BC - Business Impact Analysis
Terms
undefined, object
copy deck
- Identify knowledgeable people in each functional acra to act as _____ in the BIA process
- representatives
- Identify business functions
-
people
technology
facilities - ____ ____ ____ is the identification of the effect on the orginization of the risks to it, should they occur
- Business Impact Analysis
- What are three acceptable methods of collecting data for a Business Impact Analysis
-
Questionaiires
Interviews
Workshops - Processes used in the business that must go right every time to be successful
- Critical success factors
- Seeks to ensure that mission critical activities are maintained during a crisis
- Business Continuity Management
- Typical Business Processes
-
Process customer orders
Support Installed products
Measeure product quality - Key critical success factors
-
Best in class quality
New products that satisfy market needs
Excellent suppliers
Motivated skilled workers - Profit activities may be divided into three categories
-
creators - core
supporters - support
dissipaters - discretionary - Pareto Principle
-
80%
20% - ____________ may be designed to help identify the value that flows through particular process, equipment, facilities, or people
- Questionaiares
- What are some issues with using questionaires
-
Completion rate is low
Mmay be unrepresentitive
Misinterpretion
Everybody's function is important - When creating an interview what is important to consider?
- structured format
- Who should be interviewed
- Mix of grades - senior, mid level, and junior
- What are considerations when using a workshop methold of collecting data?
-
Need clear agenda
Identify appropriate level of participation
Have a facilitator - BIA consideration for potential loss of assets
- key personnel, physical assets, information assets, intangiable assets including market share and reputation
- BIA consideration for disruption to the continuity of service and operations
- When a business ceases to operate a fear arises will it be able to restart? Will customers, suppliers, and investors grow wary?
- BIA consideration Violation of applicable laws or regulations
- Regulations, missed deadlines, fines can bring unfavorable attention and cast doubt on the leaders
- Financial impact of the distuption
- cost to rebuild, new marketing efforts required, potential moving costs, cost to hire new employees, replacement costs, legal actions
- Customers and suppliers
-
What would happen to the customers
Supply chain - Public relations and credibility
- Does the company appear to be mismanaged
- Environmental
- IS here an environmental damage caused by the event, consider the Valdez
- Operational
- What impact does it have on production? Will it impact the ability to procuce goods and services
- Personnel
- Is life or safety affected? Will the employees feel we are caring
- Backlog created by the event
- After the event the backlog will increase
- Quantitative
- Counting
-
Property loss
Revenue loss
Fines
Cash flow and prevention of credit lines
legial liability
Human resources - Quantitative
-
Human resources
Morale
Confidence
Legal
Socal and corporate image - Qualitative
- Qualitative
- Expert opinion
- creepng disaster
- not a sudden event but a slow deteriationinto disaster over a period of time
- Financial loss could include
-
Brand image recovery
Loss of share value
Loss of control ver debetors - Cause of financial loss
-
Cost to replace equipment
Cost of replacing software
Salaries paid to staff, unbillable work - What vial records must be considered?
-
Paper records
Personnel records
Finance records, AR, AP, contracts, code and supplier lists, credit files
Diagrams, manuals, Customer contact data; homegrown databases - BIA Points scoring
- Assigning a value, for example from 1 to 5 for the probability of occurance of an events occurance
- Annualized Cash scorong
-
Using local statistics, either from emergency planners or from insurers to identify the likihood of event occuring
For example if 1 in 15 chance of event occuring, and building valued at $45m divide $45m/15y = $3m - Alphabetic rating
- Using letters rather than numbers to score risk probability
- MAO
- Maximum Acceptable Outage
- We need to understand the cumulative losses each minute, hour, day to the point at which loss becomes unsustainable
- Recovery window
- Losses may not be a straight line
- They may accumulate gradually then suddenly become exponential, This could result if there is a quality issue or maybe a software bug
- Service Level Agreement
- Define the minimum accecptable qualit of service to the customer, the minimum requirement that meets the customers needs
- Generally after a disaster ____ capacity is required than during normal operations
- More, Typically the cumulative workload is underestimated and many critical processes may have peaks. More capacity is required in terms of operational equipment, computing capacity, and telephony
- Generally after a disaster resource requirements are ____ estimated
- They are generally over estimated, for example is it reasonale to expect to have 250 people to man PC's in 8 hours after a disaster. Usually company's will oversubscribe to resources
- What is the third Knowledge area in Business Continuity?
- Business Impact Analysis
- What knowledge areas come before this?
-
1. Project Initiation
2. Risk Evaluation