The Objective of the Business Impact Analysis (BIA) ois the identification and analysis of business processes/activities (including required resources), with the objective of understanding the impact of downtime, which drives the assignment of the recovery objectives and prioritization.
Following the BIA, the organization should be positioned to identify the critical activities that contribute to the delivery of its most important products and services, list all resources needed for recovery, and prioritize activities and resources by recovery objective.
The major outcomes associated with the BIA, include:
*For Financial Impact - Corporation needs to determine the thresholds that determine the five levels of severity
CRITICALITY LEVEL | CRITICALITY RATING | CALCULATED RTO | ||||
---|---|---|---|---|---|---|
SERVICE/PROCESS | PROCESSING OF BUILDING PERMIT APPLICATIONS | Non-essential | 6 | 2 - 4 Weeks | ||
IMPACT | 1 DAY | 3 DAYS | 1 WEEK | 2 WEEK | 4 WEEK | WEIGHT |
FINANCE | ||||||
REPUTATION | ||||||
Maximum Tolerable Outage (MTO) |
Examples Include: Financial, Reputation, Operational, Legal and Regulatory Compliance, Contractual Compliance, Health and Safety
(SERVICE/PROCESS) | COMMENTS |
---|---|
PROCESSING OF BUILDING PERMIT APPLICATIONS | |
PLANS REVIEW | |
INSPECTING CONSTRUCTION/DEMOLITION |
This represents the Recovery Point Objective (RPO) or tolerance to lose data
SERVICE/PROCESS | RPO | PROCESS TO MANUALLY RECREATE DATA (IF ANY) |
---|---|---|
PROCESSING OF BUILDING PERMIT APPLICATIONS | ||
PLANS REVIEW | ||
INSPECTING CONSTRUCTION/DEMOLITION |
UPSTREAM DEPENDENCIES (IT) - These are services defined within the organizations IT service catalogue DESKTOP APPLICATIONS - These are applications installed locally on user devices (desktops, laptops, tablets etc.)
INTERNAL FUNCTION (SERVICE/PROCESS) | UPSTREAM DEPENDENCIES (IT) | DESKTOP APPLICATIONS | COMMENTS |
---|---|---|---|
PROCESSING OF BUILDING PERMIT APPLICATIONS | |||
PLANS REVIEW |
Secondary IT service requirements are defined as those which are not required to meet the service/process RTO but are needed at some point in time as part of the business delivery process
INTERNAL FUNCTION (SERVICE/PROCESS) | TIER 1 (0-4 HOURS) |
TIER 2 (24 - HOURS) |
TIER 3 (3 - DAYS) |
TIER 4 (7 - DAYS) |
TIER 5 (2-4 WEEKS) |
---|---|---|---|---|---|
PROCESSING OF BUILDING PERMIT APPLICATIONS | |||||
PLANS REVIEW |
Indicate if this dependency would be required to meet RTO at the MSL
EXTERNAL DEPENDENCIES (SERVICE/PROCESS) | CLOUD PROVIDERS | MOBILE APPS | OTHER EXTERNAL FUNCTIONS (SUPPLIERS, CLIENTS, ETC.) |
---|---|---|---|
PROCESSING OF BUILDING PERMIT APPLICATIONS | |||
PLANS REVIEW |
It is important to identify and protect those files, records and databases that are imperative for departmental operations Some records are needed to make and receive payments, protect legal and financial rights and maintain confidential information
VITAL RECORDS | ||||
---|---|---|---|---|
FILES/DATABASES/PAPER -PLEASE SPECIFY | DESCRIPTION | LOCATION OF VITAL RECORDS | FORMAT | UPDATED |
Please detail the technology required to deliver the service/process. Include critical applications/function along with the primary support contact
TECHNOLOGY REQUIRED | ||||||
---|---|---|---|---|---|---|
COMPUTERS, MOBILE DEVICES, NETWORK ACCESS – PLEASE SPECIFY | NORMAL | #MSL | DESKTOP APPLICATIONS | FUNCTION | SUPPORT CONTACT | COMMENTS |
UPSTREAM DEPENDENCY - A SERVICES/PROCESS REQUIRED TO SUPPORT THE DELIVERY OF ANOTHER SERVICE/PROCESS DOWNSTREAM DEPENDENCIES - A SERVICES/PROCESS THAT REQUIRES THE SUPPORT OF ANOTHER SERVICE/PROCESS FOR DELIVERY | |||
---|---|---|---|
SERVICE/PROCESS | UPSTREAM DEPENDENCY | DOWNSTREAM DEPENDENCY | COMMENTS |