search

What are two objectives of a BIA?

1 năms trước
Trả lời: 0
Lượt xem: 17

A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries. There are many possible scenarios which should be considered.

Show

Identifying and evaluating the impact of disasters on business provides the basis for investment in recovery strategies as well as investment in prevention and mitigation strategies.

Consider the Impact

The BIA should identify the operational and financial impacts resulting from the disruption of business functions and processes. Impacts to consider include:

  • Lost sales and income
  • Delayed sales or income
  • Increased expenses (e.g., overtime labor, outsourcing, expediting costs, etc.)
  • Regulatory fines
  • Contractual penalties or loss of contractual bonuses
  • Customer dissatisfaction or defection
  • Delay of new business plans

Timing and Duration of Disruption

The point in time when a business function or process is disrupted can have a significant bearing on the loss sustained. A store damaged in the weeks prior to the holiday shopping season may lose a substantial amount of its yearly sales. A power outage lasting a few minutes would be a minor inconvenience for most businesses but one lasting for hours could result in significant business losses. A short duration disruption of production may be overcome by shipping finished goods from a warehouse but disruption of a product in high demand could have a significant impact.

Conducting the BIA

Use a BIA questionnaire to survey managers and others within the business. Survey those with detailed knowledge of how the business manufactures its products or provides its services. Ask them to identify the potential impacts if the business function or process that they are responsible for is interrupted. The BIA should also identify the critical business processes and resources needed for the business to continue to function at different levels.

BIA Report

The BIA report should document the potential impacts resulting from disruption of business functions and processes. Scenarios resulting in significant business interruption should be assessed in terms of financial impact, if possible. These costs should be compared with the costs for possible recovery strategies.

The BIA report should prioritize the order of events for restoration of the business. Business processes with the greatest operational and financial impacts should be restored first.

Next steps: Business Continuity Plan and Information Technology Disaster Recovery Plan

Business Disruption Scenarios

  • Physical damage to a building buildings
  • Damage to or breakdown of machinery, systems or equipment
  • Restricted access to a site or building
  • Interruption of the supply chain including failure of a supplier or disruption of transportation of goods from the supplier.
  • Utility outage (e.g., electrical power outage)
  • Damage to, loss or corruption of information technology including voice and data communications, servers, computers, operating systems, applications, and data
  • Absenteeism of essential employees

Identifying your business continuity plan objectives is an important first step in creating a comprehensive plan. Putting these objectives into words serves two purposes: 

  • It gives the plan administrators a guide to what the plan should accomplish by providing a high-level overview of the areas that must be addressed in the document as it is being created and maintained. 
  • It gives stakeholders and other personnel a clearer understanding of the document’s purpose and scope. 

By clearly defining these objectives prior to starting your business continuity planning process, you increase the likelihood that you will achieve the core goal of your plan: preparing the business for a disaster scenario to minimize downtime when such an event occurs. 

Based on our experience as a business continuity services provider, we have identified 9 business continuity plan objectives that are critical for focusing your team’s energies on the activities that will create the policies and procedures that will build lasting resilience into your business operations. We recommend communicating these objectives at your project launch meeting, emphasizing them in your project communications, and listing them at the opening of your business continuity plan (BCP) document. 

Business Continuity Plan Objectives Aligned to Template 

To add structure to our recommendations, we have aligned these objectives with the format of the Business Continuity Plan template developed by the Ready.gov organization. Ready.gov is an organization within   Federal Emergency Management Administration (FEMA) that was created to marshal the resources of FEMA and the Department of Homeland Security (DHS). It’s mission is to deliver materials to the public to improve the nation’s ability to respond to emergencies including natural and man-made disasters. This site includes a section devoted to business issues, which is where the business continuity plan template is found. 

The sections of the BCP template provided by Ready.gov are: 

  • Program Administration 
  • Business Continuity Organization 
  • Business Impact Analysis 
  • Business Continuity Strategy & Requirements 
  • Manual Workarounds 
  • Incident Management 
  • Training Testing and Exercising 
  • Program Maintenance and Improvement 

At the conclusion of the discussion of each of the objectives, we designate which section or sections of the plan where you can have the greatest impact on achieving these objectives. The section name is listed in italics. 

9 Critical Business Continuity Plan Objectives 

Objective 1: Identify Disaster Recovery Personnel

Identifying the personnel who will be staffing your disaster recovery team is one of the most important goals of your business continuity planning. Some of the questions that need to be addressed are: 

  • Who is on those disaster recovery teams? 
  • What are their roles? 
  • How can they be reached in an emergency? 
  • Who are the alternates in the event the designated primary is unavailable? 

One of the most important roles in your disaster recovery organization is the crisis management coordinator. This person can also be referred to as the disaster recovery coordinator. The person is granted authority to make decisions and is responsible for initiating recovery plan protocols and directing the recovery of business operations. The coordinator is also responsible for communicating with the company’s insurance companies about policies related to disaster impacts, including the company’s cyber insurance policy, which will play an important role in mitigating the financial effect of disaster impacts on ongoing operations. 

BCP Template Section: Business Continuity Organization 

Objective 2: Assess Risks and Impact 

Another crucial purpose of creating a BCP is identifying the various internal and external threats to your operations through a risk assessment. The results of the risk assessment will be incorporated into a business impact analysis that will specify different types of disasters that could disrupt your business and quantify the impact of each scenario: how much damage would be caused, how long the recovery would take, the cost of operational losses, and so on. 

As the graphic below demonstrates, the Business Impact Analysis (BIA) lays the foundation for the remainder of your BCP. All your recovery strategies, continuity plans, and update processes derive from the work that occurs during the business impact analysis phase. 

What are two objectives of a BIA?
 
Source: Ready.gov 

The purpose of the BIA is to allow companies to uncover all the linkages among internal business operations and with suppliers and customers to anticipate to the greatest degree possible what can possibly become de-linked and quantify the potential impact. In a Business Continuity Institute (BCI) article entitled, “Why the BIA Provides the Foundation Stone for Business Continuity,” the author states: 

“It never fails to amaze me the labyrinth of intricate parts that goes into making up an organisation, and it can often be difficult for individual teams to understand how they contribute to the success and vision of the business. I liken it to a delicate ecosystem where everything needs to work in balance and harmony to work efficiently and effectively. When you start changing or removing parts of the organisation, whether that is through structural change or an incident, that ecosystem becomes out of balance and therefore we need to understand the impact.” 

Business continuity consultants can play a constructive role in ensuring that all interactions are surfaced and discussed. As outsiders to your operations, they have an ability to pick up on linkages that employees in the system can overlook as they are simply too close to particular functions to see all potential implications for your business and customers. 

One of the outcomes of the BIA is the establishment of the plan’s Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). These two metrics are defined in the following way:  

  • RTO – The amount of time in which, following a serious event or outage, a business process and its associated applications must be restored in order to prevent a defined amount of impact. 
  • RPO – The amount of data that could be manually recovered following the restoration of an application following a serious event or outage. 

The importance of establishing these measurements lies in the fact that they are used as a basis for defining your recovery strategies. MHA Consulting, a business continuity consultant, stresses  the importance of RTO and RPO concepts in guiding your recovery processes investment decisions: “Knowing them helps ensure that your strategies, implementation, and plans are neither overly aggressive (wasting resources) or inadequate (providing insufficient protection).” 

BCP Template Section: Business Impact Analysis 

Objective 3: Outline Existing Preventive Measures 

A business stakeholder wants to know, “what are we doing to prevent ransomware situations like the one I just read about in the news?” This is another reason for your BCP. It will outline the technologies, tools, and protocols that are already in place to prevent or mitigate the effects of a disaster. Technologies for premises-based data backup and cloud services backup are included in the preventive measures analysis.  

By demonstrating to all members of the business continuity organization what assets are already in place, the preventive measures analysis provides a means of gaining agreement among team members about what investments the company needs to make in additional preventative measures. Often referred to as a gap analysis, the process will build consensus amongst team members so the BCP findings can then be used as a tool to pitch executive decision-makers for the investment capital to improve business resilience. 

BCP Template Section: Business Impact Analysis 

Objective 4: Provide the Step-by-Step Protocols 

Your plan will provide the specific procedures that need to be followed to assist in recovery. Chances are, when a disaster strikes, personnel won’t remember exactly what they’re supposed to do. Your disaster teams should have a general idea, but if needed they’ll be able to consult the document to follow the exact procedures as they’re listed.  

At this point, it is important to draw the distinction between a businiesss continuity plan and a disaster recovery plan. In our previous post on this topic, we noted that, “a comprehensive business continuity plan will actually have a disaster recovery plan built into it.” The disaster recovery plan is an element of your business continuity plan but is also a standalone document. 

The disaster recovery plan includes granular instructions covering such items as definition of plan triggering events, emergency alert and escalation procedures, steps in activating emergency response teams, and team assembly points are all elements of a plan with well-constructed response protocols.  

BCP Template Section: Business Continuity Strategies and Requirements 

Objective 5: Identify the Location of Critical Data and Assets 

One of the most important IT business continuity plan objectives is to identify where critical data and other assets are being stored. This allows recovery teams to begin recovery even if key IT personnel are unavailable. Imagine, for example, a scenario in which you had no IT workforce. There must be, at least, a footprint for other personnel or stakeholders to follow. Any confusion will significantly impede the recovery process. 

An IT asset management system offers companies a way to automate tracking of assets and reduce errors resulting from out-of-date information, duplicates, inaccurate serial numbers and tag overlaps. Asset management systems also play a role in cyber security preventive measures. Without a complete asset management list, a device could be overlooked that connects to the network without virus protection or the latest patch to meet a known security threat. IT asset management systems have facilitated the tracking of the great dispersion of devices that resulted from the COVID-19 pandemic. 

BCP Template Section: Business Continuity Strategies and Requirements 

Objective 6: Identify Back-up Locations and Resources 

Recovery teams need to know where and how to relocate operations and with what resources. Your BCP will outline the availability of any back-up office space or the procedures for securing a new space rapidly. Additionally, it will cite the availability of back-up physical resources, such as workstations and devices. 

There are several different types of disaster recovery backup sites that are generally classified in one of four ways: cold site, warm site, cold site, and mobile site. These types are described below: 

  • Cold Site – A facility with adequate space and infrastructure (electric power, telecommunications connections, and environmental controls) to support the IT systems, which may have raised floors and other attributes suited for IT operations. 
  • Warm Site – A partially equipped office space that houses some or all of the system hardware, software, telecommunications and power sources. 
  • Hot Site – An office space appropriately sized to support system requirements and configured with the necessary system hardware, supporting infrastructure, and support personnel that work 24 hours a day, seven days a week. 
  • Mobile Site – A self-contained, transportable shell custom-fitted with specific telecommunications and IT equipment necessary to meet system requirements. 

BCP Template Sections: Business Continuity Strategies and Requirements; Incident Management 

Objective 7: Prioritize Emergency Communications 

Who communicates with the client during an emergency? Who notifies the workforce? Who speaks to the media? By having a business continuity management policy in place, recovery personnel will understand their roles in both internal and external emergency communications. 

One of the goals of your crisis communications plan is to help maintain calm within your workforce so all parties can fulfill their responsibilities and continue to serve customers. Disaster events can eliminate ordinary methods of communications, so alternative communications channels should be specified. 

Identifying and understanding your audiences, or stakeholders, is the necessary first step in formulating your crisis communications plan. The following is a list of potential audiences:

  • Customers 
  • Survivors impacted by the incident and their families 
  • Employees and their families 
  • News media 
  • Community—especially neighbors living near the facility 
  • Company management, directors and investors 
  • Government elected officials, regulators and other authorities 
  • Suppliers 

A clear definition of who will be the spokesperson aligned to each of these audiences is necessary in order to provide speed of response and to ensure consistency of message. 

BCP Template Sections: Business Continuity Strategies and Requirements; Incident Management 

Objective 8: Find Weaknesses and Propose Solutions 

Any holes in your continuity planning must be addressed. The BCP is as much a process as it is a static document. It’s a work in progress requiring ongoing risk assessment, identification of scenarios that would leave operations unprotected, and the development of action steps to address weaknesses that call for immediate attention. 

Business continuity plan testing is an important element of keeping your plan current and responsive to changing conditions. There are four categories of testing described below: 

  • Plan Review – Senior management and department heads analyze the Business Continuity Plan and discuss potential improvements 
  • Tabletop Exercise/Structured Walk-Through Test – In this scenario-based, role-playing exercise, the objective is to ensure all critical personnel in your organization are aware of and familiar with the relevant portions of the BCP, as well as their role in a disaster.  
  • Walk-Through Drill/Simulation Test – The Walk-Through/Simulation can incorporate actual recovery actions such as restoring backups, live testing of redundant systems, a simulated response at alternate locations, and actual notification and resource mobilization. 
  • Functional/Full Recovery Test – A BCP Functional/Full Recovery Test involves a complete test of your backup systems with parallel testing (running your live and backup systems in conjunction) or a full failover test (completely transitioning operations to your backup systems). 

Your testing schedule is highly dependent on such factors as company size, your pace of new equipment and upgrade installations, and the amount of turnover in your IT staff, but most business continuity professionals recommend annual testing at a minimum. 

BCP Template Sections: Testing, Testing & Exercising; Program Maintenance and Improvement 

Objective 9: Fulfill External Requirements 

The final objective does not link to any particular section of the plan itself, but instead addresses the reality that your company may be required to provide a BCP to satisfy external requirements from regulators, vendors, and insurance companies. 

As noted by the Disaster Recovery Institute (DRI), there are over 120 regulations that mandate business continuity management across a variety of industries. These are mandated by regulatory authorities and legislation such as the Financial Industry Regulatory Authority (FINRA) and the Health Insurance Portability and Accountability Act (HIPAA). 

RFPs increasingly include a requirement to demonstrate an active business continuity management program and insurers will want see evidence of a BCP as a part of the underwriting process.  

Conclusion 

Gaining organizational commitment to achieving these critical business continuity plan objectives is a significant challenge, as business continuity leadership has to find a way to motivate employees to commit to spending time on issues that don’t contribute to achieving daily goals. Recruiting the right team, adopting a collaborative approach with participants, engaging senior management early in the process, and investing in training and certification will contribute to long-term commitment to planning success.  

Learn More 

As a provider of business continuity services, Invenio IT has helped clients manage through disaster incidents. To learn more about how we can put this experience to work for your company to minimize downtime from disruptive incidents, contact our disaster recovery teams at (646) 395-1170 or . 

Sign up on our blog home page to join our community of 17,000+ readers who receive our updates on topics related to business continuity, disaster recovery, data backup, and cybersecurity. 

What is the objective of a BIA?

A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment.

What are the main components of BIA?

10 Elements in a Business Impact Analysis Report.
Internal and external dependencies..
Vital records..
Service level agreements..
System and application Recovery Point Objectives..
Level of reliance on internal and external systems and applications..
Specialized equipment required..
Backlog information..
Workaround procedures..

What are the three key outputs of the BIA process?

The BIA quantifies the impacts of disruptions on service delivery, risks to service delivery, and recovery time objectives (RTOs) and recovery point objectives (RPOs).

What are the five goals of conducting a BIA?

An effective BIA consists of five elements: Executive Sponsorship, Understanding the Organization, BIA Tools, BIA Processes and BIA Findings.

Business impact analysis BIA security BIA data

Bài Viết Liên Quan

Phenomenology is studying about peoples experiences
Phenomenology is studying about peoples experiences

What are the four categories of marketing activities usually referred to as the marketing mix?
What are the four categories of marketing activities usually referred to as the marketing mix?

Pareto analysis means that 20 percent of the items get about 80 percent of the safety stock.
Pareto analysis means that 20 percent of the items get about 80 percent of the safety stock.

The type of electronic commerce in which a business sells a product to the general public.
The type of electronic commerce in which a business sells a product to the general public.

5 trường kinh doanh bậc đại học hàng đầu năm 2022
5 trường kinh doanh bậc đại học hàng đầu năm 2022

What type of business organization must have at least 100 shareholders at the beginning of their second taxable year?
What type of business organization must have at least 100 shareholders at the beginning of their second taxable year?

When you consider the information you should be communicating you need to consider the needs of your primary audience first?
When you consider the information you should be communicating you need to consider the needs of your primary audience first?

Analysis of variance is a statistical method of comparing the ________ of several populations
Analysis of variance is a statistical method of comparing the ________ of several populations

What do you call a branch of statistics that involves tabulating depicting and describing the collected data?
What do you call a branch of statistics that involves tabulating depicting and describing the collected data?

How does the inheritance of mitochondrial DNA differ from the inheritance of DNA found in the nucleus of cells?
How does the inheritance of mitochondrial DNA differ from the inheritance of DNA found in the nucleus of cells?

MỚI CẬP NHẬP

Baằng một bước mà bước không qua là cái gì năm 2024
6 phúts trước . bởi ConciliatoryHeight
Duong bien gioi dat lien dai nhat voi nuoc nào năm 2024
14 phúts trước . bởi HardenedDeflation
Sửa lỗi android tự mở google play store năm 2024
16 phúts trước . bởi HurtfulAllies
Chi phí bằng tiền là gì năm 2024
32 phúts trước . bởi Cream-coloredRepayment
Đề thi hóa học kì 2 lớp 8 năm 2024
46 phúts trước . bởi ReverseImperialism
Bài tập trắc nghiệm tiếng anh 6 2023 năm 2024
1 giờs trước . bởi PricklyWords
Nhân viên nhân sự là làm gì năm 2024
1 giờs trước . bởi SleevelessCondominium
Thực hành hóa sinh phản ứng tạo xà phòng tan năm 2024
1 giờs trước . bởi Three-yearTransmission
Play across slide là dùng để làm gì trong ppt năm 2024
2 giờs trước . bởi CurledPendulum
Cách sửa lỗi bug splat liên minh huyền thoại 2023 năm 2024
2 giờs trước . bởi FastCircus

Xem Nhiều

Bảng tóm tắt bảo vệ luận văn trong powerpoint năm 2024
3 ngàys trước . bởi SubmergedSomewhere
Cao su lưu hóa và cao su cứng năm 2024
4 ngàys trước . bởi GrimResidency
Bài tập vật lý trị liệu đau khớp vai năm 2024
1 ngàys trước . bởi PorousPhilosopher
Ca cao có tác dụng như thế nào năm 2024
6 ngàys trước . bởi OrganizingStylus
Các loại hình kiểm toán xây dựng cơ bản năm 2024
4 ngàys trước . bởi HallowedFinale
Nên mua ipad nào cho con học tiếng anh năm 2024
1 ngàys trước . bởi DimRepublic
Hiện trạng sử dụng đất tiếng anh là gì năm 2024
1 ngàys trước . bởi SnarlingBattery
Nền tảng mạng xã hội người nhật dùng là gì năm 2024
2 ngàys trước . bởi SurgicalTemplate
Bán đất đường phó đức chính thành phố thanh hóa năm 2024
4 ngàys trước . bởi BanalBookmark
Khách thể nghiên cứu khoa học là gì năm 2024
4 ngàys trước . bởi LongstandingBrightness

Chúng tôi

Điều khoản

Trợ giúp

Mạng xã hội

Bản quyền © 2024 Inc.