|
Home::Data Recovery
Business Continuity and Disaster Recovery - Business Impact Analysis
Author : Robert Mahood
Business impact analysis is a critical part of the business continuity planning process. This step quantifies data and gets into the real world issue of potential losses that can negatively impact your business. It is used to understand the most important impacts and how to best protect your people, processes, data, communications, assets and the organization’s goodwill and reputation. Organizations often think in terms of disaster recovery. Business continuity and the business impact analysis is more focused on keeping the business up and running and less focused on recovery after a disaster. The business impact analysis also is not focused only on the potential disasters, but on all potentially critical discontinuities. Key elements of the Business Impact Analysis are to identify critical business functions, establish the maximum acceptable outage time for each of these functions and then to determine the impact of not performing those functions. This can be measured against regulatory, legal, financial, operations or customer service requirements. Once the adequacy of security and controls is evaluated and critical business functions and outage times are defined, the business continuity planner needs to develop an understanding of the probability of threats factored by the severity or impact and to start to develop a cost benefit analysis of the largest impact and highest probability threats. It’s virtually impossible to create an absolute value and prioritization of threats and impacts. Generally, a relational system is used to drive out the key priorities. Often, each threat is evaluated according to its probability and assigned a 1, 5 or 10 rating. Then, each threat is evaluated according to its impact on critical business functions and on the business overall. For example, a discontinuity in a critical business function of less than one hour might receive a value of 0. A discontinuity of one to eight hours might be ranked a 1, eight to twenty four hours might be ranked a 2 and over 24 hours might be ranked a 3. Obviously, these rankings need to be developed on a company specific basis. Probability factored by impact creates the relational prioritization list. This approach to risk evaluation and control allows management to start to quantify the risks and potential impacts on the organization in a thoughtful and analytical way. This results not only in higher quality decisions, but also provides an audit trail that demonstrates that management is paying attention to its risk management responsibilities. These responsibilities might be established by regulatory or legal bodies, demanded as a contractual commitment by customers or simply expected by shareholders as sound and prudent management. The key corporate goals are to protect people, protect assets, protect data and to protect the brand and reputation of the organization. About The Author Robert Mahood has significant technology and management experience in data communications, internet, storage, disaster recovery and data recovery. He is currently the president of Midwest Data Recovery. www.midwestdatarecovery.com bmahood@midwestdatarecovery.com, 312 907 2100 or 866 786 2595 Spam emails More free articles Related articles
|
More related feeds |
Disaster Recovery Specialist
Reporting to the Computer Operations Manager, employee will develop and maintain comprehensive disaster recovery and business continuity plans. Perform Business Impact Analysis (BIA) based on standard Recovery Time Objectives (RTO) and ...DisasterRecoverySpecialist
DISASTER RECOVERY POSITIONJob Duties: Reporting to the Computer Operations Manager, employee will develop and maintain comprehensive disaster recovery and business continuity plans. Perform Business Impact Analysis (BIA) based on stand. Finding the Right Fit - Comparing NFPA 1600 to BS 25999
Also important is auditable documentation to verify the program meets the stated goals, utilizing processes such as a business impact analysis and business continuity plans. BCM Policy Both NFPA 1600 and BS 25999 recommend setting an ... Business Continuity Analyst Sr (7115NB/51)
Preferred experience in at least two of the following areas Audit, Business Impact Analysis, Risk Assessment, Disaster Recovery, Facilities Management, Business Continuity and Strategies, Computer Operations, Technical Support, ... Dan Swanson's Security Resources: #8
In this excerpt from Chapter 1: Contingency and Continuity Planning of "Business Continuity and Disaster Recovery for InfoSec Managers," John W. Rittinghouse and James F. Ransome outline the regulatory requirements that should be ... 7 steps to disaster recovery planning
In order to form this important linkage, the organization will need to perform a business impact analysis to flesh out details about system requirements, processes and systems inter-relationships. Executives must understand the ... Continuity and Disaster Recovery in Business - Analysis of ...
Organizations usually think of disaster recovery, when business continuity and the analysis of the business impact is a lot more focused on making sure that the business is kept operational and less focused on disaster recovery. ... Disaster Recovery Planner/Analyst
Coordinates the efforts of staff members in different functional areas in the development of procedures for the continuity of business processes in a disaster situation. 3. Establishes disaster recovery testing methodologies; ... Business Continuity Planning/Disaster Recovery Officer
My Midlands based client is currently looking for a Business Continuity Planning/Disaster Recovery Development Officer for a 6 month contract. You will be responsible for business impact analysis, developing Disaster Recovery plans, ... Continuity and Disaster Recovery in Business - Choosing Business ...
A lot of companies and organizations associate continuity and disaster recovery exclusively with IT and the work that they do. They usually miss the other important area, which could seriously impact their business. ...
|
|
|
