|
Home::Data Recovery
Business Continuity and Disaster Recovery - Business Impact Analysis
Author : Robert Mahood
Business impact analysis is a critical part of the business continuity planning process. This step quantifies data and gets into the real world issue of potential losses that can negatively impact your business. It is used to understand the most important impacts and how to best protect your people, processes, data, communications, assets and the organization’s goodwill and reputation. Organizations often think in terms of disaster recovery. Business continuity and the business impact analysis is more focused on keeping the business up and running and less focused on recovery after a disaster. The business impact analysis also is not focused only on the potential disasters, but on all potentially critical discontinuities. Key elements of the Business Impact Analysis are to identify critical business functions, establish the maximum acceptable outage time for each of these functions and then to determine the impact of not performing those functions. This can be measured against regulatory, legal, financial, operations or customer service requirements. Once the adequacy of security and controls is evaluated and critical business functions and outage times are defined, the business continuity planner needs to develop an understanding of the probability of threats factored by the severity or impact and to start to develop a cost benefit analysis of the largest impact and highest probability threats. It’s virtually impossible to create an absolute value and prioritization of threats and impacts. Generally, a relational system is used to drive out the key priorities. Often, each threat is evaluated according to its probability and assigned a 1, 5 or 10 rating. Then, each threat is evaluated according to its impact on critical business functions and on the business overall. For example, a discontinuity in a critical business function of less than one hour might receive a value of 0. A discontinuity of one to eight hours might be ranked a 1, eight to twenty four hours might be ranked a 2 and over 24 hours might be ranked a 3. Obviously, these rankings need to be developed on a company specific basis. Probability factored by impact creates the relational prioritization list. This approach to risk evaluation and control allows management to start to quantify the risks and potential impacts on the organization in a thoughtful and analytical way. This results not only in higher quality decisions, but also provides an audit trail that demonstrates that management is paying attention to its risk management responsibilities. These responsibilities might be established by regulatory or legal bodies, demanded as a contractual commitment by customers or simply expected by shareholders as sound and prudent management. The key corporate goals are to protect people, protect assets, protect data and to protect the brand and reputation of the organization. About The Author Robert Mahood has significant technology and management experience in data communications, internet, storage, disaster recovery and data recovery. He is currently the president of Midwest Data Recovery. www.midwestdatarecovery.com bmahood@midwestdatarecovery.com, 312 907 2100 or 866 786 2595 Spam emails More free articles Related articles
|
More related feeds |
Legal Expert: Avoid legal issues in disaster's wake
Lurking in the nightmares of CIOs is the insecurity that their disaster recovery/business continuity (DR/BC) plans will not protect them when a real disaster strikes. Yet most DR/BC plans focus only on the primary event -- the natural ...Business Continuity Testing Starts with the Risks
All business continuity analysis should be risk based, and risk prioritised to deal with the important business risks first. This means that any risks to your business need to be identified, examined and dealt with. ... iSoft Walk-In, Chennai - .NET Framework, C#, ASP.NET and SQL 2005 ...
Additionally, this centre also provides business continuity and disaster recovery support. Today, iSOFT India supports a number of core products which underpin LORENZO, with a substantial majority of the workforce dedicated to LORENZO ... Business continuity planning
After defining potential threats, documenting the impact scenarios that form the basis of the business recovery plan is recommended. In general, planning for the most wide-reaching disaster or disturbance is preferable to planning for a ... Business continuity
A business impact analysis is the primary tool for gathering this information and assigning criticality, recovery point objectives, and recovery time objectives, and is therefore part of the basic foundation of business continuity. ... CISSP Business Continuity and Disaster Recovery Planning
Organization Analysis · Planning Team · Resource Requirements · Legal Requirements. Section B: Business Impact Analysis · Interruption · Resource Prioritization · Continuity Strategy · BCP Approval. Section C: DRP Planning & Recovery ... Business Continuity and Disaster Recovery - Business Impact Analysis
Business impact analysis is a critical part of the business continuity planning process. This step quantifies data and gets into the real world issue of potential losses that can negatively impact your business. ... CISA Certification Package
Learn critical concepts surrounding disaster recovery and business continuity. This includes the business continuity planning (BCP) process, doing a Business Impact Analysis (BIA), and recovery strategies. Video 19 - “Disaster Recovery ... Continuity and Disaster Recovery in Business - Analysis of ...
Organizations usually think of disaster recovery, when business continuity and the analysis of the business impact is a lot more focused on making sure that the business is kept operational and less focused on disaster recovery. ... Protect Your Data
Identify all business critical data and systems within the company 2. Perform a business impact analysis to revenue and cost implications of a disaster recovery plan. 3. Define retention periods for all data. ...
|
|
|
