
上传人:文库蛋蛋多 文档编号:2229943 上传时间:2023-02-03 格式:PPT 页数:44 大小:399.50KB
返回 下载 相关 举报
第1页 / 共44页
第2页 / 共44页
第3页 / 共44页
第4页 / 共44页
第5页 / 共44页


1、1,Business Continuity ManagementCourse for Advanced Professionals Introduction,2,Subject Area 3:Business Impact Analysis,3,Lesson Overview,What is a BIA?Objectives of a BIABenefits of a BIARecovery Time Objective(RTO)Disruption or Disaster?Phases of a BIAResults of a BIA,4,Professional Practices for

2、 Business Continuity Professionals,Project Initiation and ManagementRisk Evaluation and ControlBusiness Impact AnalysisDeveloping Business Continuity StrategiesEmergency Response and OperationsDeveloping and Implementing Business Continuity PlansAwareness and Training ProgramsMaintaining and Exercis

3、ing Business Continuity PlansCrisis CommunicationsCoordination with External Agencies,5,Objectives,Identify the impacts resulting from disruptions and disaster scenarios that can affect the organization and techniques that can be used to quantify and qualify such impacts.Establish critical functions

4、,their recovery priorities,and interdependencies so that recovery time objective(s)and recovery point objective(s)can be set.,6,The Professionals Role(1/2),Identify Knowledgeable Functional Area Representatives for the BIA processIdentify Organization Functions including information and resource(peo

5、ple,technology,facilities,etc.)Identify and Define Criticality CriteriaObtain Management Approval for Criteria DefinedCoordinate Analysis,7,The Professionals Role(2/2),Identify Interdependencies(internal and external to the organization)Define Recovery Objectives and TimeframesDefine Report FormatPr

6、epare and Present Final BIA to Management,8,The Planning Process,Objective evaluate the critical operations for the organization and determine timeframes,priorities,resources,&interdependenciesSome key tasks Determine the scope of the analysisIdentify key business processesGather and verify informat

7、ionAnalyze and present the resultsSome key deliverables A list of outages and probability of occurrenceThe costs of loss versus the costs of preventionRecovery priorities-RTO,RPO,&interdependencies,ProjectManagement,RiskAssessment&Analysis,BusinessImpactAnalysis,9,What is a BIA?,A process designed t

8、o Identify critical business functions and workflow,Determine the qualitative and quantitative impacts of a disruption,and Prioritize and establish recovery time objectives,10,Senior Management Commitment,Establishes the BIA as a concern of the entire organizationInvolves all business units and depa

9、rtmentsCoordinates the process ensuring its effectiveness within the organizationIdentifies and establishes a project sponsor,11,Business Impact Analysis,Identify,categorize&prioritize Critical functions Critical/Vital records Required resources,personnel&equipment,12,Business Impact Analysis,Assess

10、 impacts and effects of disruptions over timeDetermine loss exposure over time,13,Business Impact Analysis,Identify business processes Interrelationships Dependencies Validate information,14,Purpose of a BIA,To provide the business rationale for a Business Continuity PlanTo provide a factual,underst

11、andable,and informative set of findings that management can use to provide direction for development of the Business Continuity ProgramTo communicate the inherent vulnerabilities of the business units,business processes and systems that comprise the organization,15,Purpose of a BIA,To identify which

12、 business processes an assets require the highest level of protectionTo provide information that assists in the identification of strategies and alternativesTo provide financial data to help select appropriate levels of investment for protectionTo establish the recovery objectives and time line,16,O

13、bjectives of a BIA,Identify Essential business functions and operations Potential financial exposures and impacts Qualitative or operational exposure and impactsDetermine when exposures and impacts beginDetermine resources needed Technology Infrastructure Personnel Vendor Support,17,Objectives of a

14、BIA,Assess impact(s)of disruption over timeDetermine time criticality of Business functions Business processes Departments Work areas as related to total organization functionIdentify interdependenciesIdentify legal and regulatory requirements,18,Objectives of a BIA,Determine recovery timeframes and

15、 minimum resource requirements Critical functions based on level of criticality Determine order of recovery Determine minimum resource requirementsEstablish the organizational value of each business unit as they relate to the functioning of the total organization,19,Recovery Time Objective,The perio

16、d of time within which systems,applications,processes,or functions must be recovered after an outageRTO s are often used as the basis for Establishing priorities Developing strategies As a determinant as to whether or not the event is a disruption or a disaster,20,Recovery Time Objective(RTO),The ti

17、me within which Business Functions or Application Systems must be Restored to Acceptable Levels of Operational Capability to Minimize the Impact of an Outage,Time,Recovery Time Objective,BusinessProcessesFunctional,Point of Disruption,RecoveryOfOperations(Business Or Data Processing),Business Functi

18、onsOr Application SystemsOperationalWith Current&Accurate Data,Is the time between the point of disruption and the point at which BUSINESS FUNCTIONS or APPLICAATION SYSTEMS must be operational AND updated to current status.,Craphic 2006 FAIRLAMB and Associates,Inc.,21,Recovery Point Objective,Potent

19、ial lost transactions Manual processes Interim operational competenciesLast available data backupTarget recovery point in timeTolerable data lossInventory and backlog issues,22,Disruption or Disaster?,DisruptionEvent RTOImpacts are limited and controlledDisruption$,Disaster Event RTO Impacts are ext

20、ensive and outside of control Disaster$,23,Identify BIA Participants,Represent all business functionsAppropriate organizational levelConsistent organizational levelCredible representative,24,Determine Approach,InterviewQuestionnaireWorkshop sessionCombination,25,Define BIA Focus Areas,Business proce

21、ssesImpact factors:qualitative&quantitativeCritical dependenciesResource requirementsLegal/Regulatory issuesAlternate processes,workarounds,interim operations,&manual processesVital record&documentation,26,Question Design,Good questions result in Listing all business functions,operations and process

22、es Showing quantitative and qualitative exposures over time by Process Function Department ServiceIdentification of critical time frames and recovery priorities,27,Process Questions,Identify processesInterrelationships between processesProcess dependencies,28,Impact Questions,Identify impact factors

23、 Operational Financial Regulatory reporting requirements Outage timing Quantitative Qualitative,29,Impact of Disruptions on Organization,FinancialCustomerPublic relationsLegalRegulatoryMarket share,EnvironmentalOperational Personnel Other resources Contractual,30,Financial Exposures&Impacts,Lost rev

24、enueLost interest on“float”Fines and penalties Contractual Legal(Could we be sued?)Regulatory(ISO,Federal,State,County,Local,Industry related)Interest paid on loansLost opportunity costsLost trade discounts,31,Document Business Processes,Interrelationship between processesProcess dependencies Intra-

25、department Inter-department Technology Processes,32,Document Critical Dependencies,Support requirements Intra-departmental Inter-departmental Critical external Time sensitivity,33,Categorize by Criticality,Define criticality parametersDevelop levels or categories of criticalityIdentify critical func

26、tionsIdentify vital records to support business continuity and restorationCategorize qualitative findings by high/medium/low,34,Group by Category,List business functions by criticality and time sensitivityPrioritize critical business functionsConsolidate and group recovery times with the organizatio

27、n,Key Interfaces,Recovery Priorities,Critical BusinessProcesses,35,Recovery Timeframes,Determine RTO or recovery windows for critical business functionsDetermine the order of recovery based on level of criticalityDetermine the RPO,36,Resource Requirements,Determine minimum resource requirements for

28、recovery and resumption of critical functions and support systemsDetermine resource replacement timesInternal&external resourcesOwned versus non-owned resourcesExisting resourcesAdditional resources required,37,Resource Restoration Schedule,Milestone 1.Restore System AMilestone 2.Restore Business Pr

29、ocess BMilestone 3.Restroe Business Process C,RTO-C,RTO-B,RTO-A,Increasing Time,Critical functions or processes operating at pre-defined minimum levels,*RTO=Recovery Time Objective,38,Alternatives&Work-Arounds,Existing procedures and practicesManual interim processesDefer or suspendBacklog and inven

30、tory impactsBacklog resolution and catch up strategiesAlternative strategies,39,Results of a BIA,Identification of Potential financial exposures and impacts Potential unbudgeted/unplanned expenses When exposures and impacts begin and how quickly they escalate Required resources Internal and external

31、 dependencies Magnitude of operational impacts,40,What is Your Cost of Downtime?,Revenue Direct loss Compensatory payments Lost future revenues Billing losses Investment losses,Financial Performance Revenue recognition Cash flow Lost discounts(A/P)Payment guarantees Credit rating Stock price,Product

32、ivity Number of employees impacted hours out burdened hourly rate,Damaged ReputationCustomersSuppliersFinancial MarketsBanksBusiness Partners,etc.,Other ExpensesTemporary employees,equipment rental,overtime costs,extra shipping costs,travel expenses,etc.Source:Gartner Research,Know your downtime cos

33、ts per hour,day,week,etc.,41,Presentation Objectives,Receive specific approval and direction regarding strategy development for mitigation of potential impactsObtain executive buy-in and acceptance of Relative ranking of functions and applications Timeframes for TROs and their implicationsMaintain e

34、xecutive involvement Executive Sponsor(s)Periodic status reports,42,Summary,The BIA is crucial in determining exactly where all critical information residesThe BIA provides management key information for making strategic decisions regarding business continuity and recoveryThe approach to your data collection process will help you to focus your questionsIt is important to validate your results,43,Sample BIA Results,44,Sample BIA Results,


当前位置:首页 > 建筑/施工/环境 > 项目建议



宁公网安备 64010402000987号