6th Annual bsi BCM Conference Business Impact Analysis Steven - - PowerPoint PPT Presentation

6th annual bsi bcm conference business impact analysis
SMART_READER_LITE
LIVE PREVIEW

6th Annual bsi BCM Conference Business Impact Analysis Steven - - PowerPoint PPT Presentation

Nov 02, 2023 24 likes •136 views

6th Annual bsi BCM Conference Business Impact Analysis Steven Cockcroft MSc Senior Consultant Ultima Risk Management Business Impact Analysis Overview The BIA is the foundation on which the BCM process is built Used to identify,

slide-1
SLIDE 1

6th Annual bsi BCM Conference Business Impact Analysis

Steven Cockcroft MSc Senior Consultant Ultima Risk Management

slide-2
SLIDE 2

Business Impact Analysis Overview

The BIA is the foundation on which the BCM process is built Used to identify, quantify and qualify the business impacts of a loss, interruption or disruption of business activities Allows management to determine at what point in time an

  • utage becomes intolerable

Maximum Acceptable Outage (MAO). Previously known as MTPD Provides data from which appropriate continuity requirements and strategies can be determined

slide-3
SLIDE 3

Impact Analysis

Qualitative

Minor:

  • Small-scale financial loss

Moderate:

  • Medium financial loss

Major:

  • Major financial loss

Catastrophic:

  • Financial loss threatens

survival of business

Quantitative

Minor:

  • Financial loss of >£1,000

Moderate:

  • Financial loss of >£10,000

Major:

  • Financial loss of >£100,000

Catastrophic:

  • Financial loss of £1,000,000
  • r more
slide-4
SLIDE 4

Impact Areas

Financial Reputation Brand Contractual obligations Legal requirements Regulatory requirements Customer service Pipeline/future business Loss of key suppliers Loss of goodwill

slide-5
SLIDE 5

Collecting Data

Interviews, workshop or questionnaire Identify graduated periods of disruption:

Relevant to business How far ahead

Agree impact levels to be used How to document results

slide-6
SLIDE 6

Information Required from BIA

The unit/department’s function and supporting activities The impact on the organisation if each activity was not done for 1 day, 2 days, etc.

Measure against impact levels

The stage at which the impact becomes high/catastrophic:

What makes the impact so high? Be prepared to challenge Ensure the impact affects the organisation

Times of the year when the length of time before reaching high impact differs

slide-7
SLIDE 7

Information Required from BIA

Recovery time objective (RTO) The minimum level of service acceptable for recovery The resources that are required to deliver this level of service:

People Premises Information Technology Etc…

Any internal or external supplies or services the activity is dependent upon Recovery point objective (RPO)

slide-8
SLIDE 8

EXERCISE

slide-9
SLIDE 9

Example BIA Output

slide-10
SLIDE 10

Example Recovery Profile

Resource Name Business As Usual Recovery Point Objective 1 Day 2 Days 4 Days 1 Week 4 Weeks 12 Weeks People

  • Premises

United Kingdom

  • Suppliers
  • Information
  • Technology

!"#

  • !"#
  • !"#
  • !"#
  • !"#$
  • !"#%
  • !"#&
  • !"#'
  • !"#
  • !"#(
slide-11
SLIDE 11

Key Points

The BIA must be carried out and accurately reflect the business The whole BCM process relies upon this stage being an accurate reflection of management views The method of collecting the information must be appropriate to the organisation’s culture Impacts must be clearly documented and not overstated or understated Focus on the critical/important but do not lose sight of the less critical/less important