1 Introduction

The aim of this article is to investigate the extent to which Jordanian service organizations seek to establish enterprise-wide continuity culture. Business continuity management (BCM) is a process that consists of a number of activities that should be carried out in order to develop a business continuity plan. Yet, insufficient or inadequate testing, training, and maintenance and updating of the plan will make it irrelevant and unusable. It will also fail to improve organizational resilience which, in many cases, determines whether or not an organization is able to recover following major incidents (Elliott et al. 2010; Herbane 2010).

The services sector in Jordan is significant and contributes approximately 67 % of the country’s GDP and employs over 75 % of the local labor force. The Jordanian services sector is diversified and includes: financial services; hotel and tourism; technology and communications; construction; wholesale and retail trade; transportation; postal and courier services; food and beverage; media; and utilities and energy (Amman Stock Exchange 2015).

Failure to undertake proactive measures to reduce disaster losses places extra pressures on governments to provide assistance following potential disasters. Therefore, adopting effective disaster risk reduction practices is critical especially for low- and middle-income countries, such as Jordan that have suffered substantially more economic and human losses from disasters than high-income countries (Michel-Kerjan et al. 2013).

2 Literature Review

The following sections provide a clearer contextual image about the topics investigated. Key studies in the field are presented and critically unfolded in order to provide a profound understanding of the significance of enterprise continuity values.

2.1 The Services Sector and Business Continuity Management

The Jordanian services sector has developed significantly during the last decade. In 2000, Jordan became a member of the World Trade Organization General Agreement on trade in services and joined the Mediterranean Partners who had initiated negotiations on the liberalization of services that provided Jordan with access to the E.U. service market, which is the largest in the world. Since then, the Jordanian services sector has been experiencing an increasing number of risks that are likely to trigger crises or disasters.

Supply chain disaster risks is one example of the risks facing Jordanian service organizations as they are becoming increasingly dependent on supply chain networks and also more susceptible to their suppliers’ disaster risk profiles (Lockamy 2014). Very recently, some natural hazards, such as flooding that resulted from the heavy rain and the unprecedented weather conditions had huge impacts on Jordanian business including service organizations (Sawalha 2014). Economic crises, global competition, and risks associated with entry to new markets are other forms of risks facing Jordanian service organizations (Obeidat 2010). Failure to deliver services as a result of interruption could impact businesses financially and ultimately put companies out of business.

Therefore, examining the BCM programs in the Jordanian services sector becomes necessary in order to ensure satisfactory functioning of these businesses and the society they serve. Examining BCM in this context will also help uncover the willingness of managers to introduce comprehensive business continuity plans.

BCM has its roots in crisis management. In the 1970s, business continuity focused primarily on information technology and the continuous operability of computing systems. In the 1980s, business continuity encompassed additional business areas at both corporate and business unit levels. In the 1990s, business continuity has become a value-adding process that contributes to the development and sustainability of the competitive advantage (Moore and Lakha 2004). BCM has recently been defined as: “a holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities” (British Standard Institution 2006, p. 1).

Following the September 11 events in the United States, further attention was given to the importance of embedding BCM in the culture of the organization, as well as raising BCM to a strategic level (Herbane et al. 2004; Pitt and Goyal 2004; Kelly 2007; Elliott et al. 2010; Sharp 2012). This requires coordination between all business units and management levels and continuous learning that emphasizes flexibility and technological integration (Alesi 2008; Elliott et al. 2010). At present, BCM is becoming a significant and inseparable part of the contemporary disaster risk reduction literature, as many have pointed out (Costello 2012; Sawalha et al. 2013; Epstein and Khan 2014).

Elliott et al. (1999) argued that in terms of crisis preparedness and the scope of business continuity, two types of organizations are identified: standard practice and better practice. Standard practice organizations are those concerned mainly with the development of corrective plans while paying less attention to creating continuity cultures. Better practice organizations are those that recognize the importance of having BCM programs that stimulate changes in culture and resilience.

Resilience is the ability to absorb shocks and external pressures in order to restore prior order. It points towards the ability to take advantage of pressures and become stronger (Reich 2006; Elliott et al. 2010). Resilient organizations are those able to undertake and maintain positive adjustment under challenging conditions (Cheng 2007; Van Gorder 2013). This, according to Gittell et al. (2006), involves the ability to bounce back from untoward events and the capacity to maintain a desirable level of functioning during and after major incidents. Resilience represents the level of tolerance and draws on the procedures required to cope with adversity in order to survive. Resilience therefore is considered to be the positive side of vulnerability. It represents the capacity to resist damage and change resulting from major incidents (Moore and Lakha 2004; Gaillard 2007). Parsons (2010) described resilience as a capability and argued that organizational culture and resilience are tightly linked. He noted that organizational culture is one of the most significant attributes in creating resilience. Paton et al. (2000) described resilience as an ongoing process of self-righting which relates to organizational culture that can correct itself following major incidents. Therefore, in order to improve resilience, the development and documentation of the business continuity (BC) plan should not mark the end of the BCM process (Elliott et al. 2010). What matters most is the embedding of BCM in the organization’s culture. “BCM is a business culture rather than a project” (Brazeau 2008, p. 26).

2.2 Continuity Culture and Organizations

Organizational culture has been discussed extensively in the literature. It is even attracting more attention as many organizations nowadays are experiencing an increase in the number of employees who have different cultural backgrounds, as well as those multicultural individuals (Fitzsimmons 2013). Organizational culture is not created by memo or by a decision from a senior executive, but rather develops over time and plays a critical role in achieving organizational objectives (Ababaneh 2010; Van Gorder 2013).

Culture is considered one of the most powerful set of forces acting on organizations that can identify unhealthy or crisis prone versus healthy or crisis prepared organizations (Pauchant and Mitroff 1988). In many cases, unhealthy organizational culture causes failure. The failure of many organizations is due to crisis denial that does not stimulate taking further actions or a result of cultural rigidity; while management is busy managing day-to-day operations, crises build up slowly. Finally, when the event is unavoidable, management struggles to know how to start to recover (Richardson et al. 1994; Kulatunga 2010).

The Arab society has its own cultural identity that has a substantial influence on Arab organizations. Arab values and customs have been linked to a bureaucratic form of organizational structure. Centralization of power and the existence of lines of authority and hierarchy are among the features that characterize the Arab culture. In addition, workplace is systematized and controlled by rules and procedures, and normally associated with low levels of freedom and autonomy. Arab management systems are also influenced by the Arabic language, tribe, and history. Despite the fact that Jordan has made considerable advancements in the business sector, the country is part of the Arab world and therefore, its culture, management systems, and business environment need to be seen within this context (Agnala 1998; Al-Rasheed 2001; Sabri 2004; Ababaneh 2010; Hofstede et al. 2010). These factors are some of the barriers to building BCM culture in the Jordanian business sector.

The study of organizational crises presents the advantage of exposing organizations to extreme situations and consequently highlights organizational activities and cultural trends that are more difficult to identify in normal situations and the ways crises should be managed (Starbuck and Farjoun 2005). Cultural rigidity and traditional crisis management practices stimulate the need to reconsider the effectiveness of these practices and their ability to counteract crises. They also trigger the need to rethink about the ways of creating resilient cultures and organizations that are able to recover effectively following major incidents (Boin and McConnell 2007). Recently, issues relating BCM to organizational culture have been increasingly introduced and discussed in the literature.

Pitt and Goyal (2004), Gibb and Buchanan (2006), Elliott et al. (2010), Lindstrom et al. (2010), Tammineedi (2010), and Sharp (2012) argued that BCM can be embedded in the organization’s culture through regular testing, training and awareness and the maintenance and updating of the continuity plan. The following is an overview of these activities.

  • Continuity testing Testing helps to examine the comprehensiveness and applicability of the BC plan and its ability to cope with various disaster and crisis scenarios. It ensures that the BC plan can be executed and that all the required resources are deployed as part of the overall BCM strategy. Full plan testing in a real atmosphere (also known as exercising the plan) enables continuity teams to find possible weaknesses in their plans and to strengthen them. Testing also builds confidence amongst people and reduces panic at the time of emergency (Green 2014). Most importantly, it is significant to note that testing should not be limited to internal employees. Engaging customers, business partners, and other agencies that support business operations is also significant.

  • Continuity training and awareness Schraeder et al. (2005) argued that successful cultural change can be achieved by training. Training aims at enhancing awareness levels and motivating change. It helps to reduce resistance by providing participants with the opportunity to think critically, work in groups, and learn. Organizations that are better at learning are more capable of coping with emerging threats. They are also better in creating new knowledge and in adapting to changing environmental conditions more quickly and efficiently (De Holan and Phillips 2004). Overall, training should be made in order to enhance preparedness for future incidents (Sapirstein 2006).

  • Continuity maintenance and updating The purpose of maintenance is to ensure that the BC plan is capable of responding to the changing nature of the business environment and that it is fit for use and is quality assured that subsequently helps to ensure that the organization’s BCM competence and capability remain effective. Regular maintenance protects the organization from having to develop continuity procedures again (helps to keep plans relevant) thereby ensuring the existence of workable business continuity plans at all times, since the impact of having irrelevant plans is much worse than having no plan. Primarily, maintenance includes plan procedure review; risk management program review; and an analysis of the latest corporate standards (Ernst & Young 2008). Maintenance and updating are closely linked. While maintenance ensures that plans are kept relevant, updating aims at ensuring that any changes in business activities, systems, and the environment are documented and covered. As a result, regular updating ensures all plans are kept up-to-date and ready to use. Updating should also be performed each time a continuity test is performed since there could be a substantial number of plans that are likely to fail following the test. Therefore, it becomes essential to update and document shortfalls and lessons learned from the testing exercise.

The testing, training and awareness and maintenance and updating activities are indicators of the maturity level of the business continuity plan and have been described as the ability of an organization to recover following major incidents. This ability is classified into five levels in terms of the business continuity plan, as shown in Fig. 1. Level 1 = no plan; level 2 = documented BC plan; level 3 = tested BC plan; level 4 = trained BC plan; and level 5 = maintained and updated BC plan. The higher the level is, the more the organization will be able to recover following major disruptions and return to normal (Strohl Systems 2007).

Fig. 1
figure 1

Ability to recover versus BC plan maturity. Source adapted from Strohl Systems (2007)

3 Methodology

A survey strategy was adopted in this research. Primary and secondary data were used. Semistructured interviews were conducted in 2014 with five senior managers from five Jordanian service organizations (S1–S5) registered with the Amman Stock Exchange (ASE). S1 was a leading multinational IT services provider. S2 was a leading national transportation services provider. S3 was a leading national media and newspaper services provider. S4 was a leading financial services firm. S5 was a leading food and beverage services organization.

The selection of these organizations was made on the basis of simple random sampling. The advantage of using simple random sampling is that it allows all elements of the entire population (in our case, those represent all service organizations registered with ASE) to have equal selection probability, that is, all elements within the population are equally likely to be selected (Saunders et al. 2012). Simple random sampling was performed using a random sampling generator (many of these are freely available online). The sampling generator was configured in a way that allowed one company to be selected from each of the five major leading groups of companies that comprise the services sector in Jordan: telecommunications and IT; transportation; media; financial; and the hotel, food, and beverage services. This was the reason for choosing five companies for the purpose of this research.

The rationale for using semistructured interviews as a data collection method is fourfold: (1) semistructured interviews provide a halfway-house between inflexible structured interviews and more subjective unstructured interviews (Saunders et al. 2012); (2) semistructured interviews help to provide a detailed understanding regarding the issues being studied (Saunders et al. 2012); (3) qualitative research designs are usually used in studies related to organizational culture since many aspects of culture cannot be quantified easily or measured using common quantitative techniques, such as the Likert scale (Pauchant and Mitroff 1988; Schraeder et al. 2005; Bellot 2011); and (4) previous studies on BCM used semistructured interviews as the data collection method, such as those of Elliott et al. (1999), Swartz et al. (2003), and Herbane et al. (2004).

Using semistructured interviews is appropriate for collecting rich contextual information and for exploratory studies. However there are limitations to these. During the course of the interviews, two major obstacles were identified and noticed clearly. First, is the issue of confidentiality of the information provided by the respondents; and second, is the willingness of the respondents to provide factual (that is realistic and truthful) information regarding their own organizations and practices. In order to overcome these limitations, respondents were assured that the information provided will be used only for the purpose of this research and at no time will this information be divulged to third parties. Furthermore, and at the beginning of each interview, the interviewer explained the significance of the research and encouraged the respondent to speak freely within a relaxed and informal atmosphere, yet keeping the conservation focused on the main issues of the research until all relevant details, emotions, and attitudes were revealed while bearing in mind avoiding all potential questions and/or questions structure that require straight answers, such as the “yes” or “no,” which are likely to be rejected by the respondents.

In terms of validity of the research findings, also known as generalizability, which refers to the extent to which the findings can be applied to other research settings, Saunders et al. (2012) argued that it is difficult for any researcher to assure complete validity or generalizability. However, a degree of confidence in the research findings can be assured if the sample is representative. A representative sample is one that can be considered valid for the entire population. Therefore, in order to assure an acceptable level of confidence in the findings of this research, the interviews targeted five service organizations registered officially at the ASE. Interviews also targeted the headquarters only in order to obtain a more homogenous sample. In addition, the respondents interviewed had direct responsibility for BCM and were considered as key people in managing continuity in their organizations.

4 Findings

The following sections provide a detailed presentation of the findings of the semistructured interviews. A careful attempt was made to take into account and include every possible feedback from respondents, verbal or non-verbal (that is attitudinal).

4.1 Use of BCM and Organizational Culture

Four companies (S2, S3, S4, and S5) used BCM. BCM appeared to involve more than the preparation of the BC plan, with BCM an enterprise-wide process and ownership of BCM was not limited to a particular business unit within S2, S3, and S4. Within S2, S3, and S4 there was a greater focus on the prevention aspect of BCM. The main aim in these organizations was to ensure that the entire business would be able to continue functioning. In addition, within S2, special attention was given to the protection of customers and the company’s reputation. In S3, greater attention was given to the prevention of man-made and machinery disruptions since a one-day disruption can affect revenues substantially. In S4, more attention was given to the protection of customers’ financial assets.

The situation in S5 and S1 was different. Despite the fact that the respondent from S5 claimed to have used BCM, the interview findings indicated that there was a greater focus on the protection of the company’s supply chain and the ability to recover quickly and effectively following disruptions that could possibly cause discontinuity to food and beverage supplies. This appeared to be the main driver for the use of BCM within S5. Therefore, responsibility for BCM was one of the duties of the supply chain management department. As S5 explained:

The most significant element in our business is product availability at all times. This is our competitive advantage… In the food and beverage sector, customers can switch easily from one service provider to another if their inquiries are not served immediately! … the shortest delay in supply results in a substantial drop in the number of customers. (S5)

Within S1 there was a greater focus on the integrity of systems, as well as the recovery of the electronic network. Therefore, business continuity focused primarily on the development of the recovery plan and was related more to the IT function and was one of the responsibilities of the Chief Information Officer (CIO) only. Overall, within S5 and S1, there was a greater focus on recovery more than prevention.

Therefore, unlike S2, S3, and S4, which can be considered as best practice organizations, in terms of crisis preparedness and the scope of BCM, S1 and S5 appeared to adopt a more basic approach that focuses mainly on the development of disaster recovery strategies that are internally and hardware oriented rather than on establishing a BCM framework that promotes organizational changes in culture, communications, and structure.

An observation that emerged in the course of interviews was that S2, S3, and S4 were better prepared for crises and more resilient. Involvement of crisis was based on pro-action rather than reaction with multiple departments participating in BCM. This means that these organizations will not have to wait until major disasters and crises develop, with a major impact on stakeholders before they start to change the way they cope with such events. For instance, the respondent from S2 noted that:

Our company experienced a number of crises in the past… and so, we currently focus on preparation in order to prevent similar incidents in the future. (S2)

Unlike S1 and S5, in which BCM was the responsibility of the CIO and the supply chain management departments only, within S2, S3, and S4, BCM was based on a cross-functional effort with linkages between different departments and business units. For instance, the respondent from S4 noted that:

BCM is an enterprise-wide process with various business areas involved… some BCM procedures are communicated to many departments and different employees. (S4)

Moreover, within S2, S3, and S4, it was noted that BCM was considered a value adding and value preserving process. Herbane et al. (2004) clearly mentioned that value preservation is a background capability that is underpinned by BCM. It provides improved operational stability in which the competitive advantages achieved through the implementation of strategic initiatives can prosper. Since the primary concerns of these organizations were to assure the protection of customers, corporate reputation, and reduction of disruptions, BCM helped to underpin this assurance. For instance, the respondent from S3 stated:

BCM has helped us to increasingly meet customers’ expectations… our stakeholders are now more confident that business objectives will be achieved with less disruptions through the existence of a detailed continuity plan. (S3)

Overall, the findings (also summarized in Table 1) indicate that there was a difference between the organizational culture of S2, S3, and S4, and the organizational culture of S1 and S5. Therefore, variations were noticed in terms of levels of awareness, crisis preparedness, and resilience. The findings suggest that some organizations may have developed specific cultural trends that contribute to the establishment of resilience.

Table 1 Summary of the findings of Sect. 4.1

4.2 Testing

The findings revealed that S2, S3, and S4 performed regular testing for their continuity plans. Respondents reported that testing was a primary activity in their BCM practice and they showed a considerable level of understanding of the significance of testing. S2 and S3 reported that full plan testing was performed on an annual basis. Within S4, testing was performed twice per annum.

The findings also revealed that testing within S2, S3, and S4 involved performing a number of activities as part of the testing process, including: hypothetical testing; component testing; and full testing. Hypothetical is aimed at verifying business continuity procedures and proving their theoretical applicability and usability. The aim of component testing is to verify the accuracy and compatibility of individual continuity procedures. Full testing verifies overall comprehensiveness, applicability, integrity, and functionality of all the components of the continuity plan. It was also found that within S2 and S4, testing was made with the support and supervision of external consultants.

Despite the fact that the findings indicated that the respondent from S1 appreciated the significance of testing, the respondent reported that testing is not performed on a regular basis in his organization. The respondent asserted:

Plan testing was performed once we first developed and documented our recovery plan. Since then, testing is performed if an internal or external incident triggers the need to test the plan, or as a response to the changing aspects of the business environment, or if new components are being added to our systems. (S1)

Plan testing was not performed at all within S5. This was due to the fact that the organization has been documenting every single cause of business disruption since it was established and therefore, it seemed that recovery procedures had been set up as ad hoc responses to various incidents. This, as the respondent justified, had lessened the need for plan testing. However, the respondent from S5 did not deny the importance of testing in BCM and seemed interested to perform plan testing in future.

4.3 Training and Awareness

In S2, S3, and S4, where BCM was considered an enterprise-wide process, it was found that these organizations performed regular training and awareness-raising exercises in order to underpin a continuity culture across the organization. The respondent from S4 reported:

When we decided to develop a BCM program, we wanted it to be inclusive, communicable, and part of daily routines… training helped us to achieve this goal. (S4)

In S2, S3, and S4, it was found that selected people from various business areas were responsible for raising the awareness of BCM and for continuity training. In S2, S3, and S4, training and awareness programs were carried out two to three times per year on average. In addition to the scheduled training and awareness programs, the respondents from S3 and S4 reported that extra training and awareness programs were offered on special occasions, especially when new people are being hired and when new procedures are created.

Nevertheless, training and awareness raising programs worked but with varying levels of success. It was noticed that the greatest success had been achieved by those organizations with formal BC teams and in which BC teams had their own budgets for training and awareness programs, such as S3 and S4.

On the other hand, it was found that the situation in S1 and S5 was different, with no formal and regular training and awareness programs offered. Some of the reasons which were reported for not offering training and awareness programs included: the extra cost for such programs; the unavailability of qualified trainers; not necessary at the moment; and being busy with other urgent business issues.

4.4 Maintenance and Updating

Despite the importance of the maintenance and updating of the BC plan, the findings of the interviews revealed that only S4 maintained and updated its BC plan regularly. The respondent from S4 showed a considerable level of understanding of the significance of these activities, as well as the difference between the two. The respondent also reported that the BC plan was maintained and updated twice a year on average. The respondent from S4 stated:

We recognize the importance of maintenance and updating in the BCM process despite the fact that maintenance and updating activities are often complicated and time consuming. (S4)

However, unlike testing and training activities that seemed to be controlled by a set of procedures and techniques, the respondent from S4 argued that maintenance and updating of the continuity plan was performed on the basis of the recommendations obtained from the BC team. By contrast, no evidence of formal and regular maintenance and updating was found within the other organizations. Some of the main reasons include: a lack of understanding of these activities and their significance; the belief that maintenance and updating activities are time consuming and complicated; and the belief that maintenance and updating were already performed as part of the testing procedures, as the respondent from S2 reported. Table 2 summarizes the findings relating to testing, training and awareness, and maintenance and updating of the business continuity plans within the surveyed organizations.

Table 2 Ability to recover and continuity plan maturity

4.5 Overview to the Disaster Recovery Plans

In S1 and S5, there was a primary focus on the recovery aspect only. These two organizations have only developed disaster recovery plans that according to their claims represent their entire BCM programs. However, when asked about the details and components of these recovery plans (that is documentation), it was noticed clearly that these plans were based on unstructured and random recovery procedures and/or action plans rather than focusing on the establishment of a sound recovery capacity that entails resilience and ability to bounce back after an incident and return to normal. This was different than the situation in S2, S3, and S4, which showed more structured and organized layouts for their disaster recovery plans, especially those plans prepared for counteracting disaster risks. When asked about the details and components of their recovery plans, S2, S3, and S4 reported that the plans were designed in a way that provides recovery solutions, actions, and strategies for supporting every single element of their organizations facing potential disaster risks including employees, infrastructure, systems, customers, business units, and communications.

5 Discussion

This article investigates the extent to which Jordanian service organizations seek to establish continuity culture through testing, training, and updating of their business continuity plans. Five levels of recovery were identified (Strohl Systems 2007), corresponding to the ability to recover versus BC plan maturity model (Fig. 1). The characteristics of each of the surveyed organizations are presented in Table 2. The ability of an organization to recover is determined by BC plan existence, documentation, testing, training and awareness, and maintenance and updating. The higher the level is the greater is the ability to recover.

Table 2 shows that the surveyed organizations varied in terms of performing regular testing, training and awareness, and maintenance and updating of plans, which subsequently had potential influence on their ability to recover following major disruptions. The table shows that the organization that had the highest ability to recover was S4 (level 5) followed by S2 and S3 (level 4), S1 (level 3), and S5 (level 2). This shows that three out of five organizations had relatively high levels of recovery capability. However, only S4 performed maintenance and updating activities.

This suggests that there is a lack of understanding of the importance of the maintenance and updating of the BC plans within the surveyed organizations. This finding reveals a major weakness in the approach to BCM within the surveyed organizations.

In S2, S3, and S4, which were the three organizations that are most likely to exhibit resilience characteristics and best practice in terms of BCM, responsibility for BCM was shared amongst various business areas and BCM was an enterprise-wide process. This supports Elliott et al.’s (2010) definition of resilience the ability of an organization to absorb shock and external pressures and restore prior order. The more resilient an organization is the more it can recover effectively and return to normal.

Respondents from S2, S3, and S4 seemed to understand that BCM is not just technical in nature. They appreciated that benefits can accrue by embedding BCM in the culture of the organization through the regular testing, training and awareness, and maintenance and updating of plans, such as, but not limited to, maintaining and protecting customers; reducing risk; ensuring long term survival of the organization; and understanding the business environment. With a high-level of uncertainty and risk in the business environment across the Middle East, these can be crucial in allowing organizations to take advantage of new opportunities, while maintaining customers, corporate reputation, and securing stakeholders’ interests. Yet, there might be some service organizations in Jordan, similar to S1 and S5 that do not invest adequately in testing, training and awareness, and maintenance and updating activities. They need to devote more time and organizational resources to ensure that such activities will be performed regularly and effectively. This might not be alarming though. Nevertheless it was clear from the research findings that three of the surveyed organizations have made substantial achievements in the field of BCM.

Three out of the five organizations surveyed showed a high level of commitment to embedding BCM in their cultures. Subsequently, this had a positive influence on their cultures and ability to recover, which could prove to be a constructive step towards building resilient organizations. This also means that those organizations will not have to wait until major disasters and crises happen, with a major impact on stakeholders before they start to change the way they cope with such events. This organizational culture reduces the build-up of crises and helps to reduce cultural rigidity which, in many cases, causes failure. It also helps to make use of weak signals that often precede potential disasters and crises.

6 Conclusion

Much of the focus in the literature of BCM to date has emphasized the significance of BCM as a structured process while paying less attention to the relationship between BCM and organizational culture and the ways to create and incorporate a continuity culture. Three out of five organizations S2, S3, and S4 could be considered crises prepared and have better chance for recovery. The other two organizations exhibited characteristics of standard practice organizations that focus primarily on the reactive aspect of BCM that intrinsically overlooks aspects of awareness and integrity.

The contribution made by this research is that it provides insight to the practices required to establish a continuity culture and how these practices are implemented/partially implemented in the Jordanian context within a group of organizations known to be vulnerable to a wide range of business and disaster risks. Issues of testing, training, and maintenance and updating of the BC plans were investigated in this research. The findings reveal some significant facts regarding the willingness of some Jordanian executives to left up the practice of BCM to new and culturally driven level that underpins issues of organizational resilience. It was also found that S2, S3, and especially S4 show sincere dedication not just to have business continuity plans but also to test, train, and maintain and update these plans and to develop enterprise-wide BCM programs.