Business Impact Analysis (BIA) is the key element to an effective disaster recovery, which is in the heart of business continuity. In order to elaborate the BIA importance better, this webinar will cover the following areas: • Why a Business Impact Analysis? • Business Impact Analysis in the BCM Lifecycle • New Standard ISO 22317 on the BIA • BIA Approaches • Challenges when doing a BIA • Socrates Maps • BIA Critical Success Factors

2. The Business Impact
Analysis (BIA) as
Foundation of the BCM
Approach
Dr. Wolfgang H. Mahr, M.Sc., BBA, MBCI, CISA
governance & continuuuity gmbh
CH-8408 Winterthur, Switzerland
www.continuuuity.ch
LinkedIn, XING, Twitter
wolfgang.mahr@continuuuity.ch

3. Contents
 Why a BIA?
 BIA in the BCM Lifecycle
 Outcomes of the BIA
 BIA supporting BCM Goals
 ISO 22317 on the BIA
 BIA Approaches
 Challenges when doing a BIA
 Sokrates Maps –what’s this?
 Sokrates Maps Benefits and Applications
 Sokrates Maps for the BIA
 BIA Critical Success Factors

4. Abstract
• This contribution underlines the fundamental importance of the one of
the most important phases in the BCM lifecycle – the BIA.
• Other - subsequent - phases such as selecting one or more business
continuity strategies or the formulation of a BC plan, exhibit a much
smaller space of choices than the BIA, which is primarily an information
gathering stage, charged with understanding the business.
• Critically important information needs to be unearthed and, ideally, not
one important aspect must be omitted or forgotten. This is the reason
why ISO TC 292 (formerly 223), after developing ISO 22301 and ISO
22313, has embarked on developing a standard on the BIA: ISO 22317.
It is being presented in another contribution at this conference.
• This paper focuses on a visualization and presentation method newly
applied to the BIA process, in order to better understand a company’s
processes, resources and their interdependencies.

5. Why a BIA?
• BCM is a cyclic process
• BCM is based on continuous improvement
• BIA makes you know your processes better
• BIA is the base for the subsequent development of one
or more Business Continuity Strategies
• …

6. Why a BIA?
• Increasing the efficiency of the organisation
• Evaluate alternative strategic planning options
• Assist in long-term strategy decision making
• Assist in developing a risk analysis
• …

7. BIA in the BCM lifecycle
Reference: The Business Continuity Institute

8. BIA in the BCM lifecycle
Reference: ISO 22301:2012

9. Outcomes of the BIA
• Major outcomes include:
– Validation of the organisation’s BC programme scope
– Identification of requirements the organisation
– Determination of impacts, over time (of disruptions)
– Identification of relationships between
• Products/services
• Processes
• Activities
• Resources
– Resources needed to perform prioritised activities
– Such as facilities, people, assets, supplies, financial resources
– Dependencies and interrelationships
– …

10. BIA supporting BCM Goals
• Protecting company value and reputation
• Safeguards the reputation and future of the company in an
emergency
• Increase shareholder value and demonstrates commitment by
management
• Assures the survival of the company in the case of a serious incident
• Minimize financial losses in case of an incident or emergency

11. ISO/TS 22317 on BIA
• Developed by ISO TC292 (“Security and Resilience”)
• Currently as DTS (Draft Technical Specification)
• To be published within the next couple of months
• Based on ISO 22301, ISO 22313 and ISO 22300
• Focus on Performing the BIA:
– Project Planning and Management
– Product and Service Prioritisation
– Process Prioritisation
– Activity Prioritisation
– Analysis and Consolidation
– Top Management Endorsement of BIA Results
• Annexes on
– Terminology Mapping
– Information Collection Methods

12. BIA Approaches
• Gold, Silver, Bronze
• Strategic / Tactical
• Iterations
• Questionnaires
• Workshops
• Interviews
– Middle Management
– Process Owners

13. Challenges when doing a BIA
• Commitment
• Level of effort
• “Right” effort
• Correctness /Completeness
• No excessive overlap / no white spots

14. Sokrates Maps – what’s this?

15. Sokrates Maps – what’s this?

16. Sokrates Maps – what’s this?

17. Sokrates Maps – Benefits
• Benefits
– Foundation of method
– Psychological background
– Common view across hierarchies and disciplines
– Discover new:
• Ideas
• Facts
• Relationships
• Dependencies
• Communicate & visualize
• Hierarchical view on complex situations
• Electronic representation, communication and archiving

18. Sokrates Maps - Applications

19. Sokrates Maps - Applications
 Board Level view of a
hospital:
 Get the big picture
◦ Based on details

20. Sokrates Maps - Applications

21. Sokrates Maps for BIA
• Visualisation of the standards (psychological foundation)
– ISO 22301, ISO 22317 (maturity model)
• Assessment tool, BIA support tool
– Presentation of BIA findings (electronic representation, communication and
archiving)
– Usage as questionnaire (maturity model, psychological foundation)
• Single person or in workshops
– Visualisation (hierarchical, common view across disciplines)
• Overlaps (discover ideas, facts, relationships, dependencies)
• Gaps (discover ideas, facts, relationships, dependencies)
• Redundancies (discover ideas, facts, relationships, dependencies)
–  Enhanced BIA quality and maturity

22. BIA Critical Success Factors
• Follow best practices such as
– BCI’s Good Practice Guidelines and/or
– ISO Standards such a ISO 22301, ISO 22313 and ISO/TS 22317
• Obtain top management commitment
• Apply project management methodologies
• Follow a BIA approach fit for the selected type of BIA
• Use an approach compatible with the company’s structure
• Deploy tools helping to obtain a “true and fair” representation
of products, services, priorities, dependencies and
requirements
• Develop a hierarchical view on complex situations
• Use electronic representation, communication and archiving

23. Thank you