02 Practical Strategies of Conducting BIA


Published on

Published in: Business, Education
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • BCM Institute Leading global Business Continuity (BC) & Disaster Recovery (D R) Institute. Established in 2005. Offers a wide range of quality BC and DR courses. Certified over 1,250 professionals from 36 countries.
  • Key Concepts and Definitions from BCMpedia.org Minimum Business Continuity Objective, MBCO.Business Impact Analysis, BIA.Critical Business Function, CBF.Recovery Time Objective, RTO.Recovery Point Objective, RPO.Quantitative and Qualitative Impact.
  • Activity:Develop the MBCO for two of the business units found in the case studyTime Allocated:15 minutes individual activity15 minutes of class activities
  • Maximum Tolerable Period of Disruption and Recovery Time Objectives Business Function codeThe code that the will be allocated to the business function. E.g. Finance – Accounts Payable will be FIN-01, Human Resources – Welfare and Benefits will be HR-02.Impact AreaThis is the Impact to the organization due to the unavailability of the function. This will have been derived in the previous section.Impact over timeBased on the Risk Descriptor attached, indicate what is the impact to the organisation that will be caused by the unavailability of this business function at the respective time frames. This will be based on a scale of 1 to 5 and the impact descriptor illustrating this is attached in table 1-1.Recovery Time Objective (RTO)The RTO is the maximum acceptable length of time that can elapse before the unavailability of a business function severely impacts the organisation. For the conduct of this Business Impact Analysis, the RTO is the point of time where the impact reaches a 3.Maximum Tolerable Period of Disruption (MTPD)MTPD is the duration after which an organization's viability will be irrevocably threatened due to the adverse impacts that would arise as a result of not performing the business function. For the conduct of this Business Impact Analysis, the MTPD is the point of time where the impact reaches a 5.
  • 02 Practical Strategies of Conducting BIA

    1. 1. Practical Strategies of Conducting a Business Impact Analysis<br />
    2. 2. Practical Strategies of Conducting a Business Impact Analysis<br />Dr Goh Moh Heng <br />PhD BCCE DRCE BCCLA<br />President<br />2<br />
    3. 3. Dr Goh Moh Heng<br />President<br />Business Continuity Management (BCM) Institute<br />www.bcm-institute.org<br />Managing Director<br />GMH Continuity Architects<br />Asia Pacific BCM Consulting Firm<br />www.GMHasia.com<br />Professional BCM Appointments<br />Technical Advisor for TR19:2005 & SS540:2008 BCM Standard (Management Council and Technical Committee) www.ss540.org<br />Project Director, Technical Working Group for SS507:2004 <br />ISO/IEC 24762 Guidelines for BC-DR Services<br />SS507<br />SS540<br />http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng<br />
    4. 4. Dr Goh Moh Heng<br />Prior Appointments<br />Government of Singapore Investment Corporation (GIC)<br />Standard Chartered Bank<br />Global Head for BCM<br />PriceWaterhouse (Coopers)<br />Past Certification Broad Member for DRI International’s Certification Board<br />Past Executive Director for DRI Asia<br />Senior Technical Advisor, China Business Continuity Management Forum<br />http://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng<br />
    5. 5. BCM Institute<br />Started in January 2005.<br />Provide competency based BC-DR training to all levels.<br />Certify BC-DR professionals globally.<br />Started Certification programme in April 2007.<br />More than 1500 professionals from 850 organizations and 40 countries.<br />
    6. 6. Professional Certification<br />Business Continuity<br />IT Disaster <br />Recovery<br />BCM Audit<br />Membership<br />
    7. 7. Agenda<br />What Exactly is BIA?<br />Key concepts<br />Strategic, tactical and operational BIA<br />Walkthrough of BIA Template<br />
    8. 8. Source: <br />Goh, Moh Heng (2008): Managing Your Business Continuity Planning Project 2nd Edition ISBN: 978-981-05-9767-2<br />Business Impact Analysis<br />How-to Do It?<br />
    9. 9. Business Continuity Management Body of Knowledge 3 <br />Implement business impact analysis (BIA) process. <br />Understand the principles and scope of the BIA process. <br />Apply the BIA implementation process. <br />Understand the available BIA data collection mechanisms. <br />Determine and apply the appropriate BIA data collection mechanism. <br />Design a custom tailored BIA questionnaire. <br />Gather BIA Information. <br />Identify activities that support Critical Business Functions (CBF) and identify owners. <br />Determine impacts of a disruption to each activity/process across the organization that may damage organization's reputation, assets or financial position. <br />Quantify timescales where interruption becomes unacceptable to organization. <br />Determine key requirement for organization-wide tolerable downtime. <br />Determine Inter-dependencies and intra-dependencies. <br />Identify vital records needed for recovery. <br />Identify and document CBFs, critical processes and critical application. <br />Determine continuity resources. <br />Provide the resource information to determine or recommend recovery strategies. <br />Identify internal and external resource requirements to support activities. <br />Quantify the people, technology and telephony resources required over time to maintain business activities at an acceptable level and within the maximum tolerable period of disruption. <br />Seek Executive Management Approval. <br />Seek sign off of requirements by process owners. <br />Present requirements to executive management and seek approval to adopt the findings as the basis for determining a BC strategy. <br />9<br />http://www.bcmpedia.org/wiki/BCMBoK_3:_Business_Impact_Analysis<br />
    10. 10. Mandatory Understanding of BIA Terminology<br />Minimum Business Continuity Objective (MBCO)<br />Business Impact Analysis (BIA)<br />Critical Business Function (CBF)<br />Recovery Time Objective (RTO)<br />Recovery Point Objective (RPO)<br />Impact <br />Quantitative<br />Qualitative<br />
    11. 11. Business Impact Analysis Steps<br />Determine information to gather<br />Tailor questionnaires to internal requirements<br />Conduct training on completion of questionnaire<br />Collate and review questionnaires<br />Conduct selective interviews<br />Consolidate and analyze data<br />Summarize and present findings<br />
    12. 12. Recovery Time Objective<br />Time-Sensitive<br />Systems are <br />Operational <br />with Current &<br />Accurate Data<br />Time-Sensitive<br />Systems are <br />Operational <br />Resumption of Critical Functions<br />Point of<br />Disruption<br />Recovery Time Objective<br />Time<br />The maximum tolerable time within which Critical Business Functions must be restored to its MBCO<br />
    13. 13. Wks<br />RTO versus RPO<br />Secs<br />Mins<br />Hrs<br />Days<br /> Wks<br />Secs<br />Mins<br />Hrs<br />Days<br />Recovery Point<br />Recovery Time<br />
    14. 14. BCMpedia<br />www.bcmpedia.org<br />
    15. 15. Minimum Business Continuity Objective (MBCO)<br />is the minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during an incident, emergency or disaster. <br />is set by the Executive Management of the organization and can be influenced, dictated and/or changed by current regulatory requirements or industry practices.<br />The definition provided here rephrases the operational perspective into an objective - the mission objective for BCM<br />
    16. 16. MBCO<br />16<br />
    17. 17. Walkthrough of a BIA Questionnaires<br />Workbook<br />
    18. 18. Minimum Business Continuity Objective<br />
    19. 19. P1: Identify BU and Business Functions<br />Workbook<br />
    20. 20. P2: Identification of Impact<br />Workbook<br />
    21. 21. P3: Impact Over Time<br />Workbook<br />
    22. 22. P4: Vulnerable Periods of Critical Business Functions<br />Workbook<br />
    23. 23. P5: Resources Required for Critical Business Functions during a Crisis<br />Workbook<br />
    24. 24. P6: Inter-dependencies<br />Workbook<br />
    25. 25. P7: Vital Records<br />Workbook<br />
    26. 26. BCM Institute Forum<br />Building a Community<br />80% Asian and Middle Eastern BCM and DR Professionals<br />bcmi.groupsite.com<br />
    27. 27. Summary<br />Provide a key understanding on the fundamentals of BIA<br />Understand the strategic, tactical and operational aspects of BIA<br />Experienced a walkthrough of BIA process using template<br />Be aware of tools and guides<br />
    28. 28. THANK YOU<br />Dr Goh Moh Heng<br />President<br />Mobile: +65 96711022<br />Tel: +65 63231500<br />Fax: +65 63230933<br />Email: moh_heng@bcm-institute.org<br />