1 / 13

BCI Forum 2009

BCI Forum 2009. Business Impact Analysis Process. 9 juni 2009 Alex van Os de Man. Why perform a Business Impact Analysis ?.

kentaro
Download Presentation

BCI Forum 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BCI Forum 2009 Business Impact Analysis Process 9 juni 2009 Alex van Os de Man

  2. Why perform a Business Impact Analysis ? • If you don’t know what the impacts are to your business processes and systems, there is no way to focus how you are going to recover as well as to write your Business Continuity Plan

  3. Life Cycle of BCM

  4. Key BIA Objectives • To enable business areas to determine their critical business activities • To increase BCM awareness and identify impacts that business interruption will cause to the business and customers • To establish and prioritise timelines for the recovery of critical business processes, resources, systems and documentation • To identify inter-dependencies

  5. Determine Critical Business Activities • The key activities during this stage are to: • Define the business area and its location of business • At a high level, identify key functional responsibilities/processes and associated tasks undertaken by the business area

  6. Positioning the BIA process ? • Understanding the Business (who we are, what we do) • Understanding the Organisation (who does what) • BIA Ownership (what are our priorities) • Buy-In (managing expectations)

  7. Impact Assessment • The key activities during this stage are to: • Determine the impact to the business if the business processes could not be performed, in a worst case scenario • Apply a financial, reputational & legal/compliance risk criteria impact against each business process • Use at a minimum the following time scales – within 1 day, within 1 week, within 4 weeks, after 1 month • Use the severity ratings – High, Medium, Low

  8. Recovery Objective Setting • Against each defined business process, identify the Recovery Time Objective (RTO) & the Recovery Point Objective (RPO) • RTO – Is the maximum acceptable downtime that the business is prepared to accept before the process will need to be recovered (this measurement is independent of the RPO) • RPO – The point to which you require IT to restore your data to the backup systems in order to achieve your recovery objectives

  9. Recovery Profile Analysis • The key activities are to identify and prioritise using the defined timescales the following: • Applications required to perform the business processes • Resources required to perform the business processes • Equipment (IT/Other) required to support the business processes • Documentation required in the performing of the business processes

  10. Identify essential items to recover Business Processes Data Information People Systems Facilities Equipment

  11. Dependency Analysis • Identify key interactions & dependencies between departments, other locations and business partners (internal & external) that are part of the business processes • Identify cross-Business Unit business priorities for Strategic Business Units that share technology, facility, or staff support resources that may be constrained in a crisis

  12. BIA Maintenance • At a minimum, the BIA must be updated once annually • Or sooner if there are changes in the business composition or business processes

  13. Next Steps …….. • Findings from a BIA must be used to make decisions concerning Business Continuity Management strategies and solutions • Business Criticality vs Costs (what the business is prepared to pay for)

More Related