Blog

Monthly Archives: September 2013

The Almighty Business Impact Analysis (BIA)- The Who, What, When, Why, and How

Business Impact Analysis (aka BIA) is one of the most critical Business Continuity Planning components. During this step we identify critical processes within the organization, calculate qualitative and quantitative impacts, specify required resources, and most importantly, define the Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

With that said, we will break down the good ol’ Who, What, When, Why, and How of this process. Let’s get started!

Who:

You! If you are reading this, then you have probably been assigned the glorious role of Business Continuity Planner, Disaster Recovery Planner.  For many, this can be a daunting undertaking. An annoying task, it’s not like you don’t have enough on your plate, right?

Well lucky for you, there are people like us in this world who truly enjoy this industry. It is our goal to make Business Continuity Planning (BCP) as easy as possible while obtaining valuable results. Let’s keep going.

What:

What is a Business Impact Analysis (BIA) you ask? In a nutshell, the BIA is a methodical process that analyzes the impacts of a disruption to your normal business operations.

Below we have broken down the common fields and questions that are found in a BIA.

General Information:

Process Name

Process Description

Business Unit/Department

Time Sensitivity

Frequency

Qualitative and Quantitative Impacts:

Financial Impact

Regulatory Impact

Legal Impact

Operational Impact

Customer Impact

Required Resources:

Applications

Critical or Key Staff

Communication Systems

Locations

Vital Records

Supplier/Vendor

Dependencies:

All interlinked inputs and outputs for the process

Recovery Time Objective (RTO) and Recovery Point Objective (RPO):

RTO of the process

RPO of the process

Depending on the standard you follow, there can also be the Maximum Allowable Downtime (MAD), or  Maximum Tolerable Period Downtime (MTPD), etc.

Sign Off/Approval:

Upon completion of the BIA, it is important to have it signed off or approved by Executive Management.

When:

Now! If you haven’t conducted a BIA, then you are pretty much guessing which process are more critical than others.

The BIA is conducted after the Risk Assessment, (Step 3 in our methodology). Like your Business Continuity Plan, this is also a living document. It should be maintained and updated at least annually, and definitely when changes occur within the organization.

Why?

Simply to understand what processes are critical to your organization. If you were facing a major interruption, wouldn’t you want to know how to stop the bleeding ASAP?  By conducting a BIA, you will understand which processes are your organization’s critical arteries. Something you don’t want to find out during an actual disaster. Think: avoid financial loss, legal issues, and reputation impact.

How?

This is the fun part. When conducting a BIA there are a few things you will need to do:

  1. Identify the BIA method. Will you send a survey? Have a group session? Conduct one-on-one interviews? There is no right or wrong way, but one-on-ones typically capture the best data.
  2. Once you have decided on the style, you will need to schedule these meetings/surveys with the subject-matter expert of the process. Why? To ensure you get valuable and correct data.
  3. If your industry is regulated, use that as your fire power ( i.e. “If we don’t complete the BIA we’ll have regulatory penalties”). If not, make sure to get Executive Management support to help you with departments that are reluctant in partaking in the BIA. 

To learn more about how Continuity Innovations can help you with your BIA, please contact us:

Phone: 888-907-9902

Email: info@continuityinnovations.com

The Call Chain Test- Why every company should conduct this test

“The Call Chain Test”

When was the last time you conducted a Call Chain or Call Cascade Test?

The ability to communicate with your staff during an emergency is critical. The Call Chain/Cascade Test is one of the easiest exercises to conduct and provides valuable results. The purpose of the Call Chain Test is to ensure that it is possible to contact your staff in the event of an incident or emergency.  We recommend that a Call Chain Test be conducted annually to ensure that all of your employees contact information is accurate.

Below are some tips on how to conduct a Call Chain Test.

  • Make it Fun! When calling your employees, pass on a message like…”tomorrow is jeans day”, or wear your “favorite football jersey”.  The staff who got the message are rewarded, and those who couldn’t be reached will definitely ensure to update their info so they don’t miss out the next time!
  • Prepare ahead of time.
  • Most importantly, please make sure the message recipient knows that this is a “test” and not an actual emergency.
  • Prepare a call log and notate any findings or improvements needed.
Any Questions? Call Us Today!
(888) 907-9902