Tri-Paragon Inc. 130 King Street West, Suite 1800, P.O. Box 427, Toronto, ON Canada M5X 1E3
Phone: 416.865.3392 Email: firstname.lastname@example.org
(The science of performance)
“If you think it is expensive to hire a professional to do the job, wait until you hire an amateur” Red Adair
Disaster Recovery Plan Consists of 2 primary inputs- Business Impact Assessment and Risk Analysis
Are you unprepared for unpredictable and unexpected events which can expose your systems to unplanned outages? Planning for negative events strengthens your ability to respond and reduces your exposure to high losses if you are unprepared. There is an obvious parallel between the theory of unpredictable and unexpected events and the need for
There is no way we can predict hardware or software failures, human error or neglect, natural calamities or terrorist acts. But, once we acknowledge that some of these events inevitably will happen on our watch, we have already jumped the biggest chasm that separates us from being destroyed by a disaster versus surviving it.
“Assumption of inevitability and preparedness are two key steps that will put you in a much better position to survive when you encounter an unexpected event.”
Preparing for such events requires a Business Impact Analysis (BIA) approach. The Gartner IT Glossary states that BIA is “a process that identifies and evaluates the potential effects (financial, life/safety, regulatory, legal/contractual, reputation and operational) of natural and man-made interruptions (an unexpected event) on business operations”.
A BIA approach requires a clear understanding of where business objectives are supported by operations within the organization and ensuring that processes within those operations are protected. This means well-designed controls and management actions that mitigate the risks presented and minimize the impacts those risks can have on business operations.
The International Organization for Standardization (ISO) Technical Committee (TC) 292, the committee responsible for writing security, resilience, and business continuity standards, released ISO 22317 – Societal Security – Business Continuity (BC) Management Systems – Business Impact Analysis (BIA) in 2015, with the purpose of providing best practices for BIA development. While not an auditable standard, the publication does provide guidance on how to mature a BIA process.
In general, ISO 22301 calls for the BIA to identify activities that support offered products and services, assess the business impact of not performing any of these activities for a period of time, set acceptable time frames for resumption of disrupted activities, and identify related resources needed for these activities as well as inter-dependent activities that may be affected by a disruption.
The BIA is an essential step in the development of contingency and recovery plans, as well as a key part of the business continuity process that analyzes mission-critical business functions and identifies and quantifies the potential impact a loss of those functions — e.g., operational or financial — may have on the organization.
A BIA is critical in assessing the cost of business disruption and how Disaster Recovery (DR) plays a role in mitigating it. The BIA has several crucial elements, which include executive backing; a deep understanding of the organization; and BIA tools, processes and findings. The BIA lays out extensive and specific details about an organization’s systems, technology, processes and employees, and how an incident would affect them.
During an emergency or disaster, a BIA helps to identify the most critical elements of the organization so the response process can start as soon as possible. Knowing which elements need to be recovered the quickest can make all the difference. As a result, it’s imperative that the BIA and other important documents are easily accessible, in hard-copy form and online and stored in a safe and accessible manner.
The BIA is one of the best planning procedures an organization can undertake with the following goals to be addressed:
There are many benefits to completing the BIA process and having a living document, including:
Possible “loss” scenarios that businesses are faced with and have the potential of disrupting or interrupting operations can consist of:
Fundamentally, BIA is considered to be at the heart of the company’s DR planning, since it is used for planning purposes, particularly for the minimization of risks in case operational interruptions or disruptions resulting from disasters and similar incidents.
BIA aids response and decision-making in case of unforeseen events that result in operational disruptions. In times of crisis, businesses cannot afford to be arbitrary and random in making decisions, particularly on their response to the impacts of the crisis to the operations of the business, and the organization as a whole.
Having performed BIA will enable management to quickly make informed decisions and provide appropriate direction in the face of the disastrous impacts or unexpected interruption of normal business operations facilitating a return to normal business operations.