SlideShare a Scribd company logo

Building a business impact analysis (bia) process a hands on blueprint

L
luweinet

Building a business impact analysis (bia) process a hands on blueprint

TechnologyBusiness
1 of 64
Download to read offline
Building a Business Impact Analysis (BIA) Process Barry Cardoza, CBCP BIAexchange@AOL.com Author of “Building a BIA Process: A Hands-on Blueprint,” K&M Publishers, Inc., www.KMPublishers.com Copyright, Barry A. Cardoza, 2006 Graphic by Richard Cardoza
What Is a Business Impact Analysis ? The BIA measures the potential quantifiable and qualifiable impact that could occur if any business function was unable to operate for a period of time for any reason. That measurement becomes the basis on which we prioritize our efforts in building an efficient Business Continuity Plan (BCP). The Federal Financial Institutions Examination Council (FFIEC) has said that “the institution’s first step in building a Business Continuity Plan (BCP) is to perform a BIA.” Other regulators are making similar statements.
BIA is Not a Threat Analysis
BIA is Not a Facility Risk Analysis/Assessment Business unit managers aren’t the best people to ask about the potential cost of facility loss. For that, one would need to speak with the people who can estimate those costs, and that would probably involve real estate people, engineers, technology resources, records managers, and many other people both inside and outside the institution who have expertise in their own specific areas. It basically comes down to doing an inventory of what would be lost.
A BIA is Not A Risk Analysis • A Risk Analysis identifies operational risks, defines controls to mitigate those risks, and monitors residual risk that remains after the controls have been put into place. • The BIA identifies the quantitative (measurable) and qualitative (usually reputational) impact that could occur if a Department or Business Function was unable to function for any reason.
However, if your company wants to put Threat Analysis, Risk Analysis, or whatever under the BIA “umbrella,” no problem. All aspects will need to be covered in a comprehensive Business Continuity Plan.
A business continuity plan that is not predicated on or guided by the results of a business impact analysis (BIA) is at best guesswork, is incomplete, and may not function as it should during an actual recovery. Eugene Tucker, CPP, CFE, CBCP Risk Analysis and the Security Survey Butterworth-Heinemann, Copyright 2006 Graphic by Richard Cardoza Graphic by Richard Cardoza
It’s a Process, Not a Project If you plan your BIA as a project that is going to happen every so many months or years, two things will happen: • First, you will be “dinged” by everyone who reviews/audits your BIA because they will say your data is out of date. • Second, you’ll need to admit they’re right! The BIA needs to be a continuous process that will keep your data up-to-date and not overwhelm you.
So how do you make your BIA a continuous process? 1) By making sure that you will have a continuous flow of current data regarding the status of your Departments and Business Functions. 2) Establishing a cycle in which the Departments will review and update their data on an annual or (preferably) more frequent basis. 3) Stressing to your departments that the first time around is the hardest. After that, it’s just about a periodic review to note what may have changed in their business environment.
Gaining Executive Support • Regulators expect us to have a BIA • Auditors expect us to have a BIA • Customers expect us to have a BIA • Insurers expect us to have a BIA • Board Directors expect us to have a BIA • Shareholders/investors expect us to have a BIA.
• For an institution to accurately determine recovery goals and establish recovery priorities, it is essential to know where impact could occur, and how much impact could occur in each area of the institution. • The BIA not only ensures that we apply our resources appropriately toward protecting the company’s most critical assets, it also saves the unnecessary expense of applying an inappropriate level of resources to less critical areas. Gaining Executive Support
Include Stakeholders in the Planning Process • Regulators • Compliance • Risk Management • Audit, both internal and external • Executive Management • Line-of-business departments If they are not happy with the results, you won’t be happy either.
Define the High-level Goals • Goal #1: Identify the impact that any individual Department or Business Function could have on the institution if it was unable to function for any reason. • Goal #2: Have a final deliverable that will satisfy Goal #1 in clear and understandable language. • Goal #3: Make the process as easy as possible for the Departments.
Determine What You Need to Learn • Where could critical financial (quantifiable) impact occur and what is the potential amount of the impact? • Where could critical reputational (qualifiable) impact occur and what is the potential amount of the impact? • When would critical impact occur and what is the effect of the impact over a timeline? (Where” can mean two very different and equally important things. Do we mean within which department, or do we mean within which geographic region?)
Define “Critical Impact” • The definition of critical impact needs to be based upon something measured, proven, and dynamic enough to change as your company changes. • You won’t know the appropriate definition of critical impact until you have implemented a BIA process that can keep up with changes in the company. • What is considered non-critical today could become critical tomorrow.
Note that the “A” in “BIA” stands for “Analysis,” not subjective opinion. It is important that we remove as much subjectivity as possible.
One Definition of “Critical” Impact “Critical Impact is any hard dollar or reputational loss that could endanger the survival of the company. “The BIA provides the measurements to determine what is critical at any given time.” “To determine what is critical, the impact represented by every area of the company must be compared to the company as a whole. “We won’t have documentation showing what is truly critical until we have performed a BIA.
Define Impact Categories That Are Appropriate For the Particular Institution • Impact can occur within different Departments or Business Functions in different ways. • Different types of impact can have different measurables to be used for determining the extent of potential impact. • Defining Impact Categories can make it easier for a Department to respond because they have a “prompt” to consider various potential types of impact.
Quantifiable Impact Categories for a financial institution might include: •· Inability to collect or receive payments •· Inability to process and record payments •· Inability to invest funds •· Inability to set up new customers •· Inability to make price, structure, or rate changes •· Regulatory/contractual impact •· Inability to meet federal processing deadlines •· Penalties for delayed tax filings •· Penalties for delayed benefits filings •· Penalties for failure to meet regulatory deadlines •· Liability for failure to meet agreements with customers
Quantifiable Impact Categories for a retail company might include: •· Inability to record sales •· Inability to accept returns •· Inability to process credit cards, checks, gift cards, certificates •· Inability to replenish merchandise •· Inability to move merchandise between locations •· Inability to respond to customer communications •· Inability to advertise
Quantifiable Impact Categories for a manufacturing company might include: •· Inability to order materials •· Inability to receive materials •· Inability to assemble materials •· Inability to advertise products •· Inability to process orders •· Inability to ship products •· Inability to collect payment
None of these examples are by any means comprehensive or “boilerplate.” Every company needs to define the measurables and categories that are relevant to them. The important thing is that you must take the time to define your measurables and impact categories, and decide exactly how you are going to use them, before you begin to collect any data.
Report #1: Compared to other Departments or Business Functions in the company, each Department/Function’s criticality is this. Report #2: Based on when a Department/Function could cause Quantifiable Impact, its Recovery Time Objective (RTO)would be this. Define Your Deliverables Report #3: Based on when a Departmental/Function could cause Qualifiable/Reputational Impact, its RTO would be this.
You can’t perform your analysis until you have collected your data. So, isn’t it reasonable to assume that the final analysis is the last thing you will need plan?
CHICKEN HORSE EGG DATA CART ANALYSIS
Actually, the Analysis Phase and the final product are the FIRST thing you need to consider. You won’t know what data to collect until you know what must be included in the final product. Which comes first…….?
Decide what the final deliverable will include and what it will look like. Department X Sample Data
Let’s take a look at the data elements that make up this sample report. Sample Data
We’re showing the department’s daily volume in dollars, so we know that we will need to collect that information. Sample Data
We’re showing the department’s daily volume in number of transactions, so we will need to collect that information. Sample Data
We’re showing the department’s ability to process a percentage of backlog, over and above their normal daily volume. Sample Data
And, of course, we’re asking for the potential dollar impact if this unit cannot function for any reason. Sample Data
That’s all of the data elements. Everything else in this report is a calculation or notation. However…. Sample Data 4 ^
If we wanted a report that would also show potential Reputational Impact, then we would need to ask about that type of impact as well. This department processes transactions for businesses. If we have a crisis, they will understand a delay of a few hours. But, depending on the business, some of them will not be able to tolerate a delay over 24 hours, and others would be unable to tolerate a delay of longer than 8 hours. Hey….that’s 5 data elements….
We’re showing the department’s daily volume in number of transactions, so we will need to collect that information. Sample Data The number of transactions is interesting to have, but is probably not particularly useful to the analysis.
In-house or Outsource; Buy or Build? • Do you have the resources you need or will you need to bring in some assistance? • Have you established your Goals and Objectives For a BIA and defined the deliverables?” If not, stop here before considering a service or a product. • Do you have the in-house expertise to develop a “tool” to manage, analyze, and report on the data? • If you don’t know what you want to accomplish with a BIA, you won’t know if what is being offered will satisfy your needs.
• Intuitively, we know that we must include an evaluation of all our Business Functions in the BIA. • But will the BIA actually be done at the Business Function Level or at the Departmental level? • Corporate management tends to think in terms of “Departments” because that is how the management structure is aligned. Bottom-up or Top-down? The Right Approach To Your BIA • A Department can have many Business Functions, and those Business Functions can span across Departments.
You could do your analysis by Department, including all of the Business Functions within each Department, and then identify the Dependencies of each Business Function,
• System/technology dependencies • Vendor dependencies Identifying Dependencies • Supporting internal department dependencies • Other dependencies While Dependency identification could be an entirely separate process, incorporating it into your BIA can add significant value to the final deliverables.
• To ask managers to prioritize their own Departments without giving them a company-wide perspective is, in effect, forcing them to think in a silo. • The highest priority on one manager’s list might have negligible impact when compared to Departments in other areas of the company. Topple the Silos When Measuring Impact • Don’t ask managers to prioritize their Business Functions. Ask managers to give you the information you need in order to prioritize their Functions in comparison to the company as a whole.
And the answer is...it depends on what you want to know. Impact & RTO; About How Much or When? If you want to know which Departments are the most critical, a report such as this one should provide the answer. However…
Impact & RTO; About How Much or When? If you want to establish recovery goals/priorities, then this report (over a timeline) would be a better representation of the potential impact. Which departments need to recover first to avoid impact?
The Data Collection Phase You have options regarding the way you collect your BIA data: 1) Distribute a survey 2) Meet with individual Department managers 3) Gather groups of managers into a room for a workshop 4) Any combination of the above
Asking the Right People Who should you ask to get the BIA information you need from individual Departments? 1) The best approach is probably to start as high on the organizational chart as possible, and then drill down. 2) If high-level management decides it is appropriate to delegate, that’s OK, and it also means you should have their support in getting responses. 3) But even if the work is delegated, your contact should be at the managerial level. Someone needs to “sign off” on the data that is being provided.
Asking the Right Questions in the Right Way 1) Put a box around your questions so they cannot possibly be misinterpreted and options for answers are limited. For example, don’t ask “what is your daily volume?” • Volume on what day? • Are we asking for an average? • If so, over what time period? Instead ask, “what was the volume in dollars on the busiest day of last year” (or other period) if that is what we really want to know. • How else might a manager interpret this question?
Asking the Right Questions in the Right Way 4) Be careful how you structure the questions. Some companies choose to offer ranges of numbers, rather than asking for specific numbers. However…. 2) State up-front that you are looking for the “worst case scenario.” 3) Define all terms, even if you think everyone knows the definitions.
Be careful because this…. …could become this.
The Analysis Phase; Remember the Deliverables 1) Where could critical financial (quantifiable) impact occur and what is the potential amount of the impact? 3) When would critical impact occur and what is the effect of the impact over a timeline? 2) Where could critical reputational (qualifiable) impact occur and what is the potential amount of the impact? We wanted to generate reports that would show, clearly and concisely:
The very FIRST thing we do is combine all of the data we have collected into a company-wide picture. You won’t want to analyze individual Departments/Functions until you have a company-wide baseline to which they can be compared. Sample Data 48
Once we have the company-wide baseline, we can compare each department to that baseline and begin to see how our departments rank in perspective to each other and to the company as a whole. Department X Department Y Department Z Department W
We’ve Covered “How Much and When; ” What About “Where?” If a geographic Region in which you do business is impacted by a crisis, wouldn’t you want to know the potential impact?
We Collected Impact Data by Location of Potential Impact; Here’s Why. If you know where your Departments and Business Functions are located…. …and the BIA has identified the potential impact that they could represent if they cannot function for any reason…. …then if Pomona (for instance) is impacted by a crisis…. …you can estimate the potential impact to your company.
We can use the first three digits of any Zip Code to do geographic analysis 701 would identify the city of New Orleans, LA. Expanding that range to 700-701 would also include: Des Allemands Laplace Avondale ChalmetteKenner Metarie Marrero Gramercy Lutcher Timberlane Etc. South Vacherie GeoAnalysis
What if we wanted to focus on facilities or employees in the San Francisco Marina District? (Which was more heavily impacted than other areas of San Francisco by the 1989 Loma Prieta Earthquake.) Then we could filter on all 5 digits of the ZIP code because 94123 is the ZIP code for the Marina District. GeoAnalysis
Have we met the high-level goals ? • Goal #1: Identify the impact that any individual Department or Business Function could have on the institution if it was unable to function for any reason. • Goal #2: Have a final deliverable that will satisfy Goal #1 in clear and understandable language. • Goal #3: Make the process as easy as possible for the Departments.
Report #1: Compared to other Departments or Business Functions in the company, each Department/Function’s criticality is this. Report #2: Based on when a Department/Function could cause Quantifiable Impact, its Recovery Time Objective (RTO)would be this. Have we produced the deliverables ? Report #3: Based on when a Departmental/Function could cause Qualifiable/Reputational Impact, its RTO would be this.
Departments/Functions by Criticality
Impact by Impact Category
Impact Analysis by Department 49-72 hrs.
Impact by Geographic Region
Impact by Geographic Region Over a Timeline, by Category
Dependency Identification
You will want to have a lot of different views of the data included in your BIA Analysis/product, for different purposes and for different audiences. The good news is that, since you decided on what you wanted for your final product FIRST, you have all of the data you need to provide ALL of these views. And more….
With proper planning and implementation, we have what we need to accomplish our Goals and Objectives. Questions?

Recommended

Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryoDanang suryo Wardhono
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMLibcorpio
 
Assessing the impact of a disruption: Building an effective business impact a...
Assessing the impact of a disruption: Building an effective business impact a...Assessing the impact of a disruption: Building an effective business impact a...
Assessing the impact of a disruption: Building an effective business impact a...Bryghtpath LLC
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Rochester Security Summit
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningDipankar Ghosh
 
Bcp drp
Bcp drpBcp drp
Bcp drpaqel aqel
 
02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIABCM Institute
 

Recommended

Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryoDanang suryo Wardhono
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMLibcorpio
 
Assessing the impact of a disruption: Building an effective business impact a...
Assessing the impact of a disruption: Building an effective business impact a...Assessing the impact of a disruption: Building an effective business impact a...
Assessing the impact of a disruption: Building an effective business impact a...Bryghtpath LLC
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Rochester Security Summit
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningDipankar Ghosh
 
Bcp drp
Bcp drpBcp drp
Bcp drpaqel aqel
 
02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIABCM Institute
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
PECB Webinar: The importance of business impact analysis
PECB Webinar: The importance of business impact analysisPECB Webinar: The importance of business impact analysis
PECB Webinar: The importance of business impact analysisPECB
 
Business impact analysis
Business impact analysis Business impact analysis
Business impact analysis Shashwat Shankar
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.inSatya Yadav
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness Imad Almurib
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301mascot4u
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning PresentationThe Chamber For a Greater Chapel Hill-Carrboro
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningInstitute for Business Continuity Training
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementECC International
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanMarcelo Silva
 
Business Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeBusiness Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeDipankar Ghosh
 
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
 

More Related Content

What's hot

Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
PECB Webinar: The importance of business impact analysis
PECB Webinar: The importance of business impact analysisPECB Webinar: The importance of business impact analysis
PECB Webinar: The importance of business impact analysisPECB
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.inSatya Yadav
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301mascot4u
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementECC International
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanMarcelo Silva
 

What's hot (20)

Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop Final
 
PECB Webinar: The importance of business impact analysis
PECB Webinar: The importance of business impact analysisPECB Webinar: The importance of business impact analysis
PECB Webinar: The importance of business impact analysis
 
Business impact analysis
Business impact analysis Business impact analysis
Business impact analysis
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.in
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planning
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity Management
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcp
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysis
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning Presentation
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
Disaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity PlanDisaster Recovery Plan / Enterprise Continuity Plan
Disaster Recovery Plan / Enterprise Continuity Plan
 

Viewers also liked

Business Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeBusiness Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeDipankar Ghosh
 
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
 
Impact Analysis Template - Enterprise
Impact Analysis Template - EnterpriseImpact Analysis Template - Enterprise
Impact Analysis Template - EnterpriseToby Elwin
 
Business continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysisBusiness continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysismoranjustin
 
BIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and DependenciesBIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and DependenciesRamiro Cid
 
Bbp change impact analysis sample_2009_v07
Bbp change impact analysis sample_2009_v07Bbp change impact analysis sample_2009_v07
Bbp change impact analysis sample_2009_v07Muhammad_Abdelgawad
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoverySirius
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Scope or: How to Manage Projects for Organization Success
Scope or: How to Manage Projects for Organization SuccessScope or: How to Manage Projects for Organization Success
Scope or: How to Manage Projects for Organization SuccessToby Elwin
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningNEBizRecovery
 
BCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportBCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportNQA
 
A Top Down Business Impact Analyses Method V5
A Top Down Business Impact Analyses Method V5A Top Down Business Impact Analyses Method V5
A Top Down Business Impact Analyses Method V5Gewurtz
 
Structured Approach To It Business System Availability And Continuity Plannin...
Structured Approach To It Business System Availability And Continuity Plannin...Structured Approach To It Business System Availability And Continuity Plannin...
Structured Approach To It Business System Availability And Continuity Plannin...Alan McSweeney
 
Impact Assessment in Project Management
Impact Assessment in Project ManagementImpact Assessment in Project Management
Impact Assessment in Project ManagementDanish Yousafzai
 
Impact Analysis - LoopConf
Impact Analysis - LoopConfImpact Analysis - LoopConf
Impact Analysis - LoopConfChris Lema
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewAhmed Riad .
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery PresentationTimSchaefer
 

Viewers also liked (17)

Business Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In PracticeBusiness Impact Analysis - Clause 4 Of BS25999 In Practice
Business Impact Analysis - Clause 4 Of BS25999 In Practice
 
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
 
Impact Analysis Template - Enterprise
Impact Analysis Template - EnterpriseImpact Analysis Template - Enterprise
Impact Analysis Template - Enterprise
 
Business continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysisBusiness continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysis
 
BIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and DependenciesBIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and Dependencies
 
Bbp change impact analysis sample_2009_v07
Bbp change impact analysis sample_2009_v07Bbp change impact analysis sample_2009_v07
Bbp change impact analysis sample_2009_v07
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster Recovery
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 
Scope or: How to Manage Projects for Organization Success
Scope or: How to Manage Projects for Organization SuccessScope or: How to Manage Projects for Organization Success
Scope or: How to Manage Projects for Organization Success
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery Planning
 
BCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportBCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking Report
 
A Top Down Business Impact Analyses Method V5
A Top Down Business Impact Analyses Method V5A Top Down Business Impact Analyses Method V5
A Top Down Business Impact Analyses Method V5
 
Structured Approach To It Business System Availability And Continuity Plannin...
Structured Approach To It Business System Availability And Continuity Plannin...Structured Approach To It Business System Availability And Continuity Plannin...
Structured Approach To It Business System Availability And Continuity Plannin...
 
Impact Assessment in Project Management
Impact Assessment in Project ManagementImpact Assessment in Project Management
Impact Assessment in Project Management
 
Impact Analysis - LoopConf
Impact Analysis - LoopConfImpact Analysis - LoopConf
Impact Analysis - LoopConf
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery Presentation
 

Similar to Building a business impact analysis (bia) process a hands on blueprint

Business Alignment
Business AlignmentBusiness Alignment
Business AlignmentMichael Galo
 
Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Michael Werneburg
 
Steps for setting up Internal Audit Function / Department in Small / Medium S...
Steps for setting up Internal Audit Function / Department in Small / Medium S...Steps for setting up Internal Audit Function / Department in Small / Medium S...
Steps for setting up Internal Audit Function / Department in Small / Medium S...Pritesh Hirapara
 
Business Metrics and Web Marketing
Business Metrics and Web MarketingBusiness Metrics and Web Marketing
Business Metrics and Web MarketingAlper AKBAS
 
How to Make a Business Case for #Socialmedia Gain Social Media ROI with Crims...
How to Make a Business Case for #Socialmedia Gain Social Media ROI with Crims...How to Make a Business Case for #Socialmedia Gain Social Media ROI with Crims...
How to Make a Business Case for #Socialmedia Gain Social Media ROI with Crims...Dr. Natalie Petouhoff
 
Using Financial Forecasts to Advise Business - Financial Forecasting 101 - Re...
Using Financial Forecasts to Advise Business - Financial Forecasting 101 - Re...Using Financial Forecasts to Advise Business - Financial Forecasting 101 - Re...
Using Financial Forecasts to Advise Business - Financial Forecasting 101 - Re...Irma Miller
 
Acct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.comAcct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.comstudent234511
 
Get to budgeting in 4 easy stages it-toolkits
Get to budgeting in 4 easy stages it-toolkitsGet to budgeting in 4 easy stages it-toolkits
Get to budgeting in 4 easy stages it-toolkitsIT-Toolkits.org
 
An it manager’s new best friend the company balance sheet it-toolkits
An it manager’s new best friend the company balance sheet it-toolkitsAn it manager’s new best friend the company balance sheet it-toolkits
An it manager’s new best friend the company balance sheet it-toolkitsIT-Toolkits.org
 
What it managers need to know about working capital it-toolkits.org
What it managers need to know about working capital it-toolkits.orgWhat it managers need to know about working capital it-toolkits.org
What it managers need to know about working capital it-toolkits.orgIT-Toolkits.org
 
Acc 291 entire course and final guide
Acc 291 entire course and final guideAcc 291 entire course and final guide
Acc 291 entire course and final guidesarathkum12211
 
Building Value in You Business
Building Value in You BusinessBuilding Value in You Business
Building Value in You Businessbilldunnington
 
Core value vital signs 6.0
Core value vital signs 6.0Core value vital signs 6.0
Core value vital signs 6.0billdunnington
 
Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016Rich Lawrence
 
Business PlanOWNERSYour Business NameAddress Line 1Add.docx
Business PlanOWNERSYour Business NameAddress Line 1Add.docxBusiness PlanOWNERSYour Business NameAddress Line 1Add.docx
Business PlanOWNERSYour Business NameAddress Line 1Add.docxhumphrieskalyn
 
Agreement Express developing a strategic roadmap to automated underwriting
Agreement Express developing a strategic roadmap to automated underwritingAgreement Express developing a strategic roadmap to automated underwriting
Agreement Express developing a strategic roadmap to automated underwritingAgreement Express Inc.
 
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURETHE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITUREAbhishek Sood
 
The Business Plan Framework
The Business Plan FrameworkThe Business Plan Framework
The Business Plan FrameworkSyaiful Rizal
 
Legal Operations Guide to Key Performance Indicators
Legal Operations Guide to Key Performance IndicatorsLegal Operations Guide to Key Performance Indicators
Legal Operations Guide to Key Performance IndicatorsSeyfarthLean Consulting
 

Similar to Building a business impact analysis (bia) process a hands on blueprint (20)

Business Alignment
Business AlignmentBusiness Alignment
Business Alignment
 
Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations.
 
Steps for setting up Internal Audit Function / Department in Small / Medium S...
Steps for setting up Internal Audit Function / Department in Small / Medium S...Steps for setting up Internal Audit Function / Department in Small / Medium S...
Steps for setting up Internal Audit Function / Department in Small / Medium S...
 
Business Metrics and Web Marketing
Business Metrics and Web MarketingBusiness Metrics and Web Marketing
Business Metrics and Web Marketing
 
How to Make a Business Case for #Socialmedia Gain Social Media ROI with Crims...
How to Make a Business Case for #Socialmedia Gain Social Media ROI with Crims...How to Make a Business Case for #Socialmedia Gain Social Media ROI with Crims...
How to Make a Business Case for #Socialmedia Gain Social Media ROI with Crims...
 
Using Financial Forecasts to Advise Business - Financial Forecasting 101 - Re...
Using Financial Forecasts to Advise Business - Financial Forecasting 101 - Re...Using Financial Forecasts to Advise Business - Financial Forecasting 101 - Re...
Using Financial Forecasts to Advise Business - Financial Forecasting 101 - Re...
 
Acct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.comAcct 504 mart perfect education acct504mart.com
Acct 504 mart perfect education acct504mart.com
 
Get to budgeting in 4 easy stages it-toolkits
Get to budgeting in 4 easy stages it-toolkitsGet to budgeting in 4 easy stages it-toolkits
Get to budgeting in 4 easy stages it-toolkits
 
An it manager’s new best friend the company balance sheet it-toolkits
An it manager’s new best friend the company balance sheet it-toolkitsAn it manager’s new best friend the company balance sheet it-toolkits
An it manager’s new best friend the company balance sheet it-toolkits
 
What it managers need to know about working capital it-toolkits.org
What it managers need to know about working capital it-toolkits.orgWhat it managers need to know about working capital it-toolkits.org
What it managers need to know about working capital it-toolkits.org
 
Acc 291 entire course and final guide
Acc 291 entire course and final guideAcc 291 entire course and final guide
Acc 291 entire course and final guide
 
Building Value in You Business
Building Value in You BusinessBuilding Value in You Business
Building Value in You Business
 
Core value vital signs 6.0
Core value vital signs 6.0Core value vital signs 6.0
Core value vital signs 6.0
 
Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016
 
Business PlanOWNERSYour Business NameAddress Line 1Add.docx
Business PlanOWNERSYour Business NameAddress Line 1Add.docxBusiness PlanOWNERSYour Business NameAddress Line 1Add.docx
Business PlanOWNERSYour Business NameAddress Line 1Add.docx
 
Dit yvol4iss09
Dit yvol4iss09Dit yvol4iss09
Dit yvol4iss09
 
Agreement Express developing a strategic roadmap to automated underwriting
Agreement Express developing a strategic roadmap to automated underwritingAgreement Express developing a strategic roadmap to automated underwriting
Agreement Express developing a strategic roadmap to automated underwriting
 
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURETHE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
THE CIO PLAYBOOK NINE STEPS CIOS MUST TAKE FOR SUCCESSFUL DIVESTITURE
 
The Business Plan Framework
The Business Plan FrameworkThe Business Plan Framework
The Business Plan Framework
 
Legal Operations Guide to Key Performance Indicators
Legal Operations Guide to Key Performance IndicatorsLegal Operations Guide to Key Performance Indicators
Legal Operations Guide to Key Performance Indicators
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Building a business impact analysis (bia) process a hands on blueprint

  • 1. Building a Business Impact Analysis (BIA) Process Barry Cardoza, CBCP BIAexchange@AOL.com Author of “Building a BIA Process: A Hands-on Blueprint,” K&M Publishers, Inc., www.KMPublishers.com Copyright, Barry A. Cardoza, 2006 Graphic by Richard Cardoza
  • 2. What Is a Business Impact Analysis ? The BIA measures the potential quantifiable and qualifiable impact that could occur if any business function was unable to operate for a period of time for any reason. That measurement becomes the basis on which we prioritize our efforts in building an efficient Business Continuity Plan (BCP). The Federal Financial Institutions Examination Council (FFIEC) has said that “the institution’s first step in building a Business Continuity Plan (BCP) is to perform a BIA.” Other regulators are making similar statements.
  • 3. BIA is Not a Threat Analysis
  • 4. BIA is Not a Facility Risk Analysis/Assessment Business unit managers aren’t the best people to ask about the potential cost of facility loss. For that, one would need to speak with the people who can estimate those costs, and that would probably involve real estate people, engineers, technology resources, records managers, and many other people both inside and outside the institution who have expertise in their own specific areas. It basically comes down to doing an inventory of what would be lost.
  • 5. A BIA is Not A Risk Analysis • A Risk Analysis identifies operational risks, defines controls to mitigate those risks, and monitors residual risk that remains after the controls have been put into place. • The BIA identifies the quantitative (measurable) and qualitative (usually reputational) impact that could occur if a Department or Business Function was unable to function for any reason.
  • 6. However, if your company wants to put Threat Analysis, Risk Analysis, or whatever under the BIA “umbrella,” no problem. All aspects will need to be covered in a comprehensive Business Continuity Plan.
  • 7. A business continuity plan that is not predicated on or guided by the results of a business impact analysis (BIA) is at best guesswork, is incomplete, and may not function as it should during an actual recovery. Eugene Tucker, CPP, CFE, CBCP Risk Analysis and the Security Survey Butterworth-Heinemann, Copyright 2006 Graphic by Richard Cardoza Graphic by Richard Cardoza
  • 8. It’s a Process, Not a Project If you plan your BIA as a project that is going to happen every so many months or years, two things will happen: • First, you will be “dinged” by everyone who reviews/audits your BIA because they will say your data is out of date. • Second, you’ll need to admit they’re right! The BIA needs to be a continuous process that will keep your data up-to-date and not overwhelm you.
  • 9. So how do you make your BIA a continuous process? 1) By making sure that you will have a continuous flow of current data regarding the status of your Departments and Business Functions. 2) Establishing a cycle in which the Departments will review and update their data on an annual or (preferably) more frequent basis. 3) Stressing to your departments that the first time around is the hardest. After that, it’s just about a periodic review to note what may have changed in their business environment.
  • 10. Gaining Executive Support • Regulators expect us to have a BIA • Auditors expect us to have a BIA • Customers expect us to have a BIA • Insurers expect us to have a BIA • Board Directors expect us to have a BIA • Shareholders/investors expect us to have a BIA.
  • 11. • For an institution to accurately determine recovery goals and establish recovery priorities, it is essential to know where impact could occur, and how much impact could occur in each area of the institution. • The BIA not only ensures that we apply our resources appropriately toward protecting the company’s most critical assets, it also saves the unnecessary expense of applying an inappropriate level of resources to less critical areas. Gaining Executive Support
  • 12. Include Stakeholders in the Planning Process • Regulators • Compliance • Risk Management • Audit, both internal and external • Executive Management • Line-of-business departments If they are not happy with the results, you won’t be happy either.
  • 13. Define the High-level Goals • Goal #1: Identify the impact that any individual Department or Business Function could have on the institution if it was unable to function for any reason. • Goal #2: Have a final deliverable that will satisfy Goal #1 in clear and understandable language. • Goal #3: Make the process as easy as possible for the Departments.
  • 14. Determine What You Need to Learn • Where could critical financial (quantifiable) impact occur and what is the potential amount of the impact? • Where could critical reputational (qualifiable) impact occur and what is the potential amount of the impact? • When would critical impact occur and what is the effect of the impact over a timeline? (Where” can mean two very different and equally important things. Do we mean within which department, or do we mean within which geographic region?)
  • 15. Define “Critical Impact” • The definition of critical impact needs to be based upon something measured, proven, and dynamic enough to change as your company changes. • You won’t know the appropriate definition of critical impact until you have implemented a BIA process that can keep up with changes in the company. • What is considered non-critical today could become critical tomorrow.
  • 16. Note that the “A” in “BIA” stands for “Analysis,” not subjective opinion. It is important that we remove as much subjectivity as possible.
  • 17. One Definition of “Critical” Impact “Critical Impact is any hard dollar or reputational loss that could endanger the survival of the company. “The BIA provides the measurements to determine what is critical at any given time.” “To determine what is critical, the impact represented by every area of the company must be compared to the company as a whole. “We won’t have documentation showing what is truly critical until we have performed a BIA.
  • 18. Define Impact Categories That Are Appropriate For the Particular Institution • Impact can occur within different Departments or Business Functions in different ways. • Different types of impact can have different measurables to be used for determining the extent of potential impact. • Defining Impact Categories can make it easier for a Department to respond because they have a “prompt” to consider various potential types of impact.
  • 19. Quantifiable Impact Categories for a financial institution might include: •· Inability to collect or receive payments •· Inability to process and record payments •· Inability to invest funds •· Inability to set up new customers •· Inability to make price, structure, or rate changes •· Regulatory/contractual impact •· Inability to meet federal processing deadlines •· Penalties for delayed tax filings •· Penalties for delayed benefits filings •· Penalties for failure to meet regulatory deadlines •· Liability for failure to meet agreements with customers
  • 20. Quantifiable Impact Categories for a retail company might include: •· Inability to record sales •· Inability to accept returns •· Inability to process credit cards, checks, gift cards, certificates •· Inability to replenish merchandise •· Inability to move merchandise between locations •· Inability to respond to customer communications •· Inability to advertise
  • 21. Quantifiable Impact Categories for a manufacturing company might include: •· Inability to order materials •· Inability to receive materials •· Inability to assemble materials •· Inability to advertise products •· Inability to process orders •· Inability to ship products •· Inability to collect payment
  • 22. None of these examples are by any means comprehensive or “boilerplate.” Every company needs to define the measurables and categories that are relevant to them. The important thing is that you must take the time to define your measurables and impact categories, and decide exactly how you are going to use them, before you begin to collect any data.
  • 23. Report #1: Compared to other Departments or Business Functions in the company, each Department/Function’s criticality is this. Report #2: Based on when a Department/Function could cause Quantifiable Impact, its Recovery Time Objective (RTO)would be this. Define Your Deliverables Report #3: Based on when a Departmental/Function could cause Qualifiable/Reputational Impact, its RTO would be this.
  • 24. You can’t perform your analysis until you have collected your data. So, isn’t it reasonable to assume that the final analysis is the last thing you will need plan?
  • 26. Actually, the Analysis Phase and the final product are the FIRST thing you need to consider. You won’t know what data to collect until you know what must be included in the final product. Which comes first…….?
  • 27. Decide what the final deliverable will include and what it will look like. Department X Sample Data
  • 28. Let’s take a look at the data elements that make up this sample report. Sample Data
  • 29. We’re showing the department’s daily volume in dollars, so we know that we will need to collect that information. Sample Data
  • 30. We’re showing the department’s daily volume in number of transactions, so we will need to collect that information. Sample Data
  • 31. We’re showing the department’s ability to process a percentage of backlog, over and above their normal daily volume. Sample Data
  • 32. And, of course, we’re asking for the potential dollar impact if this unit cannot function for any reason. Sample Data
  • 33. That’s all of the data elements. Everything else in this report is a calculation or notation. However…. Sample Data 4 ^
  • 34. If we wanted a report that would also show potential Reputational Impact, then we would need to ask about that type of impact as well. This department processes transactions for businesses. If we have a crisis, they will understand a delay of a few hours. But, depending on the business, some of them will not be able to tolerate a delay over 24 hours, and others would be unable to tolerate a delay of longer than 8 hours. Hey….that’s 5 data elements….
  • 35. We’re showing the department’s daily volume in number of transactions, so we will need to collect that information. Sample Data The number of transactions is interesting to have, but is probably not particularly useful to the analysis.
  • 36. In-house or Outsource; Buy or Build? • Do you have the resources you need or will you need to bring in some assistance? • Have you established your Goals and Objectives For a BIA and defined the deliverables?” If not, stop here before considering a service or a product. • Do you have the in-house expertise to develop a “tool” to manage, analyze, and report on the data? • If you don’t know what you want to accomplish with a BIA, you won’t know if what is being offered will satisfy your needs.
  • 37. • Intuitively, we know that we must include an evaluation of all our Business Functions in the BIA. • But will the BIA actually be done at the Business Function Level or at the Departmental level? • Corporate management tends to think in terms of “Departments” because that is how the management structure is aligned. Bottom-up or Top-down? The Right Approach To Your BIA • A Department can have many Business Functions, and those Business Functions can span across Departments.
  • 38. You could do your analysis by Department, including all of the Business Functions within each Department, and then identify the Dependencies of each Business Function,
  • 39. • System/technology dependencies • Vendor dependencies Identifying Dependencies • Supporting internal department dependencies • Other dependencies While Dependency identification could be an entirely separate process, incorporating it into your BIA can add significant value to the final deliverables.
  • 40. • To ask managers to prioritize their own Departments without giving them a company-wide perspective is, in effect, forcing them to think in a silo. • The highest priority on one manager’s list might have negligible impact when compared to Departments in other areas of the company. Topple the Silos When Measuring Impact • Don’t ask managers to prioritize their Business Functions. Ask managers to give you the information you need in order to prioritize their Functions in comparison to the company as a whole.
  • 41. And the answer is...it depends on what you want to know. Impact & RTO; About How Much or When? If you want to know which Departments are the most critical, a report such as this one should provide the answer. However…
  • 42. Impact & RTO; About How Much or When? If you want to establish recovery goals/priorities, then this report (over a timeline) would be a better representation of the potential impact. Which departments need to recover first to avoid impact?
  • 43. The Data Collection Phase You have options regarding the way you collect your BIA data: 1) Distribute a survey 2) Meet with individual Department managers 3) Gather groups of managers into a room for a workshop 4) Any combination of the above
  • 44. Asking the Right People Who should you ask to get the BIA information you need from individual Departments? 1) The best approach is probably to start as high on the organizational chart as possible, and then drill down. 2) If high-level management decides it is appropriate to delegate, that’s OK, and it also means you should have their support in getting responses. 3) But even if the work is delegated, your contact should be at the managerial level. Someone needs to “sign off” on the data that is being provided.
  • 45. Asking the Right Questions in the Right Way 1) Put a box around your questions so they cannot possibly be misinterpreted and options for answers are limited. For example, don’t ask “what is your daily volume?” • Volume on what day? • Are we asking for an average? • If so, over what time period? Instead ask, “what was the volume in dollars on the busiest day of last year” (or other period) if that is what we really want to know. • How else might a manager interpret this question?
  • 46. Asking the Right Questions in the Right Way 4) Be careful how you structure the questions. Some companies choose to offer ranges of numbers, rather than asking for specific numbers. However…. 2) State up-front that you are looking for the “worst case scenario.” 3) Define all terms, even if you think everyone knows the definitions.
  • 47. Be careful because this…. …could become this.
  • 48. The Analysis Phase; Remember the Deliverables 1) Where could critical financial (quantifiable) impact occur and what is the potential amount of the impact? 3) When would critical impact occur and what is the effect of the impact over a timeline? 2) Where could critical reputational (qualifiable) impact occur and what is the potential amount of the impact? We wanted to generate reports that would show, clearly and concisely:
  • 49. The very FIRST thing we do is combine all of the data we have collected into a company-wide picture. You won’t want to analyze individual Departments/Functions until you have a company-wide baseline to which they can be compared. Sample Data 48
  • 50. Once we have the company-wide baseline, we can compare each department to that baseline and begin to see how our departments rank in perspective to each other and to the company as a whole. Department X Department Y Department Z Department W
  • 51. We’ve Covered “How Much and When; ” What About “Where?” If a geographic Region in which you do business is impacted by a crisis, wouldn’t you want to know the potential impact?
  • 52. We Collected Impact Data by Location of Potential Impact; Here’s Why. If you know where your Departments and Business Functions are located…. …and the BIA has identified the potential impact that they could represent if they cannot function for any reason…. …then if Pomona (for instance) is impacted by a crisis…. …you can estimate the potential impact to your company.
  • 53. We can use the first three digits of any Zip Code to do geographic analysis 701 would identify the city of New Orleans, LA. Expanding that range to 700-701 would also include: Des Allemands Laplace Avondale ChalmetteKenner Metarie Marrero Gramercy Lutcher Timberlane Etc. South Vacherie GeoAnalysis
  • 54. What if we wanted to focus on facilities or employees in the San Francisco Marina District? (Which was more heavily impacted than other areas of San Francisco by the 1989 Loma Prieta Earthquake.) Then we could filter on all 5 digits of the ZIP code because 94123 is the ZIP code for the Marina District. GeoAnalysis
  • 55. Have we met the high-level goals ? • Goal #1: Identify the impact that any individual Department or Business Function could have on the institution if it was unable to function for any reason. • Goal #2: Have a final deliverable that will satisfy Goal #1 in clear and understandable language. • Goal #3: Make the process as easy as possible for the Departments.
  • 56. Report #1: Compared to other Departments or Business Functions in the company, each Department/Function’s criticality is this. Report #2: Based on when a Department/Function could cause Quantifiable Impact, its Recovery Time Objective (RTO)would be this. Have we produced the deliverables ? Report #3: Based on when a Departmental/Function could cause Qualifiable/Reputational Impact, its RTO would be this.
  • 58. Impact by Impact Category
  • 59. Impact Analysis by Department 49-72 hrs.
  • 61. Impact by Geographic Region Over a Timeline, by Category
  • 63. You will want to have a lot of different views of the data included in your BIA Analysis/product, for different purposes and for different audiences. The good news is that, since you decided on what you wanted for your final product FIRST, you have all of the data you need to provide ALL of these views. And more….
  • 64. With proper planning and implementation, we have what we need to accomplish our Goals and Objectives. Questions?