More Related Content Similar to PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA) (20) PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)1. PECB Webinar
2015-09-30
© 2015
Dr. Wolfgang H. Mahr, M.Sc., BBA, MBCI,
CISA
governance & continuuuity gmbh
CH-8408 Winterthur, Switzerland
www.continuuuity.ch
LinkedIn, XING, Twitter, YouTube
wolfgang.mahr@continuuuity.ch
Page1
2. PECB Webinar
2015-09-30
© 2015 Page2
Why a BIA?
Publication Status
BIA in the BCM Life Cycle
BIA in the BCMS Life Cycle
Outcomes of the BIA
BIA supporting BCM Goals
BIA Critical Success Factors
Challenges when doing a BIA
ISO/TS 22317 on BIA
Context of ISO/TS 22317
BIA Life Cycle
BIA Process
3. PECB Webinar
2015-09-30
© 2015 Page3
BCM is a cyclic process
BCM is based on continuous improvement
BIA makes you know your processes better
BIA is the base for the subsequent development of
one or more Business Continuity Strategies
…
7. PECB Webinar
2015-09-30
© 2015
Major outcomes include:
◦ Validation of the organisation’s BC programme scope
◦ Identification of requirements the organisation
◦ Determination of impacts, over time (of disruptions)
◦ Identification of relationships between
Products/services
Processes
Activities
Resources
◦ Resources needed to perform prioritised activities
Such as facilities, people, assets, supplies, financial resources
◦ Dependencies and interrelationships
◦ …
Page7
8. PECB Webinar
2015-09-30
© 2015
Protecting company value and reputation
Safeguards the reputation and future of the
company in an emergency
Increase shareholder value and
demonstrates commitment by management
Assures the survival of the company in the
case of a serious incident
Minimize financial losses in case of an
incident or emergency
BIA supporting BCM Goals
Page8
9. PECB Webinar
2015-09-30
© 2015
BIA Critical Success Factors
Page9
Follow best practices such as
◦ BCI’s Good Practice Guidelines and/or
◦ ISO Standards such a ISO 22301, ISO 22313 and ISO/TS 22317
Obtain top management commitment
Apply project management methodologies
Follow a BIA approach fit for the selected type of BIA
Use an approach compatible with the company’s structure
Deploy tools helping to obtain a “true and fair” representation of
products, services, priorities, dependencies and requirements
Develop a hierarchical view on complex situations
Use electronic representation, communication and archiving
10. PECB Webinar
2015-09-30
© 2015
Commitment
Level of effort
“Right” effort
Correctness /Completeness
No excessive overlap / no white spots
Challenges when doing a BIA
Page10
11. PECB Webinar
2015-09-30
© 2015
Developed by ISO TC292 (“Security and Resilience”), work started in ISO
TC223
Published on 2015-09-17
Based on ISO 22301, ISO 22313 and ISO 22300
Focus on Performing the BIA:
◦ Project Planning and Management
◦ Product and Service Prioritisation
◦ Process Prioritisation
◦ Activity Prioritisation
◦ Analysis and Consolidation
◦ Top Management Endorsement of BIA Results
Annexes on
◦ Terminology Mapping
◦ Information Collection Methods
ISO/TS 22317 on BIA
Page11
13. PECB Webinar
2015-09-30
© 2015
BIA Life Cycle
Page13
4 Prerequisites
5.3 Product and Service Prioritization
5.4 Process Prioritization
5.5 Activity Prioritization
5.6 Analysis & Consolidation
5.7 Top Management Endorsement
5.8 Proceed to BC Strategy
15. PECB Webinar
2015-09-30
© 2015
BIA Process 1
Page15
5.2 Based on Project Planning and Management
Stakeholders:
5.3 Top Management: Product and Service Prioritization
5.4 Process Owners: Process Prioritization
5.5 Activity Managers: Activity Prioritization
16. PECB Webinar
2015-09-30
© 2015
BIA Process 2
Page16
5.6 Analysis and Consolidation
5.7 Obtain Top Management Endorsement of BIA Results
5.8 After the BIA: Business Continuity Strategy Selection