IT disaster recovery, cloud computing and information security news

A Masters thesis by N.P. Xavier from the Utrecht University Faculty of Science looks at the requirement for maintaining the continuity and availability of SaaS applications and proposes a certification framework.


Within the inter-dependent hierarchical structure of the cloud, its foundation, data centers, store data from Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) providers who offer their services as computing utilities. The SaaS business model offers SaaS customers with software solutions along with the required computing infrastructure, all within a quick and easy to install, and supposedly cheap package.

Small and medium SaaS customers are typically not aware or do not have the resources to assess the risks involved when entering into a potential vendor lock-in situation with a SaaS provider. The unseen risks become evident when a SaaS provider's services stop as a result of a disruption event (natural or man-made), or bankruptcy.

Only when a SaaS customer is unable to access their data and services are continuity options for their SaaS services queried. Loss of business-critical data and services can mark the beginning of the end for these businesses. As such, it is beneficial to all parties within the SaaS ecosystem to raise awareness of continuity risks by certifying SaaS providers through an assessment of the risk level associated with their system's continuity controls. Successfully doing so can improve SaaS customers' trust in the services they consume, and improve the overall health of the ecosystem.

To achieve this, a research approach consisting of a multivocal literature review (MLR), expert evaluations, and case studies is applied to create and evaluate a SaaS continuity control framework; and two case studies to create and evaluate a SaaS continuity control framework [are provided]. This framework assesses eight domains within a SaaS system using 125 questions to extract insights used to award a risk assurance certification mark. The promising evaluation of this framework demonstrates the ability of the applied scientific methodology, methods, techniques, and tools in the creation of a security control certification framework.

The SaaS continuity control framework can be downloaded from, allowing practitioners to benefit from its useful insights. 

Read ‘Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework’ (PDF).

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.