02 Practical Strategies of Conducting BIA
-
Upload
bcm-institute -
Category
Business
-
view
1.985 -
download
3
Transcript of 02 Practical Strategies of Conducting BIA
![Page 1: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/1.jpg)
1 July 2011Singapore
Practical Strategies of Conducting a Business Impact
Analysis
![Page 2: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/2.jpg)
2
PRACTICAL STRATEGIES OF CONDUCTING A BUSINESS IMPACT
ANALYSIS
Dr Goh Moh Heng PhD BCCE DRCE BCCLA
President
![Page 3: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/3.jpg)
Dr Goh Moh Heng
• President– Business Continuity Management
(BCM) Institute– www.bcm-institute.org
• Managing Director– GMH Continuity Architects– Asia Pacific BCM Consulting Firm– www.GMHasia.com
• Professional BCM Appointments– Technical Advisor for TR19:2005 &
SS540:2008 BCM Standard (Management Council and Technical Committee) www.ss540.org
– Project Director, Technical Working Group for SS507:2004 • ISO/IEC 24762 Guidelines for BC-DR
Serviceshttp://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
![Page 4: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/4.jpg)
Dr Goh Moh Heng
Prior Appointments• Government of Singapore Investment
Corporation (GIC)• Standard Chartered Bank
– Global Head for BCM
• PriceWaterhouse (Coopers)
• Past Certification Broad Member for DRI International’s Certification Board
• Past Executive Director for DRI Asia• Senior Technical Advisor, China
Business Continuity Management Forum
http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
![Page 5: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/5.jpg)
BCM Institute
• Started in January 2005.• Provide competency based BC-DR training
to all levels.• Certify BC-DR professionals globally.• Started Certification programme in April
2007.• More than 1500 professionals from 850
organizations and 40 countries.
![Page 6: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/6.jpg)
Professional Certification
Business Continuity
IT Disaster Recovery
BCM Audit
Membership
![Page 7: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/7.jpg)
Agenda
• What Exactly is BIA?– Key concepts
• Strategic, tactical and operational BIA
• Walkthrough of BIA Template
![Page 8: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/8.jpg)
Source: Goh, Moh Heng (2008): Managing Your Business Continuity Planning Project 2nd Edition ISBN: 978-981-05-9767-2
Business Impact Analysis
How-to Do It?
![Page 9: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/9.jpg)
9
Business Continuity Management Body of Knowledge 3
• Implement business impact analysis (BIA) process. – Understand the principles and scope of the BIA process. – Apply the BIA implementation process. – Understand the available BIA data collection mechanisms. – Determine and apply the appropriate BIA data collection mechanism. – Design a custom tailored BIA questionnaire.
• Gather BIA Information. – Identify activities that support Critical Business Functions (CBF) and identify owners. – Determine impacts of a disruption to each activity/process across the organization that may damage
organization's reputation, assets or financial position. – Quantify timescales where interruption becomes unacceptable to organization. – Determine key requirement for organization-wide tolerable downtime. – Determine Inter-dependencies and intra-dependencies. – Identify vital records needed for recovery. – Identify and document CBFs, critical processes and critical application.
• Determine continuity resources. – Provide the resource information to determine or recommend recovery strategies. – Identify internal and external resource requirements to support activities. – Quantify the people, technology and telephony resources required over time to maintain business activities
at an acceptable level and within the maximum tolerable period of disruption.
• Seek Executive Management Approval. – Seek sign off of requirements by process owners. – Present requirements to executive management and seek approval to adopt the findings as the basis for
determining a BC strategy.
http://www.bcmpedia.org/wiki/BCMBoK_3:_Business_Impact_Analysis
![Page 10: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/10.jpg)
Mandatory Understanding of BIA Terminology
• Minimum Business Continuity Objective (MBCO)
• Business Impact Analysis (BIA)• Critical Business Function (CBF)• Recovery Time Objective (RTO)• Recovery Point Objective (RPO)• Impact – Quantitative– Qualitative
![Page 11: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/11.jpg)
Business Impact Analysis Steps
• Determine information to gather• Tailor questionnaires to internal
requirements• Conduct training on completion of
questionnaire• Collate and review questionnaires• Conduct selective interviews• Consolidate and analyze data• Summarize and present findings
![Page 12: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/12.jpg)
Recovery Time Objective
Resumption of Critical Functions
Time-SensitiveSystems are Operational
with Current &Accurate Data
Time
Point ofDisruption
The maximum tolerable time within which Critical Business Functions must be
restored to its MBCO
Time-Sensitive
Systems are Operational
Recovery Time Objective
![Page 13: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/13.jpg)
RTO versus RPO
SecsMinsHrsDays Wks Secs Mins Hrs Days Wks
Recovery Point Recovery Time
![Page 14: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/14.jpg)
BCMpedia
www.bcmpedia.org
![Page 15: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/15.jpg)
Minimum Business Continuity Objective (MBCO)
• is the minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during an incident, emergency or disaster.
• is set by the Executive Management of the organization and can be influenced, dictated and/or changed by current regulatory requirements or industry practices.
• The definition provided here rephrases the operational perspective into an objective - the mission objective for BCM
![Page 16: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/16.jpg)
16
MBCO
Strategic
• Corporate MBCO
Tactical
• BU MBCO
Operational
• Individual BU BIA Submission
BCM Policy • Impact over time at corporate level• Approved by Executive Management
Recovery Strategy
• Confirm BU-level impact over a timescale due to loss of CBFs• Summary of resource requirement
BU BC Plan •Activity-based RTO
![Page 17: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/17.jpg)
1 July 2011Singapore
Walkthrough of a BIA Questionnaires Workbook
![Page 18: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/18.jpg)
Minimum Business Continuity Objective
No. Minimum Business Continuity Objective
![Page 19: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/19.jpg)
P1: Identify BU and Business Functions
Business Unit
Business Unit Code
Business Function
Business Function
CodeDescription
(a) (b) (c) (d) (e)
Workbook
![Page 20: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/20.jpg)
P2: Identification of Impact
Business Function
CodeImpact Area
Monetary Loss
Calculation of Monetary
LossRemarks
(b) (c) (d) (e) (f)
Workbook
![Page 21: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/21.jpg)
P3: Impact Over Time
Business Function
CodeImpact Area
Impact Over Time
RTO MTPD
4 hrs
1 day
2 days
3 days
5 days
7 days
10 days
14 days
20 days
30 days
60 days
90 days
(a) (b) (c) (d) (e)
Workbook
![Page 22: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/22.jpg)
P4: Vulnerable Periods of Critical Business Functions
Business Function
Code
Recovery Time
Objective (RTO)
Recovery Point
Objective (RPO)
Vulnerable Periods
(a) (b) (c) (d)
Workbook
![Page 23: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/23.jpg)
P5: Resources Required for Critical Business Functions during a Crisis
Business Function
Code
No of Staff (Min Qty)
Tel (Min Qty)
No of PCs (Qty)
Commercial Software on PCs (Name of
Software)
Application/ Systems(Name of
Application/ System)
External Info System or
Service
Other Resources or Special
Equipment (State Name and Qty)
(a) (b) (c) (d) (e) (f) (g) (h)
TOTAL*
Workbook
![Page 24: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/24.jpg)
P6: Inter-dependencies
Business Function
Code
Type of Dependency
Target Dept/ Vendor
Description on Nature of
Dependency
(a) (b) (c) (d)
Workbook
![Page 25: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/25.jpg)
P7: Vital Records
Business Function
Code
Description of Vital Records
Media Type
Location (Onsite/ Backup
Storage)
In Whose Care
(a) (b) (c) (d) (e)
Workbook
![Page 26: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/26.jpg)
BCM Institute ForumBuilding a Community
bcmi.groupsite.com
80% Asian and Middle Eastern BCM
and DR Professionals
![Page 27: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/27.jpg)
Summary
• Provide a key understanding on the fundamentals of BIA
• Understand the strategic, tactical and operational aspects of BIA
• Experienced a walkthrough of BIA process using template
• Be aware of tools and guides
![Page 28: 02 Practical Strategies of Conducting BIA](https://reader034.fdocuments.us/reader034/viewer/2022052315/554dde93b4c905c70e8b528c/html5/thumbnails/28.jpg)
THANK YOU
Dr Goh Moh HengPresident
Mobile: +65 96711022Tel: +65 63231500Fax: +65 63230933
Email: [email protected]