AdvantagesHomeAdvantagesAdvantagesAdvantagesAdvantages

                                 Business Impact Analysis 

 

CSI performs a Business Impact Analysis (BIA) to identify your most critical functions and computer applications, and we quantify the potential impact over time upon your organization if these essential resources or applications are unavailable to perform their functions.  We will publish and present the results of this analysis in the BIA report that is delivered and presented to you and any management interested.  This BIA is part of the Recovery Assessment report. 

   

We bring several vitally important pieces of information together during the BIA process.  For example, we will help you prioritize your critical functions and processes for recovery purposes.  This prioritization includes identifying those less critical functions or tasks that you may want to suspend for a period of time in a disaster situation.  The prioritization discussions will also help us determine any functions or tasks you have that will require special alternate processing or manual processing.  As part of the prioritization process, we help to determine the Recovery Time Objective (RTO) of each critical process/function, equipment and applications that support it.  The RTO represents the amount of time a function or application can be unavailable to you before your organization suffers negative impact.  We also help you determine the Recovery Point Objective (RPO) or the point in time to which your database administrators will restore your databases for data synchronization purposes.  RPO is normally expressed in terms of the most recent available database backups or the last complete data cycle and is often thought of as the time between the last available backup and the time a disruption could potentially occur.  RTO’s have also been expressed as the amount of time it takes to restore critical business functioning in disaster mode or recovery timeframes.  CSI will estimate recovery timeframes in the BIA.  The RPO is established based on tolerance for loss of data or reentering of data.  We will document both the technical and business owners RTO’s and RPO’s in the BIA.  The goal is to specify the amount of time your Recovery Teams will have to recover each of your critical functions.  A gap analysis considering the difference between the users RPO, RTO and IT Technical RPO, RTO will be documented.

 

During the BIA CSI will document each business processes interdependencies inputs/outputs, interfaces and the file, media, or method used. 

 

During comprehensive BIA the following elements and issues are considered at the business process level and documented:

·        Process description

·        Process frequency           

·        Criticality ratings

·        Outage tolerances

·        Service level agreements

·        Financial, operational, service (indirect) impacts

·        Non-financial impacts

·        Contributions

·        Major vendors - (do they have business continuity?)

·        Single-Points-of-Failure

·        Resource requirements

·        High-Level risk assessment findings

·        Plan data may be collected

 

Technical interview details typically consist of but are not limited to:

·        Job responsibility

·        Identify tools and utilities

·        Database types and how they are backed up

·        RTO’s, RPO’s - user needs vs. technical rebuild timeframes

·        Application network architecture (Clusters, Mirrors, Virtual, Individual)

Identifying hardware operating systems, versions, releases, patch levels, software, SAN configurations

·        Change control procedures

·        Tests environments

·        Development environment

 

CSI expects that staff will provide appropriate documentation and interview responses necessary to populate the BIA.  We request network diagrams, systems dependency and interface information, and the computer configuration information for all computers and network devices (all of these issues are addressed during the interviews). During the interviews we ask for additional information or request that data collection forms are filled out and returned on a timely basis for review and to be used during the BIA interview.  We work with all the business process areas to collect information.  If any information is lacking we will consider it and make note in a gap analysis report.   

 

The BIA will come in report format with interview notes and forms, aggregated impact graphs and matrix.  We will use this information to establish a foundation for building recovery strategies or to verify the current recovery strategies.

A quick BIA process occurs when IT Managers, Board of Directors or Upper Management make decisions about the criticality of systems and business functions in a group meeting setting.  We ask for the department Leaders to supply information to CSI consultants without the interviews.  We use data collection forms and give assignments for data collection. We then make decisions about priorities of systems, applications, and  functions.  We collect standard operating procedures, forms and determine minimum requirements to the best of our ability without the meetings.  This option is not recommended however becomes a reality if there is a small budget for the project.