《CBCP业务连续性管理专家培训材料Area3》由会员分享,可在线阅读,更多相关《CBCP业务连续性管理专家培训材料Area3(44页珍藏版)》请在金锄头文库上搜索。
1、Business Continuity ManagementCourse for Advanced Professionals Introduction1Subject Area 3:Business Impact Analysis2Lesson OverviewnWhat is a BIA?nObjectives of a BIAnBenefits of a BIAnRecovery Time Objective ( RTO)nDisruption or Disaster?nPhases of a BIAnResults of a BIA3Professional Practices for
2、 Business Continuity Professionals1.Project Initiation and Management2.Risk Evaluation and Control3.Business Impact Analysis4.Developing Business Continuity Strategies5.Emergency Response and Operations6.Developing and Implementing Business Continuity Plans7.Awareness and Training Programs8.Maintain
3、ing and Exercising Business Continuity Plans9.Crisis Communications10.Coordination with External Agencies4ObjectivesnIdentify the impacts resulting from disruptions and disaster scenarios that can affect the organization and techniques that can be used to quantify and qualify such impacts. Establish
4、 critical functions, their recovery priorities, and interdependencies so that recovery time objective(s) and recovery point objective(s) can be set.5The Professionals Role (1/2)1.Identify Knowledgeable Functional Area Representatives for the BIA process2.Identify Organization Functions including inf
5、ormation and resource (people, technology, facilities, etc.)3.Identify and Define Criticality Criteria4.Obtain Management Approval for Criteria Defined5.Coordinate Analysis6The Professionals Role (2/2)1.Identify Interdependencies (internal and external to the organization)2.Define Recovery Objective
6、s and Timeframes3.Define Report Format4.Prepare and Present Final BIA to Management7The Planning ProcessnObjectiven evaluate the critical operations for the organization and determine timeframes, priorities, resources, & interdependenciesnSome key tasksn Determine the scope of the analysisnIdentify
7、key business processesnGather and verify informationnAnalyze and present the resultsnSome key deliverablesn A list of outages and probability of occurrencenThe costs of loss versus the costs of preventionnRecovery priorities- RTO, RPO, & interdependenciesProjectManagementRiskAssessment& AnalysisBusi
8、nessImpactAnalysis8What is a BIA?nA process designed to n Identify critical business functions and workflow,n Determine the qualitative and quantitative impacts of a disruption, and nPrioritize and establish recovery time objectives9Senior Management Commitmentl Establishes the BIA as a concern of t
9、he entire organizationlInvolves all business units and departmentslCoordinates the process ensuring its effectiveness within the organizationlIdentifies and establishes a project sponsor10Business Impact AnalysisnIdentify, categorize & prioritizen Critical functionsn Critical/Vital recordsn Required
10、 resources, personnel & equipment11Business Impact AnalysisnAssess impacts and effects of disruptions over timenDetermine loss exposure over time12Business Impact AnalysisnIdentify business processesn Interrelationshipsn Dependenciesn Validate information13Purpose of a BIAnTo provide the business ra
11、tionale for a Business Continuity PlannTo provide a factual, understandable, and informative set of findings that management can use to provide direction for development of the Business Continuity ProgramnTo communicate the inherent vulnerabilities of the business units, business processes and syste
12、ms that comprise the organization14Purpose of a BIAnTo identify which business processes an assets require the highest level of protectionnTo provide information that assists in the identification of strategies and alternativesnTo provide financial data to help select appropriate levels of investmen
13、t for protectionnTo establish the recovery objectives and time line15Objectives of a BIAnIdentifyn Essential business functions and operations n Potential financial exposures and impactsn Qualitative or operational exposure and impactsnDetermine when exposures and impacts beginnDetermine resources n
14、eededn Technology Infrastructuren Personnel Vendor Support16Objectives of a BIAnAssess impact (s) of disruption over timenDetermine time criticality ofn Business functionsn Business processesn Departmentsn Work areas as related to total organization functionnIdentify interdependenciesnIdentify legal
15、 and regulatory requirements17Objectives of a BIAnDetermine recovery timeframes and minimum resource requirementsn Critical functions based on level of criticality n Determine order of recoveryn Determine minimum resource requirementsnEstablish the organizational value of each business unit as they
16、relate to the functioning of the total organization18Recovery Time ObjectivenThe period of time within which systems, applications, processes, or functions must be recovered after an outagenRTO s are often used as the basis for n Establishing prioritiesn Developing strategiesn As a determinant as to
17、 whether or not the event is a disruption or a disaster19Recovery Time Objective (RTO) The time within which Business Functions or Application Systems must be Restored to Acceptable Levels of Operational Capability to Minimize the Impact of an OutageTimeRecovery Time ObjectiveBusinessProcessesFuncti
18、onalPoint of DisruptionRecoveryOfOperations(Business Or Data Processing)Business FunctionsOr Application SystemsOperationalWith Current &Accurate DataIs the time between the point of disruption and the point at which BUSINESS FUNCTIONS or APPLICAATION SYSTEMS must be operational AND updated to curre
19、nt status.Craphic 2006 FAIRLAMB and Associates, Inc.20Recovery Point ObjectivenPotential lost transactionsn Manual processesn Interim operational competenciesnLast available data backupnTarget recovery point in timenTolerable data lossnInventory and backlog issues21Disruption or Disaster?Disruptionn
20、Event RTOnImpacts are limited and controllednDisruption RTO Impacts are extensive and outside of control Disaster $22Identify BIA ParticipantsnRepresent all business functionsnAppropriate organizational levelnConsistent organizational levelnCredible representative23Determine ApproachnInterviewnQuest
21、ionnairenWorkshop sessionnCombination24Define BIA Focus AreasnBusiness processesnImpact factors: qualitative & quantitativenCritical dependenciesnResource requirementsnLegal/Regulatory issuesnAlternate processes, workarounds, interim operations, &manual processesnVital record & documentation25Questi
22、on DesignnGood questions result inn Listing all business functions, operations and processesn Showing quantitative and qualitative exposures over time byl Processl Functionl Departmentl ServicenIdentification of critical time frames and recovery priorities26Process QuestionsnIdentify processesnInter
23、relationships between processesnProcess dependencies27Impact QuestionsnIdentify impact factorsn Operationaln Financialn Regulatory reporting requirementsn Outage timingn Quantitativen Qualitative28Impact of Disruptions on OrganizationnFinancialnCustomernPublic relationsnLegalnRegulatorynMarket share
24、EnvironmentalOperational Personnel Other resources Contractual29Financial Exposures & ImpactsnLost revenuenLost interest on “float”nFines and penaltiesn Contractualn Legal (Could we be sued?)n Regulatory (ISO, Federal, State, County, Local, Industry related)nInterest paid on loansnLost opportunity c
25、ostsnLost trade discounts30Document Business ProcessesnInterrelationship between processesnProcess dependenciesn Intra-departmentn Inter-departmentn Technologyn Processes31Document Critical DependenciesnSupport requirementsn Intra-departmentaln Inter-departmentaln Critical externaln Time sensitivity
26、32Categorize by CriticalitynDefine criticality parametersnDevelop levels or categories of criticalitynIdentify critical functionsnIdentify vital records to support business continuity and restorationnCategorize qualitative findings by high/medium/low33Group by CategorynList business functions by cri
27、ticality and time sensitivitynPrioritize critical business functionsnConsolidate and group recovery times with the organizationKey InterfacesRecovery PrioritiesCritical BusinessProcesses34Recovery TimeframesnDetermine RTO or recovery windows for critical business functionsnDetermine the order of rec
28、overy based on level of criticalitynDetermine the RPO35Resource RequirementsnDetermine minimum resource requirements for recovery and resumption of critical functions and support systemsnDetermine resource replacement timesnInternal & external resourcesnOwned versus non-owned resourcesnExisting reso
29、urcesnAdditional resources required36Resource Restoration ScheduleMilestone 1.Restore System AMilestone 2.Restore Business Process BMilestone 3.Restroe Business Process CRTO - CRTO -BRTO - AIncreasing TimeCritical functions or processes operating at pre-defined minimum levels*RTO=Recovery Time Objec
30、tive37Alternatives & Work-AroundsnExisting procedures and practicesnManual interim processesnDefer or suspendnBacklog and inventory impactsnBacklog resolution and catch up strategiesnAlternative strategies38Results of a BIAnIdentification of n Potential financial exposures and impactsn Potential unb
31、udgeted/ unplanned expensesn When exposures and impacts begin and how quickly they escalaten Required resourcesn Internal and external dependenciesn Magnitude of operational impacts39What is Your Cost of Downtime?Revenue Direct loss Compensatory payments Lost future revenues Billing losses Investmen
32、t lossesFinancial Performance Revenue recognition Cash flow Lost discounts (A/P) Payment guarantees Credit rating Stock priceProductivity Number of employees impacted hours out burdened hourly rateDamaged ReputationCustomersSuppliersFinancial MarketsBanksBusiness Partners, etc.Other ExpensesTemporar
33、y employees, equipment rental, overtime costs, extra shipping costs, travel expenses, etc. Source: Gartner ResearchKnow your downtime costs per hour, day, week, etc.40Presentation ObjectivesnReceive specific approval and direction regarding strategy development for mitigation of potential impactsnOb
34、tain executive buy-in and acceptance of n Relative ranking of functions and applicationsn Timeframes for TROs and their implicationsnMaintain executive involvementn Executive Sponsor (s)n Periodic status reports41SummarynThe BIA is crucial in determining exactly where all critical information reside
35、snThe BIA provides management key information for making strategic decisions regarding business continuity and recoverynThe approach to your data collection process will help you to focus your questionsnIt is important to validate your results42Sample BIA Results系统名称重要性财务影响分析非财务影响分析业务恢复综合赋值RTO(小时)RP
36、O(小时)生产管理系统32.2532.752521ERP系统32.252.752.667521协同办公31.62532.5462542营销管理31.8752.752.5437521企业门户、目录31.6252.752.4612522数据中心2121.6744数据交换平台211.751.58544可靠性21.6251.751.7912522人资管控212.251.75522招投标30.51.51.66544电力市场211.751.5854143Sample BIA Results系统名称重要性财务影响分析非财务影响分析业务恢复综合赋值RTO(小时)RPO(小时)农电管理20.6251.751.4612548远程培训20.8751.51.4587584审计管理211.251.41522国际合作10.521.17544经检监察10.6251.751.1312588应急指挥10.6251.51.0462544安监20.8750.251.0337521经济法律10.510.835241综合计划10.50.50.6652424投资计划1-1.250.75242444
