Business Impact Analysis (BIA) is the key element to an effective disaster recovery, which is in the heart of business continuity. In order to elaborate the BIA importance better, this webinar will cover the following areas:
• Why a Business Impact Analysis?
• Business Impact Analysis in the BCM Lifecycle
• New Standard ISO 22317 on the BIA
• BIA Approaches
• Challenges when doing a BIA
• Socrates Maps
• BIA Critical Success Factors
PECB Webinar: The importance of business impact analysis
1.
2. The Business Impact
Analysis (BIA) as
Foundation of the BCM
Approach
Dr. Wolfgang H. Mahr, M.Sc., BBA, MBCI, CISA
governance & continuuuity gmbh
CH-8408 Winterthur, Switzerland
www.continuuuity.ch
LinkedIn, XING, Twitter
wolfgang.mahr@continuuuity.ch
3. Contents
Why a BIA?
BIA in the BCM Lifecycle
Outcomes of the BIA
BIA supporting BCM Goals
ISO 22317 on the BIA
BIA Approaches
Challenges when doing a BIA
Sokrates Maps –what’s this?
Sokrates Maps Benefits and Applications
Sokrates Maps for the BIA
BIA Critical Success Factors
4. Abstract
• This contribution underlines the fundamental importance of the one of
the most important phases in the BCM lifecycle – the BIA.
• Other - subsequent - phases such as selecting one or more business
continuity strategies or the formulation of a BC plan, exhibit a much
smaller space of choices than the BIA, which is primarily an information
gathering stage, charged with understanding the business.
• Critically important information needs to be unearthed and, ideally, not
one important aspect must be omitted or forgotten. This is the reason
why ISO TC 292 (formerly 223), after developing ISO 22301 and ISO
22313, has embarked on developing a standard on the BIA: ISO 22317.
It is being presented in another contribution at this conference.
• This paper focuses on a visualization and presentation method newly
applied to the BIA process, in order to better understand a company’s
processes, resources and their interdependencies.
5. Why a BIA?
• BCM is a cyclic process
• BCM is based on continuous improvement
• BIA makes you know your processes better
• BIA is the base for the subsequent development of one
or more Business Continuity Strategies
• …
6. Why a BIA?
• Increasing the efficiency of the organisation
• Evaluate alternative strategic planning options
• Assist in long-term strategy decision making
• Assist in developing a risk analysis
• …
7. BIA in the BCM lifecycle
Reference: The Business Continuity Institute
8. BIA in the BCM lifecycle
Reference: ISO 22301:2012
9. Outcomes of the BIA
• Major outcomes include:
– Validation of the organisation’s BC programme scope
– Identification of requirements the organisation
– Determination of impacts, over time (of disruptions)
– Identification of relationships between
• Products/services
• Processes
• Activities
• Resources
– Resources needed to perform prioritised activities
– Such as facilities, people, assets, supplies, financial resources
– Dependencies and interrelationships
– …
10. BIA supporting BCM Goals
• Protecting company value and reputation
• Safeguards the reputation and future of the company in an
emergency
• Increase shareholder value and demonstrates commitment by
management
• Assures the survival of the company in the case of a serious incident
• Minimize financial losses in case of an incident or emergency
11. ISO/TS 22317 on BIA
• Developed by ISO TC292 (“Security and Resilience”)
• Currently as DTS (Draft Technical Specification)
• To be published within the next couple of months
• Based on ISO 22301, ISO 22313 and ISO 22300
• Focus on Performing the BIA:
– Project Planning and Management
– Product and Service Prioritisation
– Process Prioritisation
– Activity Prioritisation
– Analysis and Consolidation
– Top Management Endorsement of BIA Results
• Annexes on
– Terminology Mapping
– Information Collection Methods
21. Sokrates Maps for BIA
• Visualisation of the standards (psychological foundation)
– ISO 22301, ISO 22317 (maturity model)
• Assessment tool, BIA support tool
– Presentation of BIA findings (electronic representation, communication and
archiving)
– Usage as questionnaire (maturity model, psychological foundation)
• Single person or in workshops
– Visualisation (hierarchical, common view across disciplines)
• Overlaps (discover ideas, facts, relationships, dependencies)
• Gaps (discover ideas, facts, relationships, dependencies)
• Redundancies (discover ideas, facts, relationships, dependencies)
– Enhanced BIA quality and maturity
22. BIA Critical Success Factors
• Follow best practices such as
– BCI’s Good Practice Guidelines and/or
– ISO Standards such a ISO 22301, ISO 22313 and ISO/TS 22317
• Obtain top management commitment
• Apply project management methodologies
• Follow a BIA approach fit for the selected type of BIA
• Use an approach compatible with the company’s structure
• Deploy tools helping to obtain a “true and fair” representation
of products, services, priorities, dependencies and
requirements
• Develop a hierarchical view on complex situations
• Use electronic representation, communication and archiving