際際滷

際際滷Share a Scribd company logo

Business Impact Analysis

D
dlfrench

Overview of conducting a Business Impact Analysis (BIA) for the purpose of Business Continuity and Disaster Recovery Planning.

1 of 23
Business Continuity Mt Xia Inc May 2011 Business Impact Analysis http://www.mtxia.com 615.556.0456
Objectives of Business Impact Analysis In this outline, we will Learn the importance of targeting solutions at those areas with maximum impact on the business By deciding Who resources the business impact analysis team How to gather impact data What are the consequences for IT of identified business impacts
BIA is a component of DRP Disaster Recovery Planning Business As Usual Project Goals Identify Threats Business Impacts Design Contingent Produce Plan Test and Deploy Maintain the DR Plan Identify Critical Processes Identify IT Resources
Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
Purpose of Business Impact Analysis To quantify effect of disruption on business operations Financial and functional impact Business-focused Enables or justifies decision on what to protect at what cost To identify and classify backup resources Divide the musts from the wants for assurance of business continuity
The BIA Process Identify main business functions For example, sales, marketing, finance, manufacturing, IT, et al. Identify major activities of each function Identify dependencies for all major activities Must include all prerequisites or facilitators For example, ICT infrastructure and applications Manufacturing facilities, raw materials, customer contact centers, etc. Accommodation and transportation Quantify consequence from the loss of prerequisites
Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
Membership of BIA Team First decide who should be involved Senior management and board members Functional managers Divisional managers Site or geography managers Operational staff Board-level senior managers May be appropriate for small companies Too far from the action in large organizations But Can set corporate objectives and priorities Can add credibility and authority to project
Who Contributes to BIA Functional Managers Usually the most appropriate contributors Sales, marketing, manufacturing, finance Focused on a single business function Generally have a rational view on its place in the overall business May need to consult with their supervisory and operational staff to identify all touch-points on IT systems Divisional managers Divisions may often be treated individually as small companies Approach and format should be consistent Each division may wish to field its own management team Potential difficulty with representation of cross-divisional functions
BIA Detailed and Local Knowledge Site or geography managers Good overview of all functions May be appropriate to treat each site as individual company Approach and format should be consistent Operational staff Good knowledge of fine detail Need to keep in perspective Typically too many for workshop session Less cross-functional understanding Need to ensure level of contribution is consistent across different functional areas
Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
Gathering BIA Data What data do we need to gather? Fundamental purpose of the function Activities performed to achieve the purpose Resources required to perform the activities Consequences of non-availability of those resources How to gather the data Questionnaires Structured interviews Focused workshops Organizing the data Categorize requirements Document the results Text, spreadsheets, or database Purpose-designed software
BIA Questionnaires Designing and using questionnaires Make it easy for targets to respond Convenient Don't have to get all players together at one time Results need sanity checking Time-consuming to achieve good results Can precede workshop (to set the agenda, for example) Need skill and care to prepare effective questionnaire and avoid pitfalls Leading the audience toward an answer Danger of poorly considered response completed in a hurry Poor response rates or not completed at all Frequently need to contact respondents to clarify answers Easy for recipients to avoid hard or unpleasant concerns Inability to elicit full, frank information You didn't ask that
BIA Interviews Structured interviews Time-consuming and costly Capable of good results Danger of narrow thinking Results need sanity Checking
BIA Workshops Focused workshop Recommended approach Quick Lower cost than alternatives Highly effective Synergy from group Moderation from peers in real time Common understanding and decision criteria Drawbacks Difficult to schedule Needs good facilitator May still need follow-up
Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
Business Perspective of BIA Creates a statement of The critical operational needs How quickly I need it back How do I meet catch-up implications after the information systems become available again? How much I can afford to have lost when the process is restored The (non-IT) resources that are essential for me to achieve my fundamental purpose What do I need to do to ensure their availability? Identifies critical business applications Time scales and impacts Document in the DR plan Drives the IT perspective of BIA
IT Perspective of BIA From an IT perspective Driven by the business perspective of must-have applications Drivers What are the dependencies of the application? What other applications are required for it to function? What infrastructure (hardware, software, networking, etc.) does it require? How soon must it be available and what is the acceptable restart position? What volumes, timings, and user population are required in disaster mode? Is there a backup regime appropriate to these needs? Does the application support a staged/phased recover, or is it all or nothing? How will we protect it during DR mode operation? Identifies supporting infrastructure of the critical business applications Document in the DR plan
Recovery Plan Document By When?
Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
Application Categories Keep it simple using three categories 1 = essential to organization's ability to operate 2 = significantly reduces the organization's capabilities or profitability 3 = useful, but not important in the short term Restoring applications Category 1, as soon as possible within limits specified by the BIA Category 3, put to one side for consideration later Category 2, do simple cost/benefit analysis to ensure response is appropriate to need
Summary In this outline, we have seen that BIA concerns Identifying the cost of disruption in functional and financial terms Setting priority for restoring applications according to business needs Meaningful BIA is dependent on Appropriate contributors Appropriate data gathering techniques BIA output is viewed from two perspectives Business Perspective People, processes, non-IT resources, recovery time, musts/wants IT Perspective Technology resources required to deliver business applications in time scale demanded
Contact Information Mt Xia Inc. http://www.mtxia.com Dana French, President 615.556.0456

More Related Content

Business Impact Analysis

  • 1. Business Continuity Mt Xia Inc May 2011 Business Impact Analysis http://www.mtxia.com 615.556.0456
  • 2. Objectives of Business Impact Analysis In this outline, we will Learn the importance of targeting solutions at those areas with maximum impact on the business By deciding Who resources the business impact analysis team How to gather impact data What are the consequences for IT of identified business impacts
  • 3. BIA is a component of DRP Disaster Recovery Planning Business As Usual Project Goals Identify Threats Business Impacts Design Contingent Produce Plan Test and Deploy Maintain the DR Plan Identify Critical Processes Identify IT Resources
  • 4. Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
  • 5. Purpose of Business Impact Analysis To quantify effect of disruption on business operations Financial and functional impact Business-focused Enables or justifies decision on what to protect at what cost To identify and classify backup resources Divide the musts from the wants for assurance of business continuity
  • 6. The BIA Process Identify main business functions For example, sales, marketing, finance, manufacturing, IT, et al. Identify major activities of each function Identify dependencies for all major activities Must include all prerequisites or facilitators For example, ICT infrastructure and applications Manufacturing facilities, raw materials, customer contact centers, etc. Accommodation and transportation Quantify consequence from the loss of prerequisites
  • 7. Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
  • 8. Membership of BIA Team First decide who should be involved Senior management and board members Functional managers Divisional managers Site or geography managers Operational staff Board-level senior managers May be appropriate for small companies Too far from the action in large organizations But Can set corporate objectives and priorities Can add credibility and authority to project
  • 9. Who Contributes to BIA Functional Managers Usually the most appropriate contributors Sales, marketing, manufacturing, finance Focused on a single business function Generally have a rational view on its place in the overall business May need to consult with their supervisory and operational staff to identify all touch-points on IT systems Divisional managers Divisions may often be treated individually as small companies Approach and format should be consistent Each division may wish to field its own management team Potential difficulty with representation of cross-divisional functions
  • 10. BIA Detailed and Local Knowledge Site or geography managers Good overview of all functions May be appropriate to treat each site as individual company Approach and format should be consistent Operational staff Good knowledge of fine detail Need to keep in perspective Typically too many for workshop session Less cross-functional understanding Need to ensure level of contribution is consistent across different functional areas
  • 11. Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
  • 12. Gathering BIA Data What data do we need to gather? Fundamental purpose of the function Activities performed to achieve the purpose Resources required to perform the activities Consequences of non-availability of those resources How to gather the data Questionnaires Structured interviews Focused workshops Organizing the data Categorize requirements Document the results Text, spreadsheets, or database Purpose-designed software
  • 13. BIA Questionnaires Designing and using questionnaires Make it easy for targets to respond Convenient Don't have to get all players together at one time Results need sanity checking Time-consuming to achieve good results Can precede workshop (to set the agenda, for example) Need skill and care to prepare effective questionnaire and avoid pitfalls Leading the audience toward an answer Danger of poorly considered response completed in a hurry Poor response rates or not completed at all Frequently need to contact respondents to clarify answers Easy for recipients to avoid hard or unpleasant concerns Inability to elicit full, frank information You didn't ask that
  • 14. BIA Interviews Structured interviews Time-consuming and costly Capable of good results Danger of narrow thinking Results need sanity Checking
  • 15. BIA Workshops Focused workshop Recommended approach Quick Lower cost than alternatives Highly effective Synergy from group Moderation from peers in real time Common understanding and decision criteria Drawbacks Difficult to schedule Needs good facilitator May still need follow-up
  • 16. Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
  • 17. Business Perspective of BIA Creates a statement of The critical operational needs How quickly I need it back How do I meet catch-up implications after the information systems become available again? How much I can afford to have lost when the process is restored The (non-IT) resources that are essential for me to achieve my fundamental purpose What do I need to do to ensure their availability? Identifies critical business applications Time scales and impacts Document in the DR plan Drives the IT perspective of BIA
  • 18. IT Perspective of BIA From an IT perspective Driven by the business perspective of must-have applications Drivers What are the dependencies of the application? What other applications are required for it to function? What infrastructure (hardware, software, networking, etc.) does it require? How soon must it be available and what is the acceptable restart position? What volumes, timings, and user population are required in disaster mode? Is there a backup regime appropriate to these needs? Does the application support a staged/phased recover, or is it all or nothing? How will we protect it during DR mode operation? Identifies supporting infrastructure of the critical business applications Document in the DR plan
  • 20. Business Impact Analysis Purpose and Process Who is Involved? How to Gather Data Business and IT Perspectives Categorizing Applications
  • 21. Application Categories Keep it simple using three categories 1 = essential to organization's ability to operate 2 = significantly reduces the organization's capabilities or profitability 3 = useful, but not important in the short term Restoring applications Category 1, as soon as possible within limits specified by the BIA Category 3, put to one side for consideration later Category 2, do simple cost/benefit analysis to ensure response is appropriate to need
  • 22. Summary In this outline, we have seen that BIA concerns Identifying the cost of disruption in functional and financial terms Setting priority for restoring applications according to business needs Meaningful BIA is dependent on Appropriate contributors Appropriate data gathering techniques BIA output is viewed from two perspectives Business Perspective People, processes, non-IT resources, recovery time, musts/wants IT Perspective Technology resources required to deliver business applications in time scale demanded
  • 23. Contact Information Mt Xia Inc. http://www.mtxia.com Dana French, President 615.556.0456