Information Governance Checklist and Privacy Impact Assessments
Authorship:
<Your name> – Information Governance Manager
Committee Approved:
Quality and Clinical Governance Committee
Approved date:
Review Date:
Target Audience:
All Staff
Policy Reference No:
Today’s date-sequence number i.e. 2019-07-08-00
Version Number:
0.1
Business Critical data
Yes
Business Critical System
Yes
10
Contents
Introduction 4
Responsibilities 4
Information Governance Checklist 4
Privacy Impact Assessment 5
ANNEX A - INFORMATION GOVERNANCE CHECKLIST 6
ANNEX B - Privacy Impact Assessment Proforma 7
Section A: New/Change of System/Project General Details 8
Section B Privacy Impact Assessment Key Questions 10
Evaluation 15
Appendix – Glossary of Terms 18
STANDARD AMENDMENTS
Amendments to the Standard will be issued from time to time. A new amendment history will be issued with each change.
New Version
Number
Issued by
Nature of Amendment
Approved by &
Date
Date on Intranet
0.1
<your name>
First draft for comments
NR
Introduction
The CCG needs to ensure that it remains compliant with legislation and NHS requirements such as the Information Governance Toolkit with its use of Personal Confidential Information. The Information Governance Checklist and Privacy Impact Assessments (PIA) have been developed to provide an assessment when new services are started or new information processing systems are introduced.
Responsibilities
Policy review and maintenance
Information Governance, Security & Compliance Manager
Approval
CSU Executive Management Team
Adoption
All manager, staff and contractors
Responsibility for ensuring that Information Governance Checklists and Privacy Impact Assessments are completed, where required, resides with all Service Managers and Directorate Heads.
Line Managers are responsible for ensuring that their permanent and temporary staff and contractors are aware of the Information Governance Checklist and Privacy Impact Assessment process.
On a day-to-day basis staff of all levels that are introducing a new system be it electronic or paper based, should use this document to ensure that processing remains compliant with current legislation.
Information Governance Checklist
The Information Governance Checklist provides short initial assessment which should be completed at an early stage of any project or service redesign to identify stakeholders, make an initial assessment of privacy risk and decide if a Privacy Impact Assessment is necessary as not all project or changes to services would require one.
A copy of the IGC form can be found at Appendix A
Privacy Impact Assessment
A PIA is a process which helps assess privacy risks to individuals in the collection, use and disclosure of information. PIAs help identify privacy risks, foresee problems and bring forward solutions. A PIA is necessary to identify and manage risks; to avoid unnecessary costs; to avoid inadequate solutions to privacy risks; to avoid loss of t ...
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 4
• How to perform a data protection impact assessment (DPIA)
• The role of the data protection officer (DPO)
• Transferring personal data outside the EU
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 6
• The role of the data protection officer (DPO).
• What constitutes personal data.
• Accountability, the privacy compliance framework and a personal information management system (PIMS).
ITS 834 Emerging Threats and CountermeasuresTotal points - 100.docxvrickens
ITS 834 Emerging Threats and Countermeasures
Total points - 100
Midterm Research Paper- The paper is due on end of day Monday July 29
Write a research paper on the topic
Cyber warfare and its implications for the United States
Your research paper should be minimally 10 pages (double spaced, Font - Georgia with font size 12). The research paper needs to refer to the following source
· Kostyuk, N., and Zhukov., M., Y. (2019). Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events? Journal of Conflict Resolution, 63(2)., 317-347. (pfd version of paper is uploaded to module 4 in d2l).
· In addition you need to have at least 5 peer reviewed journal/book references
The research needs to minimally discuss the following
· The relevance of cyber warfare for the United States
· What are some examples of possible cyber warfare scenarios where critical infrastructure could be affected
· Emerging technologies that can be used for cyber warfare
· What does Kostyuk and Zhukov (2019) address mainly in their paper? Do you agree with Kostyuk and Zhukov (2019) that cyber-attacks are ineffective as a tool of coercion in war. Ensure to explain why or why not.
· Future implications of cyber warfare for the United States
The bibliography should be included as a separate page and is not part of the 10 page requirement. Student assignments will be run through Safe Assignment. Please ensure to check the safe assignment result prior to submitting.
You will have the chance to submit your assignment up to two times. So please submit earlier than the due date so you can check your safe assign score. If your safe assign score is more than 10 percent, you need to check your paper and make any needed updates and submit again. Text that are copied directly from outside sources without being in quotes is considered plagiarism. Please refer to the University’s academic integrity policy. If there is text in your paper from outside sources that are not referenced and in quotes, you will not receive a grade for the assignment and will be referred to the department.
http://cumberland.smartcatalogiq.com/en/2017-2018/2017-2018-Undergraduate-Catalog/Academic-Affairs/Academic-Integrity-Policy
The university of Cumberland library can be assessed at https://www.ucumberlands.edu/library
The research paper should include the following components.
· Title Page (Not part of the minimum 10 page requirement)
· Abstract (quick overview in your own words of the entire content of your paper, limited to 200-350 words)
· Introduction (1-2 pages, relevance of cyber warfare for the U.S, example, possible scenarios_
· Literature Review (2-4 pages, describes the research papers that you find in reference to the topic of cyber warfare, emerging technologies that can be used, the impact of cyber warfare)
· Discussion (2-3 pages) – (Your perspective on the topic of cyber warfare, implications for the U.S, critical perspectives and/or recommendations)
· Conclusion (1-2 paragra ...
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 7
• Lessons to be learned from common data security failures.
• The six data protection principles – how to apply them and demonstrate compliance.
A case study on how to run Privacy compliance obligations in an organisation in economically depressing times. The studey includes various tools that can be deployed to counter resource reduction.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 4
• How to perform a data protection impact assessment (DPIA)
• The role of the data protection officer (DPO)
• Transferring personal data outside the EU
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 6
• The role of the data protection officer (DPO).
• What constitutes personal data.
• Accountability, the privacy compliance framework and a personal information management system (PIMS).
ITS 834 Emerging Threats and CountermeasuresTotal points - 100.docxvrickens
ITS 834 Emerging Threats and Countermeasures
Total points - 100
Midterm Research Paper- The paper is due on end of day Monday July 29
Write a research paper on the topic
Cyber warfare and its implications for the United States
Your research paper should be minimally 10 pages (double spaced, Font - Georgia with font size 12). The research paper needs to refer to the following source
· Kostyuk, N., and Zhukov., M., Y. (2019). Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events? Journal of Conflict Resolution, 63(2)., 317-347. (pfd version of paper is uploaded to module 4 in d2l).
· In addition you need to have at least 5 peer reviewed journal/book references
The research needs to minimally discuss the following
· The relevance of cyber warfare for the United States
· What are some examples of possible cyber warfare scenarios where critical infrastructure could be affected
· Emerging technologies that can be used for cyber warfare
· What does Kostyuk and Zhukov (2019) address mainly in their paper? Do you agree with Kostyuk and Zhukov (2019) that cyber-attacks are ineffective as a tool of coercion in war. Ensure to explain why or why not.
· Future implications of cyber warfare for the United States
The bibliography should be included as a separate page and is not part of the 10 page requirement. Student assignments will be run through Safe Assignment. Please ensure to check the safe assignment result prior to submitting.
You will have the chance to submit your assignment up to two times. So please submit earlier than the due date so you can check your safe assign score. If your safe assign score is more than 10 percent, you need to check your paper and make any needed updates and submit again. Text that are copied directly from outside sources without being in quotes is considered plagiarism. Please refer to the University’s academic integrity policy. If there is text in your paper from outside sources that are not referenced and in quotes, you will not receive a grade for the assignment and will be referred to the department.
http://cumberland.smartcatalogiq.com/en/2017-2018/2017-2018-Undergraduate-Catalog/Academic-Affairs/Academic-Integrity-Policy
The university of Cumberland library can be assessed at https://www.ucumberlands.edu/library
The research paper should include the following components.
· Title Page (Not part of the minimum 10 page requirement)
· Abstract (quick overview in your own words of the entire content of your paper, limited to 200-350 words)
· Introduction (1-2 pages, relevance of cyber warfare for the U.S, example, possible scenarios_
· Literature Review (2-4 pages, describes the research papers that you find in reference to the topic of cyber warfare, emerging technologies that can be used, the impact of cyber warfare)
· Discussion (2-3 pages) – (Your perspective on the topic of cyber warfare, implications for the U.S, critical perspectives and/or recommendations)
· Conclusion (1-2 paragra ...
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 7
• Lessons to be learned from common data security failures.
• The six data protection principles – how to apply them and demonstrate compliance.
A case study on how to run Privacy compliance obligations in an organisation in economically depressing times. The studey includes various tools that can be deployed to counter resource reduction.
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
Since Omnibus started in 2013 Business Associates (BA) have scrambled to understand and adhere to the Federal Regulation. Though Omnibus alone was a reason for Business Associates to become compliant many realized that compliance could help differentiate their offerings. Helping the company retain and acquire new clients. Compliance is helping many BA’s open new revenue streams while increasing brand stickiness.
With the plethora of non-compliant Business Associates, Covered Entities are realizing that the best option for them is to choose a BA that is compliant to reduce their risk.
Presentation on key legal issues regarding use and developments of BOTs, AI - GDPR, Data Protection. Case study BRISbot. Presentation delivered at Epicenter 30 of May 2017 in partnership with BRIS and Microsoft.
What is a data protection impact assessment? what are the essential stages to...Infinity Legal Solutions
The General Data Protection Regulation (GDPR) explicitly states that any data processing activity that poses a high risk to the data subject’s rights and freedoms must undergo a Data Protection Impact Assessment in Netherland. It is one of the most important and particular processes prescribed by the Regulation for determining the risk of sensitive data exposure. The Assessment determines the level of risk associated with data processing operations that may have an impact on data subjects. Visit the blog for further details: https://infinitylegalsolutions.com/blog/
2010 06 gartner avoiding audit fatigue in nine steps 1dGene Kim
Avoiding Audit Fatigue: Achieving Compliance In A Multi-compliance World In Nine Steps
Gartner Security/Risk Management Conference
July 2010
It's common for information security managers to be held responsible for failed audits where they had little control or influence in the rest of the organization. This presentation provides nine steps that information security managers can use to break the compliance blame cycle and build an information security program that more effectively mitigates security risk. By successfully executing these steps, the information security manager will no longer continually react to and
manage the audit preparation crisis du jour. Instead, the information security manager will institute and rely upon regular, defined activities to complete the heavy lifting of preparing for a successful audit long before the audit occurs.
This session also describes how IT security managers can achieve alignment among all stakeholders so that information security and compliance activities become integrated into daily business operations.
Completing the nine steps in this presentation requires business stakeholders, IT management, and information security management to all mutually support the same goal. This session describes how to gain this alignment and defines the various compliance roles so that information
security and compliance activities become integrated into daily
Using Modelling and Simulation for Policy Decision Support in Identity Manage...gueste4e93e3
The process of making IT (security) policy decisions, within organizations, is complex: it involves reaching consensus between a set of stakeholders (key decision makers, e.g. CISOs/CIOs, domain experts, etc.) who might have different views, opinions and biased perceptions of how policies need to be shaped. This involves multiple negotiations and interactions between stakeholders. This suggests two roles for policy decision support tools and methods: firstly to help an individual stakeholder test and refine their understanding of the situation and, secondly, to support the formation of consensus by helping stakeholders to share their assumptions and conclusions. We argue that an approach based on modeling and simulation can help with both these aspects, moreover we show that it is possible to integrate the assumptions made so that they can be directly contrasted and discussed. We consider, as a significant example, an Identity and Access Management (IAM) scenario: we focus on the provisioning process of user accounts on enterprise applications and services, a key IAM feature that has an impact on security, compliance and business outcomes. Whilst security and compliance experts might worry that ineffective policies for provisioning could fuel security and legal threats, business experts might be against policies that dictate overly strong or bureaucratic processes as they could have a negative impact on productivity. We explore the associated policy decision making process from these different perspectives and show how our systems modeling approach can provide consistent or comparable data, explanations, “what-if” predictions and analysis at different levels of abstractions. We discuss the implications that this has on the actual IT (security) policy decision making process.
A Data Protection Impact Assessment is the controller’s obligation, according to the GDPR, where the controller refers to the entity that decides on the means and objectives of data processing. A bank, for example, that outsources data processing to a third-party must follow the GDPR and meet DPIA obligations as needed.
Use of the COBIT Security Baseline as a framework for an information
security program at a large state agency. Presented at the 2005 MN Govt IT
Symposium.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
This presentation highlights the major principles and rights enshrined in the General Data Protection Regulations (GDPR) as well as 10 steps organisations (whether large or small) can take to ensure compliance.
As many audit departments are moving toward agile auditing, they struggle finding an effective technique for planning that goes beyond the traditional risk assessment. We recommend using exploratory data analytics to focus the agile plan and address those risks with the greatest exposure.
After this session, participants will be able to:
- Use data analytics for exploratory testing to validate a draft plan that incorporates emerging risks
- Dispel the Top 5 Analytics Myths
- Develop an agile risk based plan that aligns with senior management objectives
- Deliver a continuous monitoring plan with tools to your control owners
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
Implementing and Auditing GDPR Series (1 of 10)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 1 of 10
• Bands of penalties and range of awards for breaches
• Lawfulness of processing and consent
• The six data protection principles
make sure to discuss the following•your understanding of t.docxcarliotwaycave
make sure to discuss the following
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
make sure to discuss the following•your understanding of .docxcarliotwaycave
make sure to discuss the following:
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
More Related Content
Similar to Information Governance Checklist and Privacy Impact Ass.docx
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
Since Omnibus started in 2013 Business Associates (BA) have scrambled to understand and adhere to the Federal Regulation. Though Omnibus alone was a reason for Business Associates to become compliant many realized that compliance could help differentiate their offerings. Helping the company retain and acquire new clients. Compliance is helping many BA’s open new revenue streams while increasing brand stickiness.
With the plethora of non-compliant Business Associates, Covered Entities are realizing that the best option for them is to choose a BA that is compliant to reduce their risk.
Presentation on key legal issues regarding use and developments of BOTs, AI - GDPR, Data Protection. Case study BRISbot. Presentation delivered at Epicenter 30 of May 2017 in partnership with BRIS and Microsoft.
What is a data protection impact assessment? what are the essential stages to...Infinity Legal Solutions
The General Data Protection Regulation (GDPR) explicitly states that any data processing activity that poses a high risk to the data subject’s rights and freedoms must undergo a Data Protection Impact Assessment in Netherland. It is one of the most important and particular processes prescribed by the Regulation for determining the risk of sensitive data exposure. The Assessment determines the level of risk associated with data processing operations that may have an impact on data subjects. Visit the blog for further details: https://infinitylegalsolutions.com/blog/
2010 06 gartner avoiding audit fatigue in nine steps 1dGene Kim
Avoiding Audit Fatigue: Achieving Compliance In A Multi-compliance World In Nine Steps
Gartner Security/Risk Management Conference
July 2010
It's common for information security managers to be held responsible for failed audits where they had little control or influence in the rest of the organization. This presentation provides nine steps that information security managers can use to break the compliance blame cycle and build an information security program that more effectively mitigates security risk. By successfully executing these steps, the information security manager will no longer continually react to and
manage the audit preparation crisis du jour. Instead, the information security manager will institute and rely upon regular, defined activities to complete the heavy lifting of preparing for a successful audit long before the audit occurs.
This session also describes how IT security managers can achieve alignment among all stakeholders so that information security and compliance activities become integrated into daily business operations.
Completing the nine steps in this presentation requires business stakeholders, IT management, and information security management to all mutually support the same goal. This session describes how to gain this alignment and defines the various compliance roles so that information
security and compliance activities become integrated into daily
Using Modelling and Simulation for Policy Decision Support in Identity Manage...gueste4e93e3
The process of making IT (security) policy decisions, within organizations, is complex: it involves reaching consensus between a set of stakeholders (key decision makers, e.g. CISOs/CIOs, domain experts, etc.) who might have different views, opinions and biased perceptions of how policies need to be shaped. This involves multiple negotiations and interactions between stakeholders. This suggests two roles for policy decision support tools and methods: firstly to help an individual stakeholder test and refine their understanding of the situation and, secondly, to support the formation of consensus by helping stakeholders to share their assumptions and conclusions. We argue that an approach based on modeling and simulation can help with both these aspects, moreover we show that it is possible to integrate the assumptions made so that they can be directly contrasted and discussed. We consider, as a significant example, an Identity and Access Management (IAM) scenario: we focus on the provisioning process of user accounts on enterprise applications and services, a key IAM feature that has an impact on security, compliance and business outcomes. Whilst security and compliance experts might worry that ineffective policies for provisioning could fuel security and legal threats, business experts might be against policies that dictate overly strong or bureaucratic processes as they could have a negative impact on productivity. We explore the associated policy decision making process from these different perspectives and show how our systems modeling approach can provide consistent or comparable data, explanations, “what-if” predictions and analysis at different levels of abstractions. We discuss the implications that this has on the actual IT (security) policy decision making process.
A Data Protection Impact Assessment is the controller’s obligation, according to the GDPR, where the controller refers to the entity that decides on the means and objectives of data processing. A bank, for example, that outsources data processing to a third-party must follow the GDPR and meet DPIA obligations as needed.
Use of the COBIT Security Baseline as a framework for an information
security program at a large state agency. Presented at the 2005 MN Govt IT
Symposium.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 3
• Data protection by design
• Securing personal data
• Reporting data breaches
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
This presentation highlights the major principles and rights enshrined in the General Data Protection Regulations (GDPR) as well as 10 steps organisations (whether large or small) can take to ensure compliance.
As many audit departments are moving toward agile auditing, they struggle finding an effective technique for planning that goes beyond the traditional risk assessment. We recommend using exploratory data analytics to focus the agile plan and address those risks with the greatest exposure.
After this session, participants will be able to:
- Use data analytics for exploratory testing to validate a draft plan that incorporates emerging risks
- Dispel the Top 5 Analytics Myths
- Develop an agile risk based plan that aligns with senior management objectives
- Deliver a continuous monitoring plan with tools to your control owners
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
Implementing and Auditing GDPR Series (1 of 10)
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 1 of 10
• Bands of penalties and range of awards for breaches
• Lawfulness of processing and consent
• The six data protection principles
make sure to discuss the following•your understanding of t.docxcarliotwaycave
make sure to discuss the following
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
make sure to discuss the following•your understanding of .docxcarliotwaycave
make sure to discuss the following:
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
make sure to discuss the following•your understanding o.docxcarliotwaycave
make sure to discuss the following:
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
Major DiseasesCHAPTER 10Chapter 10Maj.docxcarliotwaycave
Major Diseases
CHAPTER 10
*
Chapter 10
Major Diseases
Learning Outcomes:Identify agents and vectors involved in the spread of infectious diseasesDescribe the process of infection, and the role of the body’s immune systemDiscuss prevention and treatments for colds and influenzaName and describe common infectious diseasesEvaluate your personal infectious disease risk factors, and strategies to decrease risk
Infectious Diseases
Infection is triggered by a pathogen (disease-causing organism) that is transmitted to the host (person or population) by a vector (biological or physical vehicle)
Types of microbes that can cause infection are:
Viruses Fungi
Bacteria Protozoa
Helminths (Parasitic Worms)
Agents of Infection: VirusesThe most common viruses are as follows:Rhinoviruses and Adenoviruses: which get into the mucous membranes and cause upper respiratory tract infections and coldsInfluenza viruses: can change their outer protein coats so dramatically that individuals resistant to one strain cannot fight off a new oneHerpes viruses: take up permanent residence in the cells and periodically flare upPapillomaviruses: may be responsible for a rise in the incidence of cervical cancer among younger womenHepatitis viruses: cause several forms of liver infection, ranging from mild to life threateningSlow viruses: give no early indication of their presence but can produce fatal illnesses within a few years
Agents of Infection: Viruses cont’dRetroviruses: named for their backward (retro) sequence of genetic replication compared to other viruses. One retrovirus, human immunodeficiency virus (HIV), causes acquired immune deficiency syndrome (AIDS)
Filoviruses: resemble threads and extremely lethal
Coronavirus 2019-COVID-19CDC is responding to a pandemic of respiratory disease spreading from person-to-person caused by a novel (new) coronavirus. The disease has been named “coronavirus disease 2019” (abbreviated “COVID-19”)
COVID-19 is caused by a coronavirus. Coronaviruses are a large family of viruses that are common in people and many different species of animals, including camels, cattle, cats, and bats. Reported illnesses have ranged from very mild (including some with no reported symptoms) to severe, including illness resulting in death. Older people and people of all ages with severe chronic medical conditions — like heart disease, lung disease and diabetes, for example — seem to be at higher risk of developing serious COVID-19 illness
Agents of InfectionBacteria: are the most plentiful microorganisms as well as the most pathogenic. Bacteria harm the body by releasing either enzymes that digest body cells or toxins that produce the specific effects of diseases such as diphtheria or toxic shock syndromeFungi: consist of threadlike fibers and reproductive spores. Fungi lack chlorophyll and must obtain their food from organic material, which may include human tissueProtozoa: single-celled, microscopic animals release enzymes.
Main questions of the essay1. What are types of daily-lived situat.docxcarliotwaycave
Main questions of the essay
1. What are types of daily-lived situations that confront undocumented youth sense of identity and belonging?
2. What types of psychological trauma impacts gow undocumented youth negotiate their daily lived situations?
3. How do undocumented youth respond to their daily psychological trauma that they experienced?
Use some examples to describe those experiences happened to those undocument youth, it can be made up.
In the Conclusion, provide some solution. Picture yourself as a policy maker.
.
Make a simple plan to observe and evaluate a facility in your school.docxcarliotwaycave
Make a simple plan to observe and evaluate a facility in your school or surrounding community , and recomond somethings in order to improve it ( write an essay about this article )
#Requirements
200 words
MLA style
should have basic words
Should have an introduction,two bodies,and conclusion.
.
Major Approaches to Clinical Psychology PresentationSelect one.docxcarliotwaycave
Major Approaches to Clinical Psychology Presentation
Select
one of the following psychological diagnoses:
·
Depressive disorder
·
Generalized anxiety disorder
·
Attention deficit hyperactivity disorder
·
Obsessive-compulsive disorder
Create
a 9-12 slide Microsoft
®
PowerPoint
®
presentation, with Speaker Notes;
You have been asked to provide a presentation regarding psychological issues for a local community organization. Your audience is made up of adults within the community who are
not
mental health professionals, and who are interested in learning more about a specific mental health issue.
Provide
a brief explanation of the mental health issue chosen, including primary symptoms, diagnostic criteria, populations most affected, and prevalence within the U.S.
Discuss
each of the major theories in Psychology: psychodynamic, cognitive-behavioral, humanistic, and family systems approaches.
Compare and contrast
the major approaches in relation to your selected psychological issue.
Include the following:
When, how, and why each approach developed, and identify psychologists most associated with the approach.
Terms and concepts associated with the psychological approach.
The techniques and strategies used by each approach, and the goals of treatment.
The effectiveness of each approach towardtreating yourselected diagnosis, based on treatment outcome research.
Incorporate
information from at least five peer-reviewed, professional publications.
Cite
each source you have relied upon throughout the body of your presentation, and list them on a separate slide titled
References
. Use direct quotes only sparingly.
Format
your paper consistent with APA guidelines.
Submit
a signed Certificate of Originality document.
.
Make a powerpoint presentation. At least 4 to 6 pages. Your pape.docxcarliotwaycave
Make a powerpoint presentation. At least 4 to 6 pages.
Your paper should include a cover page (setting forth the title of the paper, your name, the course number, and the date), and a bibliography.
Your paper should include an introductory paragraph, a comprehensive but concise analysis of the topic, and a conclusion paragraph.
.
Make a 150 word response to the following. Incorporarte what was sai.docxcarliotwaycave
Make a 150 word response to the following. Incorporarte what was said in 1.In your response. Discuss some of the qualities that can make art "great." Use texbook: Getlein, Mark. Living with Art, 9th Ed., New York: McGraw-Hill, 2010. Chapters 1-5
1. Although beauty is in the eye of the beholder, certain criteria should be looked at or met to consider something art. The same applies to calling someone an artist. Getlein first discusses that artists create places that fulfill a purpose for humans. Examples of this include Stonehenge and the Vietnam Memorial. Artists also exaggerate or give new perspective on ordinary objects to make them seem extraordinary. Another thing artists accomplish is using their art to record history. Their art could remind people of a different time or era in human history. For example, a painting for an ancient Chinese dynasty gives us insight into that era. Artists give form to things that cannot be seen or understood. This mostly includes statues, paintings, etc. of various deities. This same idea can also be applied when artists give form to feelings or ideas. This is shown in Van Gogh's famous painting called The Starry Night. Lastly, artists can give us a new or refreshing perspective on the world.
An artist or their art must meet one of these criteria to be considered art. These six criteria show how influential and important art has been to human culture and society for a very long time. Art gives us glimpses into times that are long gone and clues to a different culture.
Make a 150 word response to the following. Incorporate what is said in 2. In your response. What factors make a work of art valuable in different ways to different people? Use texbook: Getlein, Mark. Living with Art, 9th Ed., New York: McGraw-Hill, 2010. Chapters 1-5
2. Unity is when pieces come together in art to form a cohesive whole. Variety is the difference in these pieces to be more interesting. An example of these concepts is figure 3.8 on page 56. Guernica by Pablo Picasso is a painting of disfigured animals and people that seem chaotic. Different images can be seen throughout the painting. Unity is shown because all the individual objects and people come together to give you a large picture. Variety is also shown because many of the animals like the horse are disfigured and almost cartoonish. I chose this work because looking at the individual pieces of the picture seem strange but they come together to show some kind of conflict.
Symmetrical balance is when the center of gravity in a piece of art is vertical. The two sides of the art must also correspond to each other. An example of this is figure 3.1 on page 51. A picture of interior upper chapel of the Sainte-Chappelle in Paris is shown. This artwork in the chapel shows symmetrical balance because there is an implied line down the middle of the design where a door is and both sides mirror each other perfectly. Asymmetrical balance is when two sides of the art do not correspond w.
Major dams and bridges were built by the WPA during the New Deal o.docxcarliotwaycave
Major dams and bridges were built by the WPA during the "New Deal" of President Franklin Roosevelt in the 1930s and 1940s and have withstood decades. The American Interstate Highway system came into being during the Eisenhower presidential years over 60 years ago. Sewers were built several generations ago. In more exact terms, the United States' infrastructure system is old and beginning to rapidly deteriorate. How do you feel about the aging of United States' infrastructure? Explain.
How would you recommend a strategy to repair or replace the various aging critical infrastructure? Explain.
What major challenges or barriers exist? Explain.
How do you think they could be overcome?
What types of technologies can be used in determining weaknesses in the integrity of infrastructure construction? Explain.
In your opinion, are these technologies effective? Why or why not?
How often do you think critical components should be inspected for weaknesses and vulnerabilities? Explain your rationale.
In your own words, please post a response to the Discussion Board and comment on at least two other postings. You will be graded on the quality of your postings.
For assistance with your assignment, please use your text, Web resources, and all course materials.
Unit Materials
.
Major Paper #1--The Point of View EssayWe will be working on this .docxcarliotwaycave
Major Paper #1--The Point of View Essay
We will be working on this paper for the next three units. The final draft of the paper--with all three sections described below--will be due at the end of Unit #4.
Purpose:
This paper assignment has several purposes. As the first major paper for this class, the Point of View Essay is designed to re-engage you with the fundamentals of all good writing, including using lush sensory details to show the reader a particular place (rather than tell them about it), basic organization, clear focus, etc. However, this unit does not function as a mere review. The Point of View Essay will also introduce you to the concept of "thinking and seeing rhetorically, and analyzing writing rhetorically"--using the Writer's Toolbox described in this unit to improve your writing and critical reading skills. Finally, the Point of View Essay allows you to reflect on this process.
The Assignment:
1. Pleasant/Unpleasant Description of the Place:
Choose a place you can observe for an extended period of time (at least 20-30 minutes). Use all of your senses (sight, hearing, touch, smell, even taste if possible) to experience the place, and record all of the sensations that you experience. As you record your data, you may wish to note which details naturally seem more positive, negative, or neutral, in terms of tone. (For instance, a stinky and overflowing trash barrel swarming with flies in a nearby alley might seem more inherently negative than a little white bunny rabbit hopping playfully across the lawn.) Then, you will use this information to help your write two descriptions of the place: one positive, one negative (at least 1-2 well-developed paragraphs or a minimum of 125-150 words each). Both descriptions should be factually true (same real time and real place), but you will want one description to be clearly positive in terms of tone and the other to be clearly negative. In addition to including the information and sensory details you've collected as the basis for these descriptions, you will also use the Writer's Toolbox to create your two contrasting impressions for this assignment. (The Writer's Toolbox is explained in the Lecture Notes section of this unit.) As you revise and refine your descriptions, please be sure you are "showing" your readers your place (really putting the readers "there" in the moment and in this scene), rather than simply "telling" them about it. You will also want to try to eliminate unnecessary linking verbs as much as you can, incorporating verbs that show "action" whenever possible.
2. Rhetorical Analysis:
Looking back at your descriptions, analyze how you created these two very different impressions of the place (one positive, one negative) without changing any of the facts. How did you make your place seem so positive in one paragraph and yet so negative in the other paragraph, without changing the facts? Discuss how you incorporated each of the tools from the Writer's T.
Major Essay for Final needs to be 5 pages long on the topic below an.docxcarliotwaycave
Major Essay for Final needs to be 5 pages long on the topic below and in Mla format with wroks citied AFTER he five pages due at 12:15 today
Requriements: 5 pages long
secondary sources 2 credible , 2 academic
Mla format (in-text ciations + works cited page)
focused specific paper topic
Identifiable methods of compostion choosen wisely
Topic Propsal:
The Media’s Influences on Society
The topic I chose to write my major essay on is the media’s influences on society.
This includes both positive and negative influences that the media portrays which plays a big part in society. I will explain how and why the media is used for much more than just entertainment purposes for society and how the media affects the choices society makes and its outcomes. The media affects society with these influences because it alters the way people think and it plays a role in the choices the people make. The change in peoples thoughts do to influences from what they see creates an opportunity for them to either make a good or bad choice depending on the type of influence that is shown. I believe that most of time the media portrays negative influences upon society. A positive influence from the media would be a commercial or show/clip about stopping bullying that informs people about the topic and why bullying is wrong and how it affects the lives of the victims. This type of media would influence society in a positive way because it would actually get society thinking about the situation and for the bullies some of them will actually realize the harm they are causing there victims and they would probably stop bullying people. A negative influence of the media would be a song with someone talking about how they murder people and take drugs and make it in a way to make people think it’s “cool” and then people who listen to it start imitating the things talked about in the song because they want to be “cool”. What I hope to accomplish with this essay is to open people eyes and help them see that the things they watch and listen to as in media actually alter the way they think and the choices they make so hopefully they change what they listen to and watch to more positive things.
The reason I chose to write about the media and its influences on society is to inform people that media has a bigger purposes than just entertainment for society and to hopefully help people make better choices and actually pay attention to the things they watch and listen to. I see how the media influence our modern society everywhere, at the basketball courts at the park at stores. Some of the people at the basketball courts I go to start listening to music that talk about drugs, gangs, murder and they start acting tough, being stupid and talking reckless and they get into arguments or even worse end up getting into fights and someone gets hurt I see this all the time. My paper is important because it will help shed light on the media motives and hopefully start making people m.
Major AssignmentObjectivesThis assignment will provide practice .docxcarliotwaycave
Major Assignment
Objectives
This assignment will provide practice and experience in:
·
Writing a program – Topic 2
·
Debugging– Topic 3
·
Stepwise Refinement& Modularisation – Topic 4 and Topic 10
·
Selection – Topic 5
·
Iteration – Topic 6
·
Arrays – Topic 7
·
File handling – Topic 9
·
Structs – Topic 11
NB Depend
i
ng on when you start this assignment you may need to read ahead especially on how to use files andstructs.
Suggestions:
Read the assignment specifications carefully first.Write the first version of your program in Week 4 and then create new versions as you learn new topics. Do NOT leave it until Week 11 to start writing the program. Review Topic 4 on stepwise refinement. This is how you should approach the major. Also note that though your program must do something and must compile it does not have to be complete to earn marks.
Specifications
One of the many tasks that programmers get asked to do is to convert data from one form to another. Frequently data is presented to users in well-labelled, tabular form for easy reading. However, it is impossible or very difficult to do further processing of the data unless it is changed into a more useful form.
For the purposes of this assignment I have downloaded and will make available the undergraduate applications to the 37 Australian universities from the Department of Education for 2009 – 2013 data file as a text file.
Your program will load this data into an array of structs, save the data in a form that is directly usable by a database (see below), display the data on the console in its original form and in its database form. It will also allow the user to display the highest number of applications for a given state and year.
Your program will use a menu to allow the user to choose what task is to be done. You will only be required to handle the Applications data. You can ignore the Offers and Offers rates data (see below).
Data
See “undergraduateapplicationsoffersandacceptances2013appendices.txt” for the original data.
This is the data your program should produce and save:
New South Wales Charles Sturt University 4265 4298 4287 4668 4614
New South Wales Macquarie University 6255 6880 7294 7632 7625
New South Wales Southern Cross University 2432 2742 2573 2666 2442
New South Wales The University of New England 1601 1531 1504 1632 1690
New South Wales The University of New South Wales 10572 10865 11077 11008 11424
New South Wales The University of Newcastle 9364 9651 9876 10300 10571
New South Wales The University of Sydney 13963 14631 14271 14486 15058
New South Wales "University of Technology, Sydney" 10155 9906 9854 10621 9614
New South Wales University of Western Sydney 11251 11.
magine that you are employed by one of the followingT.docxcarliotwaycave
magine
that you are employed by one of the following:
The social services division of a state or city government
A citizen action committee made up of community members
A police or fire department
A school or educational organization (public or private)
Develop
a 1,050- to 1,400-word needs statement and management plan that will be part of a proposal for a fictitious, grant-funded project of your choosing on behalf of your agency or organization. Include the following sections in your submission:
Paragraph One: Describe the characteristics of your fictitious agency or organization.
Paragraph Two: Discuss the possible funding sources you might contact for this grant proposal.
Needs Statement: Establish the specific problem the proposed project will address.
Management Plan: Describe the responsibilities of the project director (you) and any staff you will employ to implement the grant.
Format
your paper in accordance with APA guidelines.
Submit
your assignment.
Resources
Center for Writing Excellence
Reference and Citation Generator
Grammar and Writing Guides
Copyright 2018 by University of Phoenix. All rights reserved.
.
M4D1 Communication TechnologiesIn this module, we have focused .docxcarliotwaycave
M4D1: Communication Technologies
In this module, we have focused on understanding and using new communication technologies to be more competent communicators.
Respond to the following:
What social media strategy would you recommend for your current (or previous) workplace?
What areas do you think your organization can still improve?
How would you explain the importance of social media to your employer?
.
Luthans and Doh (2012) discuss three major techniques for responding.docxcarliotwaycave
Luthans and Doh (2012) discuss three major techniques for responding to political risk. Should an international organization always use all three techniques? Why or why not?
Your response should be at least 150 words in length. All sources used must be referenced; paraphrased and quoted material must have accompanying citations.
www.obm.nsaem.ru/.../International%20Management_
Main
Textbook.pd
.
Lyddie by Katherine Paterson1. If you were Lyddie how would you h.docxcarliotwaycave
Lyddie by Katherine Paterson
1. If you were Lyddie how would you have handled the incident with mr marsen?
2. Explain how Charlie's visit is a turning point in the story
3. How does Paterson show how important it is for a person to have goals in life
4. What are three examples that Lyddie supports her self pity with when she feels she has been too late for everything
5. What do we learn about Diana and how does this new development change Lyddies role in the factory
6. What event occurs in chapter 20 that was foreshadowed earlier? What predictions can you make about Lyddie's future
.
Luthans and Doh (2012) discuss feedback systems. Why is it important.docxcarliotwaycave
Luthans and Doh (2012) discuss feedback systems. Why is it important to consider an effective feedback system as an international manager?
Your response should be at least 150 words in length. All sources used must be referenced; paraphrased and quoted material must have accompanying citations.
www.obm.nsaem.ru/.../International%20Management_
Main
Textbook.pdf
use pages 212-215
.
Luthans and Doh (2012) discuss factors affecting decision-making aut.docxcarliotwaycave
Luthans and Doh (2012) discuss factors affecting decision-making authority. Briefly describe at least three factors that affect decision-making authority.
I attached chapter 11 to the reflection paper assignment so you can use that to answer this question
thank you
Your response should be at least 200 words in length. All sources used must be referenced; paraphrased and quoted material must have accompanying citations.
[removed][removed][removed][removed]
.
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Information Governance Checklist and Privacy Impact Ass.docx
1. Information Governance Checklist and Privacy Impact
Assessments
Authorship:
<Your name> – Information Governance Manager
Committee Approved:
Quality and Clinical Governance Committee
Approved date:
Review Date:
Target Audience:
All Staff
Policy Reference No:
Today’s date-sequence number i.e. 2019-07-08-00
Version Number:
0.1
Business Critical data
Yes
Business Critical System
Yes
10
2. Contents
Introduction 4
Responsibilities 4
Information Governance Checklist 4
Privacy Impact Assessment 5
ANNEX A - INFORMATION GOVERNANCE CHECKLIST 6
ANNEX B - Privacy Impact Assessment Proforma 7
Section A: New/Change of System/Project General Details
8
Section B Privacy Impact Assessment Key Questions 10
Evaluation 15
Appendix – Glossary of Terms 18
STANDARD AMENDMENTS
Amendments to the Standard will be issued from time to time. A
new amendment history will be issued with each change.
New Version
Number
Issued by
Nature of Amendment
Approved by &
Date
Date on Intranet
0.1
<your name>
First draft for comments
NR
3. Introduction
The CCG needs to ensure that it remains compliant with
legislation and NHS requirements such as the Information
Governance Toolkit with its use of Personal Confidential
Information. The Information Governance Checklist and Privacy
Impact Assessments (PIA) have been developed to provide an
assessment when new services are started or new information
processing systems are introduced.
Responsibilities
Policy review and maintenance
Information Governance, Security & Compliance Manager
Approval
CSU Executive Management Team
Adoption
All manager, staff and contractors
Responsibility for ensuring that Information Governance
Checklists and Privacy Impact Assessments are completed,
where required, resides with all Service Managers and
Directorate Heads.
4. Line Managers are responsible for ensuring that their permanent
and temporary staff and contractors are aware of the
Information Governance Checklist and Privacy Impact
Assessment process.
On a day-to-day basis staff of all levels that are introducing a
new system be it electronic or paper based, should use this
document to ensure that processing remains compliant with
current legislation.
Information Governance Checklist
The Information Governance Checklist provides short initial
assessment which should be completed at an early stage of any
project or service redesign to identify stakeholders, make an
initial assessment of privacy risk and decide if a Privacy Impact
Assessment is necessary as not all project or changes to services
would require one.
A copy of the IGC form can be found at Appendix A
Privacy Impact Assessment
A PIA is a process which helps assess privacy risks to
individuals in the collection, use and disclosure of information.
PIAs help identify privacy risks, foresee problems and bring
forward solutions. A PIA is necessary to identify and manage
risks; to avoid unnecessary costs; to avoid inadequate solutions
to privacy risks; to avoid loss of trust and reputation; to inform
the organisation’s communication strategy and to meet or
exceed legal requirements. There is no statutory requirement for
any organisation to complete a PIA, however, central
government departments have been instructed to complete PIAs
by the Cabinet Office. The overall PIA process is operated
under the supervision of the Information Commissioners Office
(ICO) who is responsible for the production of guidance
materials.
Is a PIA required for every project?
Not every project will require a PIA. The ICO envisages PIAs
being used only where a project is of such a wide scope, or will
use personal information of such a nature, that there would be
5. genuine risks to the privacy of the individual. PIAs will usually
be recommended where a change of the law will be required,
new and intrusive technology is being used, or where private or
sensitive information which was originally collected for a
limited purpose is going to be reused in a new and unexpected
way. The IGC will help determine if a PIA is required and if so
which of the two options will be suitable.
Why should I do a PIA?
To identify privacy risks to individuals;
To identify privacy and Data Protection compliance liabilities;
To protect the organisations reputation;
To instil public trust and confidence in your project/product; To
avoid expensive, inadequate “bolt- on” solutions; and
To inform your communications strategy.
Following completion of the IGC it may be decided that a PIA
is going to be required. There are two types of PIA, a small
scale and a full scale. Where it is thought that a PIA is needed
the small scale form, located at Appendix B, will be used and
submitted to the Information Governance Team who can assess
the small scale form completed and advise on whether a full
scale PIA needs to be completed.
When should I start a PIA?
PIAs are most effective when they are started at an early stage
of a project, when:
· the project is being designed;
· you know what you want to do;
· you know how you want to do it; and
· you know who else is involved. But it must be completed
before:
· decisions are set in stone;
· you have procured systems;
· you have signed contracts/ MOUs/agreements; and
· while you can still change your mind!
ANNEX A - Information Governance Checklist
Name of Project or Service Change
6. Lead Project Manager
Does project involve processing of Personal Confidential Data
(PCD)?
If yes how many records will be involved?
What is the purpose of the processing?
Which organisations and customers are involved?
Give an indication of the timescale for the project?
This IGC must be completed by all projects and significant
changes to service at the start or early stage of a project.
Please complete all questions with as much detail as possible
and return the completed from to:<your name>
Information Governance, Security & Compliance Manager
<your email>
ANNEX B - Privacy Impact Assessment Proforma
This document must be completed for any new / or change in
service which plans to utilise personal confidential information.
It must be completed as soon as the new service / or change is
identified by the Project Manager / System Manager or
Information Asset Owner.
This process is a mandated requirement on the Information
Governance Toolkit to ensure that privacy concerns have been
considered and actioned to ensure the security and
confidentiality of the personal identifiable information.
There are 2 types of Privacy Impact Assessments – a small scale
and full scale. This proforma is based on the Small Scale PIA.
Following completion of this proforma, it may be necessary to
conduct a Full Scale PIA. Full details are available in the
Information Commissioner’s handbook:-
7. http://www.ico.org.uk/pia_handbook_html_v2/html/0-
advice.html
Privacy Law compliance checks and Data Protection Act
compliance checks are part of the PIA process – the questions to
assess this are included in the proforma.
Please complete all questions with as much detail as possible
and return the completed from to:<your name>
Information Governance, Security & Compliance Manager
<your email address>
Further guidance on specific items can be found on the
Information Commissioner’s website.
<your email address>
Use scenario to complete the belowSection A: New/Change of
System/Project General Details
Name:
Objective:
Background:
Why is the new system / change in system required? Is there an
approved business case?
Benefits:
Constraints:
Relationships:
(for example, with other Trust’s, organisations)
Quality expectations:
Cross reference to other projects:
9. Email
Information Asset Administrator:
(All systems / assets must have an Information Asset
Administrator (IAA) who reports the IAO as stated above.
IAA’s are normally System Managers / Project Leads)
Name:
Title:
Department:
Telephone:
Email
Deputy Information Asset Administrator:
(It is necessary that there is a deputy in place for when the IAA
is absent from the workplace for whatever reason)
Name:
Title:
10. Department:
Telephone:
Email
Customers and stakeholders:
Section B Privacy Impact Assessment Key Questions
Question
Response
Ref to keyreq. e.g. IGTK, Small scale PIA etc
1. Will the
system/project/process (will now be referred to thereafter as
‘asset’) contain Personal Confidential Data or Sensitive Data?
If answered ‘No’ you do not need to complete any further
information as PIA is not required.
No Patient Staff Other (specify)
2. Please state purpose for the collection of the data:
for example, patient treatment, health administration, research,
audit, staff administration
3. Does the asset involve new privacy–enhancing technologies?
Encryption; 2 factor authentication, pseudonymisation
Yes No
If yes, please give details:
11. SS PIA (1)
4. Please tick the data items that are held in the system
Personal
Sensitive
Name Address
Post Code Date of Birth
GP Consultant
Next of Kin Hospital (District) No.
Sex NHS Number
National Insurance Number
Treatment Dates Sex
Diagnosis Religion
Occupation Ethnic Origin
Medical History Staff data (Pay, Union etc) Other (please
state here):
5. Will the asset collect new personal data items which have not
been collected before?
Yes No
If yes, please give details:
SS PIA (5)
12. 6. What checks have been made regarding the adequacy,
relevance and necessity for the collection of personal and/or
sensitive data for this asset?
SS PIA (2 & 10)
7. Does the asset involve new or changed data collection
policies that may be unclear or intrusive?
Yes No
SS PIA (9)
8. Is the third party contract/supplier of the system registered
with the Information Commissioner? What is their notification
number?
Yes No
Data Protection Act Notification Number:
9. Has the third party supplier completed an Information
Governance Toolkit Return?
Yes No
If yes, please give percentage score:
10. Does the third party/supplier contracts contain all the
necessary Information Governance clauses including
information about Data Protection and Freedom of Information?
Yes No
IG TK 110
11. Does the asset comply with privacy laws such as the Privacy
and Electronic Communications Regulations 2003
(see appendix for definition)
Yes No
Privacy Law Check
13. 12. Who provides the information for the asset?
Patient Staff
Others – Please specify e.g. Interfaces from PAS
13. Are you relying on individuals (patients/staff) to provide
consent for the processing of personal identifiable or sensitive
data?
Yes No
14. If yes, how will that consent be obtained? Please state:
15. How will consent and non consent be recorded?
16. If consent is not the basis for processing which legal
justification is being used?
Court Order Public Interest Other (detail below)
17. Have the individuals been informed of and have given their
consent to all the processing and disclosures?
Yes (explicit) No
Yes (implicit in leaflets, on website)
IGTK
18. How will the information be kept up to date and checked for
accuracy and completeness?
19. Who will have access to the information within the system?
20. Do you intend to send direct marketing messages by
electronic means? This includes both live and pre-recorded
14. telephone calls, fax, email, text message and picture (including
video)?
Yes No
Privacy Check
21. If applicable, are there procedures in place for an
individual’s request to prevent processing for purposes of direct
marketing in place?
Yes No
Privacy Check
22. Is automated decision making used?
If yes, how do you notify the individual?
Yes No
Privacy Check
23. Is there a useable audit trail in place for the asset. For
example, to identify who has accessed a record?
Yes No
IGTK
24. Have you assessed that the processing of
Yes No
personal/sensitive data will not cause any unwarranted damage
or distress to the individuals concerned? What assessment has
been carried out?
25. What procedures are in place for the rectifying/blocking of
data by individual request or court order?
26. Does the asset involve new or changed data access or
15. disclosure arrangements that may be unclear?
Yes No
SS PIA (12)
27. Does the asset involve changing the medium for disclosure
for publicly available information in such a way that data
become more readily accessible than before? (For example,
from paper to electronic via the web?)
Yes No
SS PIA (14)
28. What are the retention periods (what is the minimum
timescale) for this data? (please refer to the Records
Management: NHS Code of Practice)
SS PIA (13)
29. How will the data be destroyed when it is no longer
required?
IGTK
30. Will the information be shared with any other
establishments/ organisations/Trust’s?
Yes No
IGTK, PIA 4
31. Does the asset involve multiple organisations whether
public or private sector?
Include any external organisations. Also include how the data
will be sent/accessed and secured.
Yes No
32. Does the asset involve new linkage of personal data with
data in other collections, or is
Yes No
16. SS PIA (8)
there significant changes in data linkages?
33. Where will the information be kept/stored/accessed?
On paper
On a database saved on a network folder/drive Website
On a dedicated system saved to the network Other – please state
below:
34. Will any information be sent off site
If ‘Yes’ where is this informed being sent
Yes No
IGTK 208 &
308
35. Please state by which method the information will be
transported
Fax Email
Via NHS Mail
Website Via courier
By hand Via post – internal
Via telephone Via post - external Other – please state below:
IGTK 208 &
308
36. Are you transferring any personal and / or sensitive data to a
country outside the European Economic Area (EEA)?
If yes, where?
Yes No
17. IGTK 209
37. What is the data to be transferred to the non EEA country?
IGTK 209
38. Are measures in place to mitigate risks and ensure an
adequate level of security when the data is transferred to this
country?
Yes No
Not applicable
IGTK 209
39. Have you checked that the non EEA country has an adequate
level of protection for data
Yes No
Not applicable
IGTK 209
security?
40. Is there a Security Management Policy and Access Policy in
place? Please state policy titles.
Yes No
SS PIA (11)
41. Has an information risk assessment been carried out and
reported to the Information Asset Owner (IAO)?
Where any risks highlighted – please provide details and how
these will be mitigated?
Was process approved by SIRO?
Yes No
18. Risk Ass
42. Is there a contingency plan / backup policy, or business
continuity plan in place to manage the effect of an unforeseen
event? Please provide a copy.
Yes No
Risk Ass
43. Are there procedures in place to recover data (both
electronic
/paper) which may be damaged through:
Human error Computer virus
Network failure Theft
Fire Flood
Other disaster
Please provide policy titles.
Yes No
Risk Ass
Evaluation
44. Is the PIA approved?
If not, please state the reasons why and the action plan put in
Yes No
place to ensure the PIA can be approved
Form completed by:
Name:
Title:
19. Signature:
Date:
Information Governance Group Approval
Name:
Title:
Signature:
Date:
Appendix – Glossary of Terms
Item
Definition
Personal Data
This means data which relates to a living individual which can
be identified:
A) from those data, or
B) from those data and any other information which is in the
possession of, or is likely to come into the possession of, the
data controller.
It also includes any expression of opinion about the individual
and any indication of the intentions of the data controller or any
other person in respect of the individual
Sensitive Data
This means personal data consisting of information as to the:
A) racial or ethnic group of the individual
B) the political opinions of the individual
C) the religious beliefs or other beliefs of a similar nature of the
individual
D) whether the individual is a member of a trade union
20. E) physical or mental health of the individual
F) sexual life of the individual
G) the commission or alleged commission by the individual of
any offence
H) any proceedings for any offence committed or alleged to
have been committed by the individual, the disposal of such
proceedings or the sentence of any court in such proceedings
Direct Marketing
This is “junk mail” which is directed to particular individuals.
The mail which are addressed to “the occupier” is not directed
to an individual and is therefore not direct marketing.
Direct marketing also includes all other means by which an
individual may be contacted directly such as emails and text
messages which you have asked to be sent to you.
Direct marketing does not just refer to selling products or
services to individuals, it also includes promoting particular
views or campaigns such as those of a political party or charity.
Automated Decision Making
Automated decisions only arise if 2 requirements are met. First,
the decision has to be taken using personal information solely
by automatic means. For example, if an individual applies for a
personal loan online, the website uses algorithms and auto
credit searching to provide an immediate yes / no decision. The
second requirement is that the decision has to have a significant
effect on the individual concerned.
European Economic Area (EEA)
The European Economic Area comprises of the EU member
states plus Iceland, Liechtenstein and Norway
Information Assets
Information assets are records, information of any kind, data of
any kind and any format which we use to support our roles and
responsibilities. Examples of Information Assets are databases,
systems, manual and electronic records, archived data, libraries,
operations and support procedures, manual and training
materials, contracts and agreements, business continuity plans,
21. software and hardware.
SIRO (Senior Information Risk Owner)
This person is an executive who takes ownership of the
organisation’s information risk policy and acts as advocate for
information risk on the Board
IAO (Information Asset Owner)
These are senior individuals involved in running the relevant
service/department. Their role is to understand and address risks
to the information assets they ‘own’ and to provide
assurance to the SIRO on the security and use of those assets.
They are responsible for providing regular reports regarding
information risks and incidents pertaining to the assets under
their control/area.
IAA (Information Asset Administrator)
There are individuals who ensure that policies and procedures
are followed, recognise actual or potential security incidents,
consult their IAO on incident management and ensure that
information asset registers are accurate and up to date. These
roles tend to be system managers
Implied consent
Implied consent is given when an individual takes some other
action in the knowledge that in doing so he or she has
incidentally agreed to a particular use or disclosure of
information, for example, a patient who visits the hospital may
be taken to imply consent to a consultant consulting his or her
medical records in order to assist diagnosis. Patients must be
informed about this and the purposes of disclosure and also
have the right to object to the disclosure.
Explicit consent
Express or explicit consent is given by a patient agreeing
actively, usually orally (which must be documented in the
patients casenotes) or in writing, to a particular use of
disclosure of information.
Anonymity
Information may be used more freely if the subject of the
information is not identifiable in any way – this is anonymised
22. data. However, even where such obvious identifiers are missing,
rare diseases, drug treatments or statistical analyses which may
have very small numbers within a small population may allow
individuals to be identified. A combination of items increases
the chances of patient identification. When anonymised data
will serve the purpose, health professionals must anonymise
data and whilst it is not necessary to seek consent, general
information about when anonymised data will be used should be
made available to patients.
Pseudonymity
This is also sometimes known as reversible anonymisation.
Patient identifiers such as name, address, date of birth are
substituted with a pseudonym, code or other unique reference so
that the data will only be identifiable to those who have the
code or reference.
Information Risk
An identified risk to any information asset that the Trust holds.
Please see the Information Risk Policy for further information.
Privacy Invasive Technologies
Examples of such technologies include, but are not limited to,
smart cards, radio frequency identification (RFID) tags,
biometrics, locator technologies (including mobile phone
location, applications of global positioning systems (GPS) and
intelligent transportation systems), visual surveillance, digital
image and video recording, profiling, data mining and logging
of electronic traffic. Technologies that are inherently intrusive,
new and sound threatening are a concern and hence represent a
risk
Authentication Requirements
An identifier enables organisations to collate data about an
individual. There are increasingly onerous registration
processes and document production requirements imposed to
ensure the correct person can have, for example, the correct
access to a system or have a smartcard. These are warning signs
of potential privacy risks.
23. Retention Periods
Records are required to be kept for a certain period either
because of statutory requirement or because they may be needed
for administrative purposes during this time. If an organisation
decides that it needs to keep records longer than the
recommended minimum period, it can very the period
accordingly and record the decision and the reasons behind. The
retention period should be calculated from the beginning of the
year after the last date on the record. Any decision to keep
records longer than 30 years must obtain approval from The
National Archives.
Records Management: NHS Code of Practice
Is a guide to the required standards of practice in the
management of records for those who work within or under
contract to NHS organisations in England. It is based on current
legal requirements and professional best practice. The code of
practice contains an annex with a health records retention
schedule and a Business and Corporate (non-health) records
retention schedule.
Data Protection Act 1998
This Act defines the ways in which information about living
people may be legally used and handled. The main intent is to
protect individuals against misuse or abuse of information about
them. The 8 principles of the Act state The fundamental
principles of DPA 1998 specify that personal data must:
be processed fairly and lawfully.
be obtained only for lawful purposes and not processed in any
manner incompatible with those purposes.
be adequate, relevant and not excessive. be accurate and
current.
not be retained for longer than necessary.
be processed in accordance with the rights and freedoms of data
subjects.
be protected against unauthorized or unlawful processing and
against accidental loss, destruction or damage.
24. not be transferred to a country or territory outside the European
Economic Area unless that country or territory protects the
rights and freedoms of the data subjects.
Privacy and Electronic Communications Regulations 2003
These regulations apply to sending unsolicited marketing
messages electronically such as telephone, fax, email and text.
Unsolicited marketing material should only be sent if the
requester has opted in to receive this information.
25.
26. Contents lists available at ScienceDirect
Industrial Marketing Management
journal homepage: www.elsevier.com/locate/indmarman
Target and position article
The darker side of sustainability: Tensions from sustainable
business
practices in business networks
Nina Turaa,⁎, Joona Keränena, Samuli Patalab
a School of Business and Management, Lappeenranta University
of Technology, P.O. Box 20, Lappeenranta FI-53851, Finland
b Department of Management Studies, Aalto University School
of Business, P.O. Box 11110, Aalto FI-500076, Finland
A R T I C L E I N F O
Keywords:
Sustainability
Sustainable business practices
Tensions
Negative consequences
Business networks
Environmental
A B S T R A C T
While the current literature generally assumes that
27. implementing sustainable business practices (SBPs) will lead
to improved wellbeing and positive outcomes, relatively little
research has explored the potential tensions and
conflicts that SBPs may cause in multi-actor networks. To
address this issue, we conduct a qualitative multiple
case study in a regional business network, including interviews
with 43 managers in 17 firms in different in-
dustries. The findings of this study identify four types of
tensions (economic, structural, psychological, and
behavioral) that tend to emerge when firms implement SBPs in
networks, and illustrate how different stake-
holders (implementers, suppliers, customers, other network
partners) perceive them. Overall, this study con-
tributes to the current literature by highlighting the
underexplored “dark side” of sustainability, and illuminating
how organizational decisions aiming at improving collective
wellbeing can also lead to tensions and conflicts.
For managers, this study offers insights into how to anticipate,
manage and mitigate potential tensions that
might arise in business networks when one stakeholder decides
to implement a SBP.
1. Introduction
Sustainability is considered a new strategic imperative and a
long-
term goal for firms, nations, and society as a whole (Finke,
Gilchrist, &
Mouzas, 2016; Porter & Reinhardt, 2007). Customers, investors
and
other stakeholders demand continuous improvements in
environmental
and social responsibility (Fearne, Garcia Martinez, & Dent,
2012), and
companies are increasingly encouraged to implement
sustainable
28. business practices (SBPs) to reduce the environmental load and
to stay
competitive (Johnsen, Miemczyk, & Howard, 2017; Kotler,
2011).
However, while the mainstream literature generally assumes
that SBPs
lead to win-win situations, we need more understanding on the
po-
tential tensions and conflicts that emerge when implementing
SBPs
(Hahn, Figge, Pinkse, & Preuss, 2010; Öberg, Huge-Brodin, &
Björklund, 2012).
SBPs are generally defined as activities, initiatives or policies
that
aim at solving environmental and social problems while
maintaining a
profit (López, Garcia, & Rodriquez, 2007; Ortiz-De-Mandojana
&
Bansal, 2016; Tate, Ellram, & Gölgeci, 2013). Driven by the
need to
commercialize both economically viable and societally
acceptable so-
lutions, a majority of the research in this area has focused on
examining
the potential benefits that economic, environmental and social
actors
may accrue from sustainability (e.g. Doganova & Karnøe, 2015;
Fearne
et al., 2012; Patala et al., 2016; Sharma, Iyer, Mehrotra, &
Krishnan,
2010). However, given that SBPs have usually impacts that are
realized
in the long term and influence actors in broader business
networks
29. (Lacoste, 2016; Öberg et al., 2012; Peltola, Aarikka-Stenroos,
Viana, &
Mäkinen, 2016; Ritvala & Salmi, 2010), they may also lead to
un-
expected or even detrimental consequences that may cause
tensions
between the network actors (Hahn, Pinkse, Preuss, & Figge,
2015).
Tensions are usually understood as negative consequences, such
as
strain and conflict, that result from contradictory goals and
interests
between collaborating actors, and can hamstring, aggravate or
even
break up business relationships and network partnerships (e.g.,
Fang,
Chang, & Peng, 2011; Gnyawali, Madhavan, He, & Bengtsson,
2016).
For example, investing in cleaner technologies can improve
operational
performance and reduce environmental load, but they are often
costly
and involve high risks, including uncertainties about customer
needs,
legislation and commercialization potential (Hall, 2002).
Adopting
ethical purchasing practices can improve a firm's image and
social
status (Porter & Kramer, 2006), but also force other supply
chain
partners to change their operations or even end relationships if
they
cannot comply, thereby increasing mental and financial stress
within a
firm's network (Jackson & Young, 2016).
31. addressed emerging tensions in business networks (e.g., Chou &
Zolkiewski, 2018; Chowdhury, Gruber, & Zolkiewski, 2016;
Tóth,
Peters, Pressey, & Johnston, 2018), these studies have focused
on ten-
sions between economic and social goals, while tensions related
to
environmental goals remain less understood. Given that the risk
for
tensions in environmentally-oriented business networks seems
to be
particularly high (c.f., Patala, Hämäläinen, Jalkala, & Pesonen,
2014;
Scandelius & Cohen, 2016), this study addresses the following
research
question: What kind of tensions may emerge when
implementing SBPs in
business networks, and how are they experienced by different
network ac-
tors?
To study this issue in a real-life context, we employed the
multiple
case study approach, and interviewed 43 managers in 17 firms
that are
developing new SBPs and operate in various industries in
business-to-
business (B2B) markets. B2B markets provide a highly relevant
context
for this study, because SBPs influence a broad network of actors
(Wittneben, Okereke, Banerjee, & Levy, 2012), and interaction
in B2B
markets involves “processes within organizations, in
relationships be-
tween actors, and within a network of actors” (Jaakkola &
Hakanen,
32. 2013, p. 49). Accordingly, this study contributes to the
sustainability
and industrial marketing literature by illustrating how the im-
plementation of SBPs can lead to tensions, and how different
actors
(suppliers, implementers, customers, other stakeholders) in
business
networks experience them. From a broader perspective, this
study also
addresses the calls to explore the side-effects, or the “darker
side” of
sustainability (Johnsen & Lacoste, 2016; Öberg et al., 2012)
The rest of the paper is organized as follows. First, we discuss
why
companies implement SBPs, and why this may cause tensions in
busi-
ness networks. After highlighting potential research gaps in the
current
literature, we describe our qualitative field study and present
our
findings. Finally, we discuss the potential implications and
limitations
of the study, and suggest future research areas.
2. Literature review
2.1. Why do companies implement sustainable business
practices?
Sustainability has become a central part of business strategy in
many firms and industry sectors (Porter & Reinhardt, 2007). By
adopting SBPs, firms aim at creating economic business
benefits, re-
ducing environmental impacts, addressing social issues, and
displaying
33. corporate responsibility to customers and other stakeholders
(Fearne
et al., 2012). As individual firms are expending increasing
amounts of
money and effort on a variety of environmental investments and
sus-
tainable R&D activities, the general attitude towards
sustainability is-
sues has started to change slowly, seeing them as potential
business
opportunities instead of extra regulatory costs (Kotler, 2011;
Lubin &
Esty, 2010; Porter & Kramer, 2011; Tate et al., 2013).
The main motivation for implementing SBPs stems usually from
environmental laws and regulations, but to an increasing extent
also
from business objectives, such as profitability and improved
product
quality (Ranta, Aarikka-Stenroos, Mäkinen, 2018; Beise &
Rennings,
2005). Consequently, firms are investing increasingly in SBPs
to achieve
optimal “win-win” situations, where economic, environmental,
and
social benefits − often referred to as the “triple bottom line” −
can be
realized for relevant stakeholders and networks (e.g. Ambec &
Lanoie,
2008; Ameer & Othman, 2012; Kurapatskie & Darnall, 2013). In
short,
this usually means increased profit and differentiation power for
the
supplier, and reduced environmental load and increased social
well-
being for the whole network, including suppliers, customers,
34. other
stakeholders, and the society as a whole (e.g. Keränen, 2017;
Patala
et al., 2014; Porter & Kramer, 2006; ).
While the benefits of investing in sustainability are clearly
recognized in the literature, the potential costs or negative con-
sequences that may result from implementing SBPs have
received much
less attention (Hahn et al., 2010; Konar & Cohen, 2001). The
current
literature tends to acknowledge direct economic costs and
perceived
risk as the primary drawbacks of implementing SBPs, but most
of these
studies focus predominantly on supplier perceptions, while
under-em-
phasizing other stakeholders (e.g. Hall, 2002; Hansen, Grosse-
Dunker,
& Reichwald, 2009; Nidumolu, Prahalad, & Rangaswami,
2009). Con-
sequently, recent sustainability research has suggested that
looking at
the emerging tensions between network partners could offer a
more
holistic picture of the consequences perceived by multiple
actors (Hahn
et al., 2015)
2.2. Sustainable value co-creation in business networks:
potential for
tensions
In the industrial marketing literature, a great deal of research
has
35. argued that value emerges through collaborative activities and
inter-
action, and is co-created when actors exchange and integrate
resources
that contribute to solving mutual problems (Aarikka-Stenroos &
Jaakkola, 2012; Vargo & Lusch, 2016). Value co-creation is
considered
to take place in broader networks or service systems, and may
hence
involve a diverse set of actors that have a direct or indirect
influence on,
and may experience the consequences of value co-creation
(Gummesson
& Mele, 2010; Pinho, Beirão, Patrício, & Fisk, 2014; Vargo &
Lusch,
2011). However, value co-creation does not always lead to
positive
outcomes. It can be also disruptive, and interaction between
actors can
lead to deteriorating and negative outcomes (Echeverri &
Skålén, 2011;
Prior & Marcos-Cuevas, 2016; Verleye et al., 2017).
While emerging research has begun to unpack the potential
negative
consequences of complex exchanges with economic or social
goals (e.g.
Plé & Chumpitaz Cáceres, 2010; Prior & Marcos-Cuevas, 2016;
Verleye
et al., 2017), several studies indicate that the potential for
negative
consequences is exacerbated when value co-creation involves
environ-
mental and sustainable goals as well (e.g. Doganova & Karnøe,
2015;
Reypens, Lievens, & Blazevic, 2016). The key reasons for this
36. include a
more diverse and multi-layered set of actors and decision
makers
(Baraldi, Gregori, & Perna, 2011; Seshadri, 2013), broader
network(s)
of stakeholders and supply chain partners (Meqdadi, Johnsen, &
Johnsen, 2017; Öberg et al., 2012), longer decision-making
cycles
(Ritvala & Salmi, 2010), competing value-creating and
problem-solving
logics (Patala et al., 2014), and divergent or conflicting goals
and in-
terests (Doganova & Karnøe, 2015). Thus, sustainable value co-
creation
in business networks seems particularly susceptible for potential
ne-
gative consequences. However, while existing research has
addressed
why and how sustainable value co-creation can be obstructed or
re-
strained (Finke et al., 2016; Ritvala & Salmi, 2010), less
research has
addressed how the potential negative consequences of
sustainable value
co-creation may manifest across business networks, or how they
are
experienced by different stakeholders (Öberg et al., 2012;
Patala et al.,
2014).
Recent industrial marketing research has advocated the use of
the
tension perspective to explore the hurdles and impediments
between
multiple actors in business networks (e.g., Chou & Zolkiewski,
2018;
37. Chowdhury et al., 2016; Tóth et al., 2018). In brief, tensions
focus on
contradictory forces, objectives, or motivations with conflicting
goals
and interests that tend to drive relationship or network partners
apart
(Das & Teng, 2000; Tidström 2014). While some tensions can
have
positive impacts (especially if properly managed), they are
usually
considered in terms of negative consequences, or more broadly
as the
dark side of relationships, as they can cause strain, conflict, and
emo-
tional upheaval (Fang et al., 2011).
While the previous marketing literature identifies multiple types
of
tension in relationships and networks, they are usually
categorized
broadly under structural, psychological, and behavioral tensions
(Fang
et al., 2011; Tidström, 2014; Pressey & Vanharanta, 2016).
Structural
N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
222
tensions refer to the different ways inter-organizational
relationships are
organized and governed within a network, and can include, for
ex-
38. ample, tensions between structural flexibility and rigidity.
Psychological
tensions refer to cognitive aspects, such as attitudes and
perceptions of
different actors in the network. Typical psychological tensions
in net-
works may relate to issues such as (mis)trust and temporal
orientations.
Finally, behavioral tensions refer to actors' activities, routines
and com-
municative practices, and may relate for example, to active or
passive,
or cooperative or competitive behavior (Fang et al., 2011; Tóth
et al.,
2018). In addition, both the marketing and sustainability
literatures
refer often to economic tensions, which usually relate to
differences be-
tween an actor's value capture and appropriation logics (Hahn et
al.,
2010; Chou & Zolkiewski, 2018). Overall, since tensions can
emerge
between multiple actors, including individuals, groups, and
organiza-
tions, they offer a good analytical lens to analyze the activities,
out-
comes and consequences in multi-actor networks (Burton et al.,
2016).
In sum, the existing literature acknowledges that sustainability
is-
sues are often broad and complex, and require an understanding
of the
impacts and consequences experienced and perceived in larger
net-
works (Wittneben et al., 2012). Because clear identification of
39. re-
lationships and interactions between different problems,
activities and
consequences related to sustainability is often very difficult,
they might
be best understood as tensions between different network actors,
who
are likely to experience them differently (Hahn et al., 2010,
2015;
Kumazawa, Saito, Kozaki, Matsui, & Mizoguchi, 2009).
3. Methodology
To explore the potential tensions that may result from
implementing
SBPs, we adopted a qualitative research approach, and
employed an
embedded multiple case design (Scholz & Tietje, 2002; Yin,
2014).
Because the current research on the tensions of implementing
SBPs is at
a relatively early stage (Hahn et al., 2010, 2015; Öberg et al.,
2012), a
qualitative research approach is suitable to generate a deep and
de-
tailed understanding of this complex and far-reaching
phenomenon in a
real-life setting (Corbin & Strauss, 2015). Moreover, an
exploratory
research approach supports theory building from empirical
insights in
an under-researched area (Eisenhardt & Graebner, 2007). By
using an
embedded multiple case design, we were able to explore how
the im-
40. plementation of SBPs influences different actors in a business
network.
This gave rise to a more holistic understanding of the potential
tensions
in a broad and more generalizable context (Halinen & Törnroos,
2005;
Yin, 2014).
3.1. Case selection
We used a theoretical sampling logic to identify firms that had
been
developing and implementing SBPs in B2B markets, and would
hence
provide access to empirically rich and insightful data
(Eisenhardt &
Graebner, 2007). With this aim, we approached a specific
regional
cluster in Finland, which includes 17 firms. The cluster has a
strong
history of collaboration and ongoing sustainability initiatives,
fa-
cilitated by regional development organizations and a collective
agenda
to improve regional sustainability. Conceptually, the regional
network
is akin to an “industrial symbiosis network”, which includes
separate
industries with a collective aim to achieve eco-efficiency
through the
exchange of resources, by-products and expertise in a socially
em-
bedded and regionally constrained system (Patala et al., 2014).
The regional network in question is built around resource- and
material-intensive industries, including process and metal,
41. wood, en-
ergy, and waste technologies. These are all mature industries,
and
under high economic, environmental and social pressures to
adopt
more efficient resource and raw material bases (i.e., solar
energy, waste
recycling), ecologically friendlier offerings (i.e., bio-oil, digital
ser-
vices), and socially responsible purchasing practices (i.e., local,
ethical,
and sustainable procurement). In addition, the network includes
several
regional development organizations, which are focused on
providing
consulting, financing and other support for firms in this area.
Conceptually, the empirical setting represents a “nested
network”, as
the regional industry cluster operates as a larger macro-level
network,
which contains several smaller embedded ‘nets’ or business
networks
(c.f., Ritvala & Salmi, 2010). This approach allows us to take
into ac-
count the embedded nature of individual and dyadic
relationships as
part of a network context (Möller & Svahn, 2006), and explore
how the
Fig. 1. Illustration of the network and embedded units.
N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
223
42. actions and practices of individual actors were experienced and
per-
ceived by other actors in broader networks. Fig. 1 illustrates the
re-
gional network, the industry specific sub-networks, and the
embedded
case companies.
The case companies represent various types of network actors
and
value chain positions, as they operate as suppliers and
customers in
their own sub-networks or network partners and stakeholders in
the
larger regional network. More specifically, the roles of the case
com-
panies in the regional network can be divided to three primary
types:
implementers (I), which have implemented new SBPs; service
providers
(S), which have developed new services to facilitate other firms'
SBPs;
and regional partners (P), which facilitate the adoption of SBPs
in the
region. In turn, the value chain positions can be considered in
terms of
firms who implement specific SBPs (implementers), their raw
material,
product, technology and energy suppliers in the “up-stream”
position,
their primary customers in the “down-stream” position, and
other net-
work partners providing different types of supporting services.
While the
43. firms represent specific types of network actors, they could
adopt dif-
ferent and sometimes co-existing value chain positions,
depending on
their ongoing relationships with other actors. Table 1 provides
an
overview of the case companies, their implemented SBPs or
activities
employed to support other firms' SBPs, and occupied network
positions
in relation to other actors in the network.
3.2. Data collection
The data collection for this study took place in 2014 and 2015,
and
involved 24 single and six group interviews with a total of 43
managers.
The single interviews lasted between 35 and 109 min, and the
group
interviews between 97 and 179 min. All the interviews were
sound-
recorded and transcribed. This resulted in 984 pages of double-
spaced
interview transcripts. All the interviews were semi-structured,
and fo-
cused on the value of sustainability, firm-specific sustainability
prac-
tices, and the outcomes of these practices for firms, their
customers, and
stakeholders. Using a thematic guide and open-ended questions,
the
interviewees had the opportunity to express their ideas freely
and focus
on the naturally occurring issues that emerged during the
interviews
44. (Creswell, 2013). In addition, the group interviews allowed us
to probe
multiple views on specific issues, challenge diverging ideas,
and vali-
date emerging findings interactively (Bryman, 2012). All the
inter-
viewees were experienced senior managers, who were
responsible for
and/or had knowledge of the sustainability practices their firms
had
implemented. An overview of the interview data is presented in
Table 2.
We supplemented the primary interview data with a large set of
rich
secondary data. This included analyses of company websites,
annual
reports, specific sustainability and corporate social
responsibility re-
ports, as well as field notes (50 pages) of 16 steering group
meetings
and workshops with representatives from the regional network
actors
Table 1
Overview of the case companies.
Firm Industry Implemented SBPs (I 1-11), and
activities that support other firms' SBPs in the network (S12-
P17)
Examples of occupied network positions (in addition to being
an implementer for the SBPs mentioned in column #3)
I/S1 Energy & heat industry Development of bio-oil and electric
cars, environmental consulting,
45. commitment to CO2 free production
Supplier for renewable energy and bio-oil
Network partner providing environmental consulting
services
I2 Energy industry Developing new business areas from cleaner
waters, investments in
modernizing monitoring and water treatment products,
responsible
production
Supplier of energy and clean water products
Customer for environmental consulting services and
production equipment
I3 Energy industry Bio-heating plant and a transmission line
project Supplier for energy based on bio-heating
Customer for renewable fuels, recycled raw material,
production equipment and environmental consulting services
I4 Energy industry CO2-free production, new treatment plant
for clean water, remote
reading
Supplier for renewable energy
Customer for production equipment
I/S5 Environmental & waste
management industry
Investments in a waste incinerator and business development
projects
related to the re-use of waste, ash, and other surplus material
Supplier for recycled raw material
46. Customer for procurement equipment
Network partner: providing waste management services
S6 Waste management services New service offering related to
waste information management Customer for energy, production
equipment and materials
Network partner providing support services for waste
management
I7 Wood industry Bio-oil & eco-designed products Supplier for
bio-oil and eco-designed products
Customer for raw material (recycled), production equipment
and energy
I8 Wood industry Use of renewable and bio-materials Supplier
for bio products
Customer for renewable fuels and energy
I9 Wood industry Bio product factory, responsible use of
forests, sustainable products Supplier for bio products
Customer for renewable fuels, environmental consulting
services and energy
I10 Process industry Recycled fuels, commitments to
minimizing CO2 emissions Customer for environmental
consulting services, recycled
fuels and energy
I11 Process industry Material efficiency, use of limestone-based
solutions Supplier for limestone-based products for cleaning
waters
Customer for environmental consulting services and energy
I12 Steel industry Use of recycled scrap metal Customer for
environmental consulting services
P13 Financing, consulting Focus on environmental and social
47. responsibility through digitalization Network partner providing
financing and consulting
services
S14 Consulting and design services Sustainable development of
processes and assets, water management,
construction, and environmental consulting
Supplier for sustainable construction
Network partner providing environmental consulting
services
S15 Accounting services Offering and developing digital
services (replacing paper and extra
waste)
Network partner providing digital services to support
management of business
P16 Regional development and
consulting
Emphasis and promotion of clean water in regional development
Network partner providing support services to promote
regional development
P17 Regional development and
consulting
Emphasis and promotion of bioenergy, waste-to-energy, and
wind
power projects in regional development
Network partner providing support services and financing
to promote regional development
Customer for waste management services, environmental
48. consulting services and energy
N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
224
(total duration 45 h), and notes (86 pages) of 33 meetings with a
broader research group (total duration 89 h) where emerging
findings
and key issues were discussed. Overall, this documentary
material
provided a rich information resource and insights into the SBPs
im-
plemented by different firms, as well as the consequences
experienced
by different stakeholders (Hill, 1993).
3.3. Data analysis
Given the large amount of empirical data, our analysis
proceeded in
three key stages. In the first stage, we employed within-case
analysis
and open coding, and identified specific SBPs and subsequent
impacts
that they generated in the network (Miles, Huberman, &
Saldana,
2014). This allowed us to understand what kind of SBPs
specific firms
had implemented (see Table 1 for an overview), and how their
impacts
were perceived by other actors in the network. At this stage, the
pre-
49. liminary insights indicated a substantial number of conflicting
percep-
tions between different firms, which led us to focus on the
emerging
tensions between the network actors. Hence our unit of analysis
was a
specific tension perceived between (or within) different
business net-
work actors in their relationship.
In the second stage, we employed cross-case analysis and axial
coding, and categorized the emerging tensions based on their
properties
and characteristics (Corbin & Strauss, 2015). To aid our
analysis and
categorization, we compared the emerging findings to existing
litera-
ture, and informed by previous studies on network-based
tensions (e.g.,
Tóth et al., 2018), we extracted specific tensions to thematic
categories.
At this stage, we also unpacked the categories to explore how
different
tensions were experienced and perceived by different actors
(im-
plementers, suppliers, customers, network partners). In the third
stage,
we integrated all the categories into an overall preliminary
framework
(see Table 3), and sought feedback and confirmation for the
emerging
findings from the informants and other researchers.
Due to the large amount of empirical data, Nvivo software and
Excel
spreadsheets were used to manage and facilitate the data
50. analysis and
aid subsequent theory construction (Bazeley & Jackson, 2013).
To in-
crease the trustworthiness and validity of the study, we
employed
multiple sources of primary and secondary data (data
triangulation),
involved several researchers in the analysis and interpretation
of the
findings (researcher triangulation), and presented the emerging
results
to managerial and academic audiences (Yin, 2014).
4. Findings
In this section, we report the findings of the study. First, our
analysis
identified 20 different types of tension that seemed to emerge
when
firms decide to implement SBPs in business networks. In line
with prior
literature (Fang et al., 2011; Tóth et al., 2018), it seems that the
identified tensions tend to manifest in four broader categories:
eco-
nomic, structural, psychological, and behavioral tensions.
Second, the
identified tensions seem to occur between (external) and within
(in-
ternal) multiple actors, as well as within multiple level
(individuals,
groups, organizations). Consequently, our analysis suggests that
actors
in different network positions tend to perceive these tensions
differ-
ently. We consider these in terms of four primary positions: im-
51. plementers, suppliers, customers, and other network partners.
Our
findings are summarized in Table 3, and we discuss them in
detail
below.
4.1. Economic tensions
Economic tensions refer to conflicts between cost allocations,
and
these appeared most frequently in our data. Economic tensions
involved
expectations or demands from one actor for other actors to
invest or
expend costs into technologies, processes or new practices that
would
be aligned with specific SBPs. However, the other actors
perceived
these expectations sometimes as asymmetric or unfair, and
believed
that they restricted their own operations.
For firms that implemented SBPs in the regional network,
economic
tensions manifested usually as higher investment, operating, and
oppor-
tunity costs. These were often perceived internally, between
different
departments or functions at the implementer's organization. For
ex-
ample, several firms had increased their research and
development
budgets (I1;I10), or invested into new environmentally friendly
or
modernized technologies (II3;I4;I7;I8;I9;I11), at the expense of
post-
52. poning, freezing, or sometimes completely abandoning efforts
to de-
velop or expand their current sales, service, or production
organiza-
tions.
“Compared to a situation where we don't have to think about
sustain-
ability, of course it brings costs. Investments have been huge
(e.g. filter
Table 2
Overview of the interview data.
Firm Titles of informants Interview type Length (min) Number
of
informants
I/S1 Project Manager (5×), Sales Manager (2×), Project
Engineer, Senior Adviser,
Product Development Manager, Head of IT systems, EHSQ
Manager, Head of
International O&M Management, Process Manager, Technical
Manager, Head of
Division
5× groups (groups were based on
organizational functions/teams)
179, 97, 130,
145, 109
16
I2 Financial Director, Head of Unit, Environmental Director,
Unit Team Leader,
53. Environmental Manager, Project Manager
5× individual 60, 72, 65, 52,
88
5
I3 CEO 1× individual 101 1
I4 CEO, Energy Group 1× individual 35 1
I/S5 Account Manager, R&D Manager, Business Manager,
Technical Manager 4× individual 52, 69, 94, 76 4
S6 Quality and Environmental Engineer 1× individual 35 1
I7 Director, Stakeholder Relations 1× individual 72 1
I8 Factory Manager, Environmental Manager, Communications
Manager 3× individual 35, 33, 37 3
I9 Environmental Manager 1× individual 94 1
I10 Vice President 1× individual 109 1
I11 Factory Manager 1× individual 68 1
I12 Product Development & Technical CRM Manager,
Environmental Manager, Process
Development Manager
1× group 103 3
S13 Head of Office 1× individual 35 1
P14 Communications Manager 1× individual 45 1
S15 Head of Office 1× individual 34 1
P16 Development Manager 1× individual 84 1
P17 CEO 1× individual 73 1
Total 24 individual and 6 group interviews 2281 43
N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
225
54. plant of the smelter), energy is used and waste is created. We
have
continuous maintenance targets and expenses… If we didn't care
about
sustainability, we wouldn't need environmental executives
sitting here,
doing paperwork and paying license fees, these are all indirect
costs.”
(I9)
For suppliers, in our sample, economic tensions manifested
primarily as
high costs of operational changes due to the need to
accommodate in-
creased compliance requirements from the implementing firms.
In the
data, such requirements ranged from improving production and
op-
erational processes to reduce emissions and carbon footprints
(I1;I2;I7;S14) to educating, training and hiring new people
(I2;I7) to
gain different environmental and social certificates. While the
requested changes aimed to improve the implementers own as
well as
their value chains' societal impact, several suppliers pointed out
that for
them the changes involved often expensive process
modifications,
which were seldom fully recoupable. Many suppliers noted they
had
faced costly sustainability requirements from their business
partners,
and felt it was usually easier to comply by accepting short-term
55. costs
than risk losing valuable partners and long-term business
potential.
“Our partners had to develop also new skills and operations
through
investments.” (I7)
For customers, economic tensions manifested primarily as
higher prices
and decreased functionality. Customers felt that when their
suppliers had
implemented SBPs, this had resulted in higher prices but not
necessarily
Table 3
Potential tensions from SBPs as experienced by different
network actors.
Experienced by and between
Tension Actor 1 Actor 2 Description
Economic tensions
1. Higher investment, & operating,
and opportunity costs
Implementer's top
management or R&D Unit
Implementer's production
and sales
Senior management or R&D invests into sustainable
technologies and/or
modernization of production equipment, which are expensive
56. and have long
payback times. This results in higher cost pressures and
postponing or
abandoning other development projects in implementer's other
units (usually
production, sales, or service)
2. Cost of operational changes Supplier Implementer
Implementer demands that suppliers adapt their processes to
new codes of
conduct or sustainability requirements
3. Higher prices Customer Implementer Implementers charge
higher prices from customers due to cost increase in
their own operations
4. Reduced functionality and
performance
Customer Implementer Sustainable technologies do not deliver
the customer the same functionality
or performance as traditional technologies
Structural tensions
5. Increased monitoring and
controlling needs
Implementer Suppliers and other
network partners
Implementer needs to monitor and control that several actors in
its value
chain and network follow its codes of conduct
6. Dependence on key suppliers Implementer Supplier
Implementers fear that a dependency on a raw material that is
57. available only
from specific suppliers (e.g. by-products from forest industry to
use in a bio
heating plant) can give away too much negotiation and pricing
power, and
make them vulnerable to strong-arming and other opportunistic
tactics.
7. Reduced power positions Supplier Implementer Suppliers that
have difficulties in responding to the implementer's
sustainability requirements or expectations have lower
bargaining power, or
can be phased out completely.
8. Difficulties to design balanced
network policies
Other network partner Entire network Other network partners
need to design regional policies that would benefit
stakeholders equally, but the conflicting interests between
multiple network
actors may result in policies that are unequal or favor some
actors
disproportionately with the expense of others
Psychological tensions
9. Financial risk Implementer Customers Implementer has made
significant short-term investments into SBPS, while
the potential benefits are uncertain and realized only in the long
term
10. Technological risk Implementer Customers New SBPs lack
references and proof of performance, and the implementer
fears that they will not be as functional or effective as
traditional alternatives
58. 11. Political risk Implementer Government/ Regulatory
bodies
Implementer fears that constantly changing political decisions,
regulation, or
legislation will affect a new SBP negatively
12. Reduced motivation to adhere to
codes of conduct
Supplier Implementer Suppliers feel that they are forced to
measure, monitor and report
sustainability indicators that are not relevant for their own
business
13. Fear of disclosing sensitive
business information
Customer Implementer Customers are reluctant to share
sustainability information and data if it is
business-critical or otherwise sensitive
14. Greenwashing concerns Customer Implementer Customer
fears that the supplier's sustainability claims are corporate
posturing or deceptive marketing, but do not deliver actual
environmental or
social improvements
15. Defensiveness against new
regional sustainability policies
Other network partners Entire network Network actors are slow
or reluctant to comprehend the potential benefits and
opportunities of new sustainability polities
Behavioral tensions
59. 16. Higher disclosure requirements Implementer Authorities,
society,
media,
Implementer needs to report on different sustainability criteria
to
stakeholders, environmental and political authorities, and the
media
17. Internal resistance Implementer's top
management
Implementer's field
personnel
Employees are reluctant to learn new skills, accept new
responsibilities or
process changes, and adopt new work practices
18. Increased need to collect and
share data
Supplier Implementer Implementers expect the suppliers to
collect and share sustainability-related
data about their operations and processes
19. Higher maintenance needs Customer Implementer Customer
needs to maintain or replace environmentally-friendly
components
more often than traditional alternatives
20. Divergent communication and
promotion needs
Other network partners Entire network Other network partners
need to communicate and promote goals and agendas
60. that facilitate several actors´ interests and objectives, which are
often
conflicting and contradictory
N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
226
any improvement in actual product performance. In contrast,
some
customers noted actually that sometimes the sustainable
components in
purchased products or systems required more maintenance or
had
shorter life cycles, reducing the overall functionality and
performance
of the equipment.
“Customers would like to use domestic fuels instead of foreign
fuels be-
cause of their lower environmental impacts. But if the price for
foreign
fuel is lower, they will unfortunately select that.” (I2)
4.1.1. Structural tensions
Structural tensions refer to the need for and balance of
coordination
and governance of vertical and/or horizontal relationships with
stake-
holders. For firms that implemented specific SBPs, structural
tensions
manifested usually as increased monitoring and controlling
61. requirements to
their value chain and network. This involved the need to
manage both
wider stakeholder networks and longer (up- and downstream)
value
chains, where several stakeholders had different, yet collective
impact
on the realization of the benefits from specific SBPs. However,
since
individual stakeholders had usually different perceptions and
measures
for sustainability (i.e. NOx and CO2 emissions vs. carbon and
water
footprints), a higher number of stakeholders made monitoring
and
controlling overall sustainability impacts often very difficult.
“We should pay more attention to our value chain. There are
weak points
for sure… Although our suppliers are the most reliable in the
field, we
don't check these issues until at the last point…. Value chains
are long
and we don't have resources for that…. We can't say for sure
whether
they are using for example child labor. It's an unknown field for
us and
may carry threats.”(I9)
In addition, some firms felt that implementing SBPs led to
increased
dependency on key suppliers who had a dominant or sole
provider status
for critical materials, such as raw materials for bio-heating (I3),
or
limestone (I8). In these cases, implementers feared that sole
62. suppliers
might leverage their unique position to increase prices, regulate
supply,
or otherwise influence contract conditions. On the other hand,
some of
the supplier firms in our sample perceived the structural
tensions as
reduced power positions, if they did not have enough resources
or know-
how to respond to the sustainability requirements posed by the
im-
plementer, or if they declined to accommodate the
implementer's
compliance requirements. For example, the suppliers in the
forest and
energy industry had faced the risk and pressure of decreasing
pur-
chasing volumes and lowering prices if they could not adapt
their
processes and practices to match the implementers'
sustainability ex-
pectations or demands better.
For customer firms, the data indicated no significant structural
tensions. For other network partners, the structural tensions
manifested
usually as difficulties to design balanced network policies. For
example, the
regional agencies explained that since SBPs influenced several
stake-
holders across networks, they were under a pressure to design
regional
policies and practices that would try to take each stakeholder's
interests
and goals into account. However, due to different, and often
conflicting
63. interests within the network, it was not clear whether the
agencies'
lobbying efforts resulted in balanced and equally fair policies
for all the
network actors, or uneven agendas that diisproportionally
favored
some, with the expense of others.
“Customers are obligated to sort their wastes in more detail. We
do a lot
of competitive bidding, but it is hard to include all the
conditions and
measurements of sustainability and environment into these
tenders. There
are so many things to be taken into account, and it is not clear
how the
evaluation and scoring of these indicators would be fair for both
new and
old players in the waste business.” (S6)
4.1.2. Psychological tensions
Psychological tensions refer to changes in emotions, attitudes,
motives and feelings, caused primarily by the added uncertainty
asso-
ciated with SBPs (Slawinski et al. 2015). For sample firms that
im-
plemented specific SBPs, psychological tensions manifested
primarily as
increased financial, technological, and political risks. For
example, it was
often difficult to calculate the return on investment for
sustainable
technologies, and many firms had risked a decrease in short-
term
profitability for potential but uncertain long-term business
64. benefits.
Similarly, many implementers worried about whether the new
SBP
would become “accepted” or “new standard” in the market, or
just an
inferior alternative to traditional technologies. Finally, the im-
plementers were also highly concerned about political
decisions, such
as support or taxation policies for biofuel, coal, or other sources
of
renewable energy (I1;I3;I10), and the enactment of emissions
and
chemicals regulations (I8–10;I12), which have a major influence
on the
business potential of sustainable products and services.
“We cannot yet put a value on the sustainability investments in
peat
production.…When we decided to make investments, we did not
calcu-
late our expectations for business sales. We see it more as a
long-term
investment in future business possibilities.” (I7)
“There's political risk. As the fuel business is based on politics
in the EU,
there is a risk of changing regulations. Authorities may ruin
everything.”
(I10)
“The drivers of sustainability come from politics, and involve
risks as to
whether they will be in line with our current decisions in the
future… it
may result in some administrative decisions that have negative
effects for
65. us. It's a little terrifying.” (I3)
For some of the supplier firms, psychological tensions
manifested as
reduced motivation to adhere to the implementer's codes of
conduct, espe-
cially if these had no direct benefits to the supplier, or if the
value chain
involved other partners who did not follow similar practices.
Several
suppliers noted that it was relatively common for their value
chain
partners to lobby for regulations and/or request sustainability
policies
that favored individual actors unequally. This often reduced the
sup-
pliers' willingness to comply, at least when it required
significant
changes or cost allocations.
“Our industry doesn't market much in “being green”. There are
certain
actors that are intentionally quiet about this.” (I9)
“There are multiple interest levels among actors contributing to
sustain-
ability regulations. The interest in these issues may arise purely
from
gaining competitive advantage over other actors.” (I12)
For customer firms, psychological tensions manifested primarily
as a
fear of disclosing sensitive information about their processes
and opera-
tions. Customers pointed out that suppliers were increasingly
re-
66. questing access to their process and usage data to analyze the
potential
sustainability impacts of their offerings, and this involved
business-
critical information, which customers were often reluctant to
share.
Furthermore, some customers noted also that without careful
diligence
and supplier evaluation, they had sometimes concerns about
green-
washing, or in other words, whether the supplier's SBPs actually
had the
promised impacts, or were just corporate posturing and empty
en-
vironmental claims.
“In management we may see responsibility in a different way….
For
example, we have had to close factories. For some, these actions
may
seem unresponsive, but from company perspective this is
economic sus-
tainability…[but] society may criticize and have different
opinion. That
may increase local negative effects and labor disruptions, and
increase
risks related to delivery reliability from the eyes of the
customer.” (I7)
For other network partners, psychological tensions manifested
pri-
marily as defensiveness against new regional sustainability
policies. For
example, the regional agencies noted that the business actors in
the
area were usually very resistant or slow to adopt and assimilate
67. new
N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
227
sustainability initiatives, unless they had a direct impact on
their
business.
“Of course there are customers that do not want to give up
paper… These
types of customers cover still 55-60%. It is hard work to get
them to
understand our system and online services.” (S15)
“SMEs are not very interested in sustainability goals at the
broader,
global level. Very often they will just have a defensive reaction,
like “we
get these new things every day, how is this relevant to us?”
(P16)
4.1.3. Behavioral tensions
Behavioral tensions refer to changes in operational or commu-
nicative behaviors within a business network (Tóth et al., 2018).
From
the sustainability perspective, new activities and practices for
analyzing
sustainability impacts and reporting to stakeholders can cause
con-
siderable behavioral changes and require extra resources
68. (Greenwood
et al. 2015). For firms that implemented specific SBPs,
behavioral
tensions manifested primarily as increased disclosure
requirements, as
they had to report on different sustainability criteria not only to
en-
vironmental and political authorities, but to potential customers
and
network partners as well. Many of them also noted that
increased
workload, bureaucracy, training, and social pressure related to
im-
plementing SBPs often led to internal resistance within their
organiza-
tions. For example, the implementers described situations and
beha-
viors where internal resistance ranged from skepticism, lack of
commitment and negative attitudes to misunderstanding or dis-
regarding responsibilities intentionally, and barriers between
field or-
ganizations and top management.
“Much of the time is spent answering the many questions of
people,
claims coming from water protection associations, media
contacts and
reviews… We have promised to measure every bog separately,
but the
information on the impacts on the environment is not
particularly ac-
curate… So the actions we are performing now may be a bit
pointless, but
we have to do so to gain social acceptance.” (I2)
“The workload of the personnel and their mental wellbeing are
69. negative
issues related to sustainability. Investing in sustainability has
brought
extra work, required many working hours, development and
planning
activities...The commitments that we made raised considerable
resistance
inside the company.” (I7)
For supplier firms in our study, the behavioral tensions
manifested
primarily as an increased need to collect and share
sustainability-related
data and information about their operations and processes with
the
implementer. While the suppliers generally understood the need
for
additional communication efforts, many felt that they were
being
forced to measure, monitor, and report sustainability indicators
that
have little effect on their business practices.
“Increasing public awareness raises certain tough questions for
us to
answer, although they may not have anything to do with us.”
(I9)
“In addition to other work, sustainability means more
monitoring efforts
and extra work… Customers are expecting certain things, but in
reality,
the time spent on designing and planning may be longer,
bringing negative
consequences in terms of work.” (S14)
70. For customer firms, the behavioral tensions manifested as
higher
maintenance needs, as the sustainable technologies and/or
components
they purchased had to be maintained, replaced or upgraded more
often
than traditional alternatives. For example, in the case of bio-
energy
power plants, when the customers burned recycled waste
material, this
eroded their production equipment (I1). In addition, when
customers
replaced cement with more renewable (wood-based) materials in
the
construction process, they experienced increased maintenance
re-
quirements and lower life-cycles of buildings (I4).
“There is a big debate about the facts of using wood vs. cement
–based
materials in construction related to [sustainability] impacts and
life-cycle
maintenance.” (I4)
For other network partners, behavioral consequences manifested
primarily as divergent communication and promotion needs,
because of the
diverse goals and interests of different network actors. For
example, the
forest industry wanted to promote wood as a renewable material
source
for construction, while the process industry wanted to highlight
the
long lifecycle of concrete- and steel –based materials instead.
Furthermore, while the private organizations in the area wanted
71. to
reduce CO2 emissions only to levels that would have a minimal
impact
on production to optimize or protect sales and profits, the
public or-
ganizations wanted to maximize the reduction in overall CO2
emis-
sions. Several network partners had to navigate this riptide, and
choose
how to stretch and allocate resources to promote a host of
conflicting
sustainability goals simultaneously.
“We have divergent interests inside Finland. All actors want to
support
their own interest areas, and this may have negative effects on
others.”
(I12)
5. Discussion and conclusions
In this study, we have explored the potential tension that may
result
from implementing SBPs in business networks. Network
partnerships
and joint action are important drivers of sustainability goals
(Patala
et al., 2014; Ritvala & Salmi, 2011), and it is critical to
understand how
to minimize the costs and barriers of collaboration. This is an
important
issue, as industrial firms are investing increasingly in various
SBPs, but
their potential “dark side” effects remain under-researched
(Hahn et al.,
2010). Our findings illustrate why and how the implementation
72. of SBPs
may lead to emerging tensions, and how different actors in a
network
setting in business markets experience them. Next, we consider
the
implications of our findings by comparing the tensions
experienced at
different network positions and suggest some potential
strategies for
decreasing the tensions.
As demonstrated by the findings, if one network partner adopts
new
sustainability practices, this may generate tensions in its
business net-
work. We found that tensions inside the implementer's
organization
were typically related to budgetary tensions among different
business
units and functions, as well as the potential internal resistance
to
change by employees, which were predominantly economic or
beha-
vioral by nature. These tensions seemed to be especially
dependent on
the type of SBP undertaken, as more technology-intensive SBPs
are
likely to involve higher costs and risks. These tensions could be
de-
creased by higher involvement of different functions and
internal per-
sonnel, as SBPs, which are integrated with the core business
functions,
have typically higher potential benefits (Halme & Laurila,
2009).
73. The tensions between implementers and their suppliers, in turn,
are
often related to the supplier's capability to meet new
sustainability
criteria introduced by SBPs, and a potential fear of being
relegated to a
lower tier supplier if the sustainability criteria are not met.
Structural
tensions were particularly evident between the supplier and im-
plementer. These tensions seemed to be influenced by the
cultural and
power distance (Meqdadi et al., 2017) between the implementer
and
the supplier, and may be especially prevalent in global supply
chains,
leading to considerably different perceptions of sustainability.
An im-
plementer could decrease this tension by investing in training
and
education activities with the suppliers, to help meet their
sustainability
goals. For example, previous research has shown that more
collabora-
tive and inclusive strategies of involving suppliers in SBPs are
more
sustainable in the long run compared to dictatorial initiatives
driven by
the implementer (Drake & Schlachter, 2008; Hoejmose,
Brammer, &
Millington, 2012).
The tensions between implementers and customers were largely
related to concerns about increasing prices, decreasing
performance or
potential concerns with greenwashing. These tensions seemed to
be
74. N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
228
higher for SBPs involving substantial change in product design,
and
they were usually psychological and economic by nature. These
types of
tensions might be mitigated by conducting a deeper value
assessment
about the new value potential that the SBP will realize to the
customers
or their stakeholders (Keränen & Jalkala, 2013; Patala et al.,
2016). The
implementer could also offer additional services and training to
ac-
commodate with the changes in the offering caused by the SBP.
Finally, the tensions between implementers and other network
partners were often related to the added network complexity as
a result
of SBPs, as more diverse stakeholder needs and plurality of
values
needed to be incorporated into the network activities. We found
ten-
sions between implementers and other network partners equally
in all
of the four categories. These tensions are likely to be stronger
when the
number and heterogeneity of stakeholders increases. An
implementer
could address these by investing in open stakeholder
75. communication
and their higher involvement within the network. The increased
in-
volvement of new stakeholders as a result of SBPs may open
new op-
portunities for other network partners, as the “value space” of
the
network increases (Halme & Laurila, 2009; Reypens et al.,
2016).
5.1. Theoretical implications
Collectively, the findings of this study offer three main
contribu-
tions. First, previous sustainability literature has focused
primarily on
the benefits and/or positive consequences that result from im-
plementing SBPs, but with limited attention to potential costs
and ne-
gative consequences (Hahn et al., 2010; Konar & Cohen, 2001).
This
study has addressed this gap in the sustainability literature by
high-
lighting the potential conflicts and tensions, or more broadly,
the “dark
side” of sustainability (Johnsen & Lacoste, 2016) that may
result from
implementing SBPs in business networks. Our findings
illustrate how
different sustainability initiatives, despite stakeholders' best
intentions,
can also lead to perceived strain and conflict between actors,
which we
have conceptualized as tensions (Fang et al., 2011; Gnyawali et
al.,
2016). This responds to recent calls that advocate tensions as a
76. suitable
lens to analyze the consequences of SBPs at multiple levels
(Hahn et al.,
2015). Our findings identify four types of tensions (economic,
struc-
tural, psychological, and behavioral) that tend to manifest in a
firm's
network because of implementing SPBs, and illustrate how
different
network actors perceive them. This responds to the calls to
increase
understanding on how different stakeholders in business
networks ex-
perience and perceive the impacts of SBPs (e.g. Lacoste, 2016).
Second, the findings contribute to the contemporary industrial
marketing literature, which considers how negative value
perceptions
emerge from interaction and collaboration (e.g. Prior & Marcos-
Cuevas,
2016; Verleye et al., 2017). While recent research indicates that
nega-
tive value perceptions might be particularly prevalent in
sustainable
business networks, which are usually characterized by multiple
actors,
goals, and interests (e.g., Oruezabala & Rico, 2012; Scandelius
& Cohen,
2016), most of the previous studies in this area have been
limited to
single case studies and dyadic/triadic settings (Chowdhury et
al., 2016;
Echeverri & Skålén, 2011; Makkonen & Olkkonen, 2017). By
employing
a multiple case design, this study offers a rich empirical account
of the
77. potential tensions that may emerge and manifest when firms
adopt
SBPs in broader networks with several stakeholders, and
responds to
calls to explore negative value perceptions in multi-actor
contexts
(Prior & Marcos-Cuevas, 2016; Tóth et al., 2018). Furthermore,
whereas
prior studies have considered misalignment in economic or
social goals
as the main source of tensions and conflict (Corsaro, 2015;
Prior &
Marcos-Cuevas, 2016), this study illustrates how intra- and/or
inter-
firm misalignments related to environmental goals may lead to
tensions
and negative value perceptions.
Thirdly, this study contributes to the literature on sustainability
networks (e.g. Johnsen et al., 2017; Meqdadi et al., 2017).
While pre-
vious research has shown that the resources and relations of
networks
can act as enablers and offer considerable advantages for
sustainability
practices (Lacoste, 2016; Patala et al., 2014), our research
highlights
networks as a potential source of inertia. Even firms that may
see
themselves as forerunners and attempt to go beyond regulatory
com-
pliance in their sustainability practices may find themselves
con-
strained by the potential negative impacts on their network
partners.
78. Organizations are to a great degree a product of the networks
they are
embedded in (Padgett & Powell, 2012), and thus it is important
for
firms to consider the network constraints when planning and im-
plementing new SBPs, to limit the harm to existing
relationships. Al-
ternatively, firms might choose to develop new relations if goal
align-
ment with existing partners is not possible.
5.2. Managerial implications
From the managerial perspective, this study sheds light on the
po-
tential tensions and negative value experiences that may emerge
as a
result of adopting SBPs in business markets. This may help
managers
understand better why, despite good intentions and collective
goals,
sustainability investments may become costly, face social
resistance, or
even fail due to insufficient stakeholder support.
For supplier firms, the findings highlight the importance of ana-
lyzing sustainability investments beyond financial costs. A
more holistic
evaluation of the potential economic, structural, psychological
and
behavioral tensions provides a basis for more inclusive cost-
benefit
analyses, and a greater chance of successful sustainability
practices.
Moreover, by understanding the potential sources of negative
customer
79. and stakeholder experiences when adopting SBPs, managers
may be
able to anticipate, reduce, or mitigate potential tensions and
conflicts,
and reduce the friction between stakeholders.
For customer firms and network partners, the findings highlight
the
importance of careful assessment of suppliers' sustainability
practices.
While complying with the new sustainability requirements may
result
in higher prices or social discomfort in the short term, it may
offer
potential for improved brand equity, legitimacy and
differentiating
power in the long term. By understanding the sources and nature
of
potential tensions stemming from suppliers' sustainability
practices,
individual partners may increase their tolerance for short-term
de-
gradations in the process of delivering economic and social
gains, and
thus reduce the barriers that would prevent collective networks
from
realizing the benefits in the long term.
For policymakers, the findings highlight the importance of
under-
standing the impacts of regulations, legislation and
sustainability po-
licies in broader networks and value chains. While
environmental
regulations often aim at influencing individual suppliers – for
the col-
80. lective good – they may have negative spillovers for societal
wellbeing,
for example in the form of decreased competitiveness, lower
employ-
ment or carbon leakage due to relocations. Better understanding
of the
collectively experienced tensions would provide a basis for
regulations
and policies that would cause less friction and support the
optimization
of wellbeing for a broader set of stakeholders, such as societies
and
economies as a whole.
5.3. Limitations and avenues for future research
Given that this study is exploratory by nature, and based on a
limited number of firms, it has natural limitations, some of
which open
up also potential avenues for future research. First, the study
was lim-
ited largely to firms operating in resource- and material-
intensive in-
dustries. Future research could investigate firms in other
industries to
reveal alternative tensions in adopting SBPs, and increase the
general-
izability of the results. From the theory development
perspective, one
important avenue would be to develop a theory and propositions
that
would explain how and when specific SBPs lead to particular
types of
tensions between specific network actors.
Second, given the emphasis on conflicting perceptions between
81. ac-
tors in the regional network, this study conceptualized tensions
as
N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
229
negative consequences that result from contradictory goals and
inter-
ests between collaborating actors. While this approach
addressed an
underexplored area in the current literature, it might neglect
insights on
the positive consequences that adopting SBPs in networks might
pro-
duce. Hence, future research could provide a complementing
perspec-
tive by focusing on networks where different actors have more
con-
gruent goals and aligned interests, and explore how and when
SBPs
result in synergies and enhanced value outcomes between
network
actors.
Third, this study employed qualitative field data. Future
research
could employ quantitative studies, and explore how different
negative
tensions actually impact a firm's performance or the perceived
re-
lationship quality with customers or other network partners.
82. Moreover,
a quantitative approach could define indicators that measure the
po-
tential tensions, and investigate how potential moderators such
as the
scope, scale, and type of different SBPs influence these
tensions. In
other words, how the tensions from investments in smaller
versus
larger, or environmentally versus socially dominant SBPs differ
from
each other.
Fourth, the field interviews involved a relatively large and
uneven
spread of informants between firms. While this is a fairly
accepted
practice in interpretative research that aims to generate a
broader un-
derstanding of a selected phenomenon by increasing the number
of
cases (e.g., Eisenhardt & Graebner, 2007), it can also result in
biases
that favor the perceptions of firms with more informants. On the
other
hand, using single informants in most of the interviewed firms
offers
limited potential to explore how tensions from SBPs are
perceived at
different levels or in different functions. Consequently, future
research
could approach multiple informants in several organizations,
and ex-
plore if, how and why perceptions of SBP might vary between
different
organizational levels and functions.
83. Finally, although this study employed a multiple case setting
and a
two-year research collaboration with the participating
companies, it
provides a relatively static analysis of the experienced and
perceived
tensions in business networks. An interesting avenue for future
research
would be to employ a longitudinal research setting, and
investigate how
different tensions evolve and spread over networks, and in turn,
how
different actors, individually and collectively, try to avoid or
mitigate
them over time.
Acknowledgments
The authors would like to thank Asta Salmi, Sari Hämäläinen,
and
the anonymous reviewers for their thoughtful suggestions that
have
helped improve the final manuscript.
References
Aarikka-Stenroos, L., & Jaakkola, E. (2012). Value co-creation
in knowledge intensive
business services: A dyadic perspective on the joint problem
solving process.
Industrial Marketing Management, 41(1), 15–26.
Ambec, S., & Lanoie, P. (2008). Does it pay to be green? A
systematic overview. Academy
of Management Perspectives, 22, 45–62.
84. Ameer, R., & Othman, R. (2012). Sustainability practices and
corporate financial per-
formance: A study based on the top global corporations. Journal
of Business Ethics,
108, 61–79.
Baraldi, E., Gregori, G. L., & Perna, A. (2011). Network
evolution and the embedding of
complex technical solutions: The case of the Leaf House
network. Industrial Marketing
Management, 40, 838–852.
Bazeley, P., & Jackson, K. (2013). Qualitative data analysis
with NVivo. London: Sage.
Beise, M., & Rennings, K. (2005). Lead markets and regulation:
A frameworks for ana-
lyzing the international diffusion of environmental innovations.
Ecological Economics,
52, 5–17.
Bryman, A. (2012). Social research methods. Oxford University
Press.
Burton, J., Story, V., Zolkiewski, J., Raddats, C., Baines, T. S.,
& Medway, D. (2016).
Identifying Tensions in the servitized value chain: If
servitization is to be successful,
servitizing firms must address the tensions the process creates
in their value network.
Research-Technology Managagement, 59(5), 38–47.
Chou, H.-H., & Zolkiewski, J. (2018). Coopetition and value
creation and appropriation: The
role of interdependencies, tensions and harmony. Industrial
85. Marketing Management
(Forthcoming).
Chowdhury, I. N., Gruber, T., & Zolkiewski, J. (2016). Every
cloud has a silver lining:
Exploring the dark side of value co-creation in B2B service
networks. Industrial
Marketing Management, 55, 97–109.
Corbin, J., & Strauss, A. L. (2015). Basics of qualitative
research: Techniques and procedures
for developing grounded theory (4th ed.). Newbury Park, CA:
Sage.
Corsaro, D. (2015). Negative aspects of business relationships
for resource mobilization.
Australasian Marketing Journal, 23, 148–154.
Creswell, J. W. (2013). Qualitative inquiry and research design:
Choosing among five ap-
proaches (Third edition). Sage Publications, Inc.
Das, T. K., & Teng, B. S. (2000). Instabilities of strategic
alliances: An internal tensions
perspective. Organization science, 11(1), 77–101.
Doganova, L., & Karnøe, P. (2015). Building markets for clean
technologies:
Controversies, environmental concerns and economic worth.
Industrial Marketing
Management, 44, 22–31.
Drake, M. J., & Schlachter, J. T. (2008). A Virtue-Ethics
Analysis of Supply Chain
Collaboration. Journal of Business Ethics, 82, 851–864.
86. Echeverri, P., & Skålén, P. (2011). Co-creation and co-
destruction: A practice-theory
based study of interactive value formation. Marketing Theory,
11(3), 351–373.
Eisenhardt, K. M., & Graebner, M. E. (2007). Theory building
from cases: Opportunities
and challenges. Academy of Management Journal, 50(1), 25–32.
Fang, S.-R., Chang, Y.-S., & Peng, Y.-C. (2011). Dark side of
relationships: A tensions-
based view. Industrial Marketing Management, 40(5), 774–784.
Fearne, A., Garcia Martinez, M., & Dent, B. (2012). Dimensions
of sustainable value
chains: Implications for value chain analysis. Supply Chain
Management: An
International Journal, 17(6), 575–581.
Finke, T., Gilchrist, A., & Mouzas, S. (2016). Why companies
fail to respond to climate
change: Collective inaction as an outcome of barriers to
interaction. Industrial
Marketing Management, 58, 94–101.
Gnyawali, D., Madhavan, R., He, J., & Bengtsson, M. (2016).
The competition-cooperation
paradox in inter-firm relationships: A conceptual framework.
Industrial Marketing
Management, 53, 7–18.
Greenwood, R. G., Hinings, C. R., & Jennings, P. D. (2015).
Sustainability and organiza-
tional change: An institutional perspective (pp. 323–355). An
Organizational
Perspective: Leading Sustainable Change.
87. Gummesson, E., & Mele, C. (2010). Marketing as value co-
creation through network in-
teraction and resource integration. Journal of Business Market
Management, 4(4),
181–198.
Hahn, T., Figge, F., Pinkse, J., & Preuss, L. (2010). Trade-Offs
in corporate sustainability:
You can't have your cake and eat it. Business Strategy and the
Environment, 19,
217–229.
Hahn, T., Pinkse, J., Preuss, L., & Figge, F. (2015). Tensions in
corporate sustainability:
Towards an integrative framework. Journal of Business Ethics,
127, 297–316.
Halinen, A., & Törnroos, J.-Å. (2005). Using case methods in
the study of contemporary
business networks. Journal of Business Research, 58(9), 1285–
1297.
Hall, J. (2002). Sustainable development innovation: A research
agenda for the next 10
years. Journal of Cleaner Production, 10, 195–196.
Halme, M., & Laurila, J. (2009). Philanthropy, integration or
innovation? exploring the
financial and societal outcomes of different types of corporate
responsibility. Journal
of Business Ethics, 84, 325–339.
Hansen, E. G., Grosse-Dunker, F., & Reichwald, R. (2009).
Sustainability innovation cube
– A framework to evaluate sustainability-oriented innovations.
88. International Journal of
Innovation Management, 13(4), 683–713.
Hill, M. R. (1993). Archival strategies and techniques. London:
Sage.
Hoejmose, S., Brammer, S., & Millington, A. (2012). “Green”
supply chain management:
The role of trust and top management in B2B and B2C markets.
Industrial Marketing
Management, 41(4), 609–620.
Jaakkola, E., & Hakanen, T. (2013). Value co-creation in
solution networks. Industrial
Marketing Management, 42, 47–58.
Jackson, L., & Young, L. (2016). When business networks
“kill” social networks: A case
study in Bangladesh. Industrial Marketing Management, 58,
148–161.
Johnsen, R. E., & Lacoste, S. (2016). An exploration of the
‘dark side’ associations of
conflict, power and dependence in customer – Supplier
relationships. Industrial
Marketing Management, 59, 76–95.
Johnsen, T. E., Miemczyk, J., & Howard, M. (2017). A
systematic literature review of
sustainable purchasing and supply research: Theoretical
perspectives and opportu-
nities for IMP-based research. Industrial Marketing
Management, 61, 130–143.
Keränen, J., & Jalkala, A. (2013). Towards a framework of
customer value assessment in
89. B2B markets: An exploratory study. Industrial Marketing
Management, 42, 1307–1317.
Keränen, J. (2017). Towards a broader value discourse:
Understanding sustainable and
public value potential. Journal of Creating Value, 3(2), 1–7.
Konar, S., & Cohen, M. A. (2001). Does the market value
environmental performance? The
Review of Economics and Statistics, 83(2), 281–289.
Kotler, P. (2011). Reinventing marketing to manage the
environmental imperative.
Journal of Marketing, 75, 132–135.
Kumazawa, T., Saito, O., Kozaki, K., Matsui, T., & Mizoguchi,
R. (2009). Toward
knowledge structuring of sustainability science based ontology
engineering.
Sustainability Science, 4, 99–116.
Kurapatskie, B., & Darnall, N. (2013). Which corporate
sustainability activities are as-
sociated with greater financial payoffs? Business Strategy and
the Environment, 22(1),
49–61.
Lacoste, S. (2016). Sustainable value co-creation in business
networks. Industrial
Marketing Management, 52, 151–162.
López, M. V., Garcia, A., & Rodriquez, L. (2007). Sustainable
development and corporate
performance: A study based on the Dow Jones Sustainability
Index. Journal of
Business Ethics, 75, 285–300.
90. Lubin, D. A., & Esty, D. C. (2010). The sustainability
imperative. Harvard Business Review,
N. Tura et al. Industrial Marketing Management 77 (2019) 221–
231
230
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0005
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0005
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0005
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0010
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0010
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0015
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0015
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0015
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0025
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0025
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0025
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0030
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0035
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0035
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0035
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0040
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0045
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0045
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0045
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0045
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0050
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0050
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0050
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0055
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0055
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0055
http://refhub.elsevier.com/S0019-8501(18)30596-0/rf0060