26 June 2023).
- Akinrolabu, O.; New, S.; Martin, A. CSCCRA: A Novel Quantitative Risk Assessment Model for SaaS Cloud Service Providers. Computers 2019, 8, 66. [Google Scholar] [CrossRef]
- Alves Carvalho, E.; Orlando Gomes, J.; Jatobá, A.; Ferreira Silva, M.; Rodrigues Carvalho, P.V. Software Requirements Elicitation for Complex Systems with the Functional Resonance Analysis Method (FRAM). In Proceedings of the XVII Brazilian Symposium on Information Systems, Uberlândia, Brazil, 7–10 June 2021; pp. 1–8. [Google Scholar] [CrossRef]
- Diop, I.; Abdul-Nour, G.; Komljenovic, D. The Functional Resonance Analysis Method: A Performance Appraisal Tool for Risk Assessment and Accident Investigation in Complex and Dynamic Socio-Technical Systems. Am. J. Ind. Bus. Manag. 2022, 12, 195–230. [Google Scholar] [CrossRef]
- Martins, J.B.; Carim, G.; Saurin, T.A.; Costella, M.F. Integrating Safety-I and Safety-II: Learning from failure and success in construction sites. Saf. Sci. 2022, 148, 105672. [Google Scholar] [CrossRef]
- Linkov, I.; Fox-Lent, C.; Read, L.; Allen, C.R.; Arnott, J.C.; Bellini, E.; Coaffee, J.; Florin, M.-V.; Hatfield, K.; Hyde, I.; et al. Tiered Approach to Resilience Assessment. Risk Anal. 2018, 38, 1772–1780. [Google Scholar] [CrossRef]
- Fargnoli, M.; Lombardi, M.; Puri, D. Applying Hierarchical Task Analysis to Depict Human Safety Errors during Pesticide Use in Vineyard Cultivation. Agriculture 2019, 9, 158. [Google Scholar] [CrossRef]
- Patriarca, R.; Di Gravio, G.; Costantino, F. A Monte Carlo evolution of the Functional Resonance Analysis Method (FRAM) to assess performance variability in complex systems. Saf. Sci. 2017, 91, 49–60. [Google Scholar] [CrossRef]
- Alvarenga, M.A.B.; Frutuoso e Melo, P.F.; Fonseca, R.A. A critical review of methods and models for evaluating organizational factors in Human Reliability Analysis. Prog. Nucl. Energy 2014, 75, 25–41. [Google Scholar] [CrossRef]
- Lloyd, J. Migration Strategies. In Infrastructure Leader’s Guide to Google Cloud: Lead Your Organization’s Google Cloud Adoption, Migration and Modernization Journey; Apress: Berkeley, CA, USA, 2022; pp. 99–105. [Google Scholar] [CrossRef]
- Varma, K.M.; Se, G.B. Efficient Scalable Migrations in the Cloud. In Proceedings of the IEEE/ACIS 7th International Conference on Big Data, Cloud Computing, and Data Science (BCD), Danang, Vietnam, 4–6 August 2022; pp. 3–6. [Google Scholar] [CrossRef]
- Abdul Rahman, A.A.L.; Islam, S.; Kalloniatis, C.; Gritzalis, S. A Risk Management Approach for a Sustainable Cloud Migration. J. Risk Financ. Manag. 2017, 10, 20. [Google Scholar] [CrossRef]
- Karumanchi, M.D.; Sheeba, J.I.; Pradeep Devaneyan, S. Integrated internet of things with cloud developed for data integrity problems on supply chain management. Meas. Sens. 2022, 24, 100445. [Google Scholar] [CrossRef]
- Fargnoli, M.; Haber, N. A QFD-based approach for the development of smart product-service systems. Eng. Rep. 2023, e12665. [Google Scholar] [CrossRef]
- Fargnoli, M.; Haber, N.; Tronci, M. Case Study Research to Foster the Optimization of Supply Chain Management through the PSS Approach. Sustainability 2022, 14, 2235. [Google Scholar] [CrossRef]
- ISO 22316:2017; Security and Resilience—Organizational Resilience—Principles and Attributes. ISO: Geneva, Switzerland, 2017. Available online: https://www.iso.org/standard/50053.html (accessed on 26 June 2023).
- ISO 28000:2022; Security and Resilience—Security Management Systems—Requirements. ISO: Geneva, Switzerland, 2022. Available online: https://www.iso.org/standard/79612.html (accessed on 26 June 2023).
- EU. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R0679-20160504&qid=1688462060670 (accessed on 26 June 2023).
- Hoy, K.M.; Fallon, E.; Kelly, M. Paediatric Homecare Risk Management: An Application of Functional Resonance Analysis Method (FRAM). Safety 2023, 9, 52. [Google Scholar] [CrossRef]
- Rees Hill, FRAM Model Visualiser (FMV). Available online: https://functionalresonance.com/the%20fram%20model%20visualiser/ (accessed on 26 June 2023).
- Sen, A.; Madria, S. Analysis of a cloud migration framework for offline risk assessment of cloud service providers. Softw. Pract. Exp. 2020, 50, 998–1021. [Google Scholar] [CrossRef]
- Kumar, R.R.; Mishra, S.; Kumar, C. A novel framework for cloud service evaluation and selection using hybrid MCDM methods. Arab. J. Sci. Eng. 2018, 43, 7015–7030. Available online: https://link.springer.com/content/pdf/10.1007/s13369-017-2975-3.pdf (accessed on 26 July 2023). [CrossRef]
- Akinrolabu, O.; Nurse, J.R.C.; Martin, A.; New, S. Cyber risk assessment in cloud provider environments: Current models and future needs. Comput. Secur. 2019, 87, 101600. [Google Scholar] [CrossRef]
- Lee, S.; Seo, K.K. A hybrid multi-criteria decision-making model for a cloud service selection problem using BSC, fuzzy Delphi method and fuzzy AHP. Wirel. Pers. Commun. 2016, 86, 57–75. [Google Scholar] [CrossRef]
- Akinrolabu, O.; New, S.; Martin, A. Cyber Supply Chain Risks in Cloud Computing—Bridging the Risk Assessment Gap. Open J. Cloud Comput. 2018, 5, 1–19. [Google Scholar]
- Albakri, S.H.; Shanmugam, B.; Samy, G.N.; Idris, N.B.; Ahmed, A. Security risk assessment framework for cloud computing environments. Secur. Commun. Netw. 2014, 7, 2114–2124. [Google Scholar] [CrossRef]
- Camacho, C.; Cañizares, P.C.; Llana, L.; Núñez, A. Chaos as a Software Product Line—A platform for improving open hybrid-cloud systems resiliency. In Software—Practice and Experience; Wiley: Hoboken, NJ, USA, 2022; pp. 1–34. [Google Scholar] [CrossRef]
- Chang, V.; Ramachandran, M.; Yao, Y.; Kuo, Y.H.; Li, C.S. A resiliency framework for an enterprise cloud. Int. J. Inf. Manag. 2016, 36, 155–166. [Google Scholar] [CrossRef]
- Adriaensen, A.; Decré, W.; Pintelon, L. Can Complexity-Thinking Methods Contribute to Improving Occupational Safety in Industry 4.0? A Review of Safety Analysis Methods and Their Concepts. Safety 2019, 5, 65. [Google Scholar] [CrossRef]
- Holgado, M. A Systems Engineering Approach to Performance-Based Maintenance Services Design. Processes 2019, 7, 59. [Google Scholar] [CrossRef]
- de Souza, I.T.; Rosa, A.C.; Vidal, M.C.R.; Najjar, M.K.; Hammad, A.W.A.; Haddad, A.N. Information Technologies in Complex Socio-Technical Systems Based on Functional Variability: A Case Study on HVAC Maintenance Work Orders. Appl. Sci. 2021, 11, 1049. [Google Scholar] [CrossRef]
- Abioye, T.E.; Arogundade, O.T.; Misra, S.; Adesemowo, K.; Damaševičius, R. Cloud-Based Business Process Security Risk Management: A Systematic Review, Taxonomy, and Future Directions. Computers 2021, 10, 160. [Google Scholar] [CrossRef]
- Provan, D.J.; Woods, D.D.; Dekker, S.W.A.; Rae, A.J. Safety II professionals: How resilience engineering can transform safety practice. Reliab. Eng. Syst. Saf. 2020, 195, 106740. [Google Scholar] [CrossRef]
- Alam, I.; Perry, C. A Customer-oriented new service development process. J. Serv. Mark. 2002, 16, 515–534. [Google Scholar] [CrossRef]
- Yin, R.K. Case Study Research. Design and Methods; Sage: Thousand Oaks, CA, USA, 2014. [Google Scholar]
- Haber, N.; Fargnoli, M.; Sakao, T. Integrating QFD for product-service systems with the Kano model and fuzzy AHP. Total Qual. Manag. Bus. Excel. 2018, 31, 929–954. [Google Scholar] [CrossRef]
- Rosa, L.V.; Carvalho, P.V.; Haddad, A.N. FRAM-AHP: A Resilience Engineering Approach for Sustainable Prevention. In Occupational and Environmental Safety and Health II; Springer: Cham, Switzerland, 2020; pp. 123–131. [Google Scholar] [CrossRef]
- Alboghobeish, A.; Shirali, G.A. Integration of Functional Resonance Analysis with Multicriteria Analysis for Sociotechnical Systems Risk Management. Risk Anal. 2022, 42, 882–895. [Google Scholar] [CrossRef]
- Abreu Saurin, T.; Patriarca, R. A taxonomy of interactions in socio-technical systems: A functional perspective. Appl. Ergon. 2020, 82, 102980. [Google Scholar] [CrossRef]
- Salehi, V.; Veitch, B.; Smith, D. Modeling complex socio-technical systems using the FRAM: A literature review. Hum. Factors Ergon. Manuf. Serv. Ind. 2021, 31, 118–142. [Google Scholar] [CrossRef]
Fu | Precise | Acceptable | Imprecise |
---|---|---|---|
T | Normal | Improbable | Improbable |
M | Possible | Typical | Possible |
O | Improbable | Possible | Probable |
Fu | Precise | Acceptable | Imprecise |
---|---|---|---|
T | Improbable | Normal | Improbable |
M | Possible | Possible | Possible |
O | Improbable | Probable | Possible |
Quality Drivers | Performance Requirements |
---|---|
1.1 HW and SW performances | 1.1.a Type of processor: RAM, SSD, etc. |
1.1.b Bandwidth | |
1.1.c Command execution times and diffusion | |
1.2 SLA performances | 1.2.a SLA ≥ 99.99% |
1.2.b Refund policy | |
1.2.c Details of services | |
1.3 Customer care performances | 1.3.a Troubleshooting within 2 h |
1.3.b ISO/IEC 20000-1 certification | |
1.3.c ISO 9001 certification | |
2.1 ISO/IEC 27001, 27017, and 27018 certification | 2.1.a 5-year certification |
2.1.b Guidelines published on the company’s website | |
2.1.c Results of the third-party audits published on the company’s website | |
2.2 ISO 22301 certification | 2.2.a 5-year certification |
2.2.b Guidelines published on the company’s website | |
2.2.c Results of the third-party audits published on the company’s website | |
2.3 Tier 4 or ANSI/TIA-942 certification | 2.3.a 5-year type IV certification |
2.3.b Guidelines published on the company’s website | |
2.3.c Results of the third-party audits published on the company’s website | |
3.1 Compliance with GPDR | 3.1.a EU server |
3.1.b ISO/IEC 27701 certification | |
3.1.c Exhaustive privacy section of the company’s website |
Function | Time: In Time | Precision: Acceptable |
---|---|---|
T | Normal | Improbable |
M | Possible | Typical |
O | Probable | Possible |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Fargnoli, M.; Murgianu, L. A Resilience Engineering Approach for the Risk Assessment of IT Services. Appl. Sci. 2023, 13, 11132. https://doi.org/10.3390/app132011132
Fargnoli M, Murgianu L. A Resilience Engineering Approach for the Risk Assessment of IT Services. Applied Sciences. 2023; 13(20):11132. https://doi.org/10.3390/app132011132
Chicago/Turabian StyleFargnoli, Mario, and Luca Murgianu. 2023. "A Resilience Engineering Approach for the Risk Assessment of IT Services" Applied Sciences 13, no. 20: 11132. https://doi.org/10.3390/app132011132
APA StyleFargnoli, M., & Murgianu, L. (2023). A Resilience Engineering Approach for the Risk Assessment of IT Services. Applied Sciences, 13(20), 11132. https://doi.org/10.3390/app132011132