Professional Practice Three - Business Impact Analysis Flashcards
The BCP will demonstrate knowledge of Business Impact Analysis by (b)
Establish the Business Impact Analysis (BIA) process and methodology
The BCP will demonstrate knowledge of Business Impact Analysis by (a)
Identify the criteria to be used to quantify and qualify the entity’s impact from events.
The BCP will demonstrate knowledge of Business Impact Analysis by (c)
Plan and coordinate data gathering and analysis
The BCP will demonstrate knowledge of Business Impact Analysis by (d)
Gain leadership agreement on BIA methodology and criteria to be used
The BCP will demonstrate knowledge of Business Impact Analysis by (e)
Analyze the data collected against the approved criteria to establish RTO and RPO for each operational area and the technology that supports them
The BCP will demonstrate knowledge of Business Impact Analysis by (f)
Document minimum resource requirements for resumption and recovery of core and support business functions and their escalation over time.
The BCP will demonstrate knowledge of Business Impact Analysis by (g)
Prepare and present the BIA results to the entity’s leadership and gain acceptance of the RTO and RPO for each process.
How does BCP Identify the criteria to be used to quantify and qualify the impact to the entity?
Define and obtain approval for criteria to be used to assess the impact on the entity’s operations including 1)Customer impact, 2) Financial impact, 3) Regulatory impact, 4) Operational impact, 5) Reputational impact, 6) Human impact
Define Customer impact as it relates to BIA
How quickly customers will know, How worried they will be, What is the likelihood they will seek an alternative, What the impact to service level will be, The impact to supply chain customers, Injury or death of customer.
Define Financial impact as it relates to BIA
Loss of revenue, additional cost of recovery, clean up and restoration cost, loss of financial control, impact to cash flow, market share, future sales, share price of stock, contractual fines and penalties, Lawsuits
Define Regulatory impact as it relates to BIA
Fines, penalties, recall requirement
Define operational impact as it relates to BIA
Reduced services level, increased overtime cost, Workflow disruptions, loss of control, inability to meet deadlines, supply chain disruption
Define Reputational impact as it relates to BIA
Media attention, social media, community, shareholder confidence, competitor taking advantage of negative attention
Define Human impact as it relates to BIA
Loss of life and injury, impact to the community, stress, long term emotional impact
How will BCP establish the BIA process and methodology?
Identify and obtain a sponsor for the BIA, Define objectives and scope for the BIA process, Choose an appropriate BIA planning methodology, Choose an appropriate BIA data collection methodology.
Data to be collected include
Operational Process.
Impacts to the process and how those impacts change over time.
What are the minimum resource requirements to perform function at the minimum acceptable level?
Technology, Physical Space, Equipment, Vital Records, Personnel, Supplies
How would BCP plan and coordinate data gathering and analysis?
Data collection via questionnaires, data collection via interviews, data collection via workshop
How would BCP gain the leadership agreement on BIA methodology and criteria to be used? (a)
Identify and obtain agreement as to how potential financial and non- financial impact can be quantified and evaluated in each impact area.
How would BCP gain the leadership agreement on BIA methodology and criteria to be used? (b)
Identify and obtain agreement on requirements for non-quantifiable impact information in data collection.
How would BCP gain the leadership agreement on BIA methodology and criteria to be used? (c)
Establish definition of the impact scale to be used during the data collection.
How would BCP gain the leadership agreement on BIA methodology and criteria to be used? (e)
Identify team members to participate in BiA process
How would BCP gain the leadership agreement on BIA methodology and criteria to be used? (f)
Conduct data collection.
How would the BCP analyze the data collected against the approved criteria to establish RTO and RPO for each operational area and the technology that supports them? (a)
Based on the data collected, determine the prioritize toon of processes/services
How would the BCP analyze the data collected against the approved criteria to establish RTO and RPO for each operational area and the technology that supports them? (b)
Document interdependencies between each business process and the supporting infrastructure.
How would the BCP analyze the data collected against the approved criteria to establish RTO and RPO for each operational area and the technology that supports them? (c)
Determine the order of recovery for core and support business functions and technology.
How would BCP document minimum resource requirements for resumption and recovery of core and support business functions? (a)
Include internal and external resources, owned vs. non-owned, short vs. long term resource needs, and existing and additional resources.
How would BCP document minimum resource requirements for resumption and recovery of core and support business functions? (b)
Vital Records Management - Document vital records and evaluate existing backup and restoration procedures
How would BCP document minimum resource requirements for resumption and recovery of core and support business functions? (c)
Identify gaps between current recovery capabilities and requirements defined by the results of the BIA.
How would a BCP prepare and present the BIA results to entity’s leadership? (a)
Prepare draft BIA report using initial impact and identified gaps.
How would BCP document minimum resource requirements for resumption and recovery of core and support business functions? (b)
Prepare final BiA
How would BCP document minimum resource requirements for resumption and recovery of core and support business functions? (c)
Prepare and submit formal presentation of BIA findings to entity’s leadership.
How would BCP document minimum resource requirements for resumption and recovery of core and support business functions? (d)
Gain acceptance of the RTO and RPO for each process as defined by the results of the BIA.