Logo
Switch User
Hi, WGAdvisory Admin W

Step 1: Business Impact Analysis

The Objective of the Business Impact Analysis (BIA) ois the identification and analysis of business processes/activities (including required resources), with the objective of understanding the impact of downtime, which drives the assignment of the recovery objectives and prioritization.

Following the BIA, the organization should be positioned to identify the critical activities that contribute to the delivery of its most important products and services, list all resources needed for recovery, and prioritize activities and resources by recovery objective.

The major outcomes associated with the BIA, include:

  • Understanding of business process/activities, including:
    1. Customers (internal and external)
    2. Outputs/Deliverables
    3. Inputs (which enable the process to function, including resources and other internal and third-party dependancies)
  • Understanding an estimation of the impact of downtime, which serves as business justification for establishing recovery objecttices
  • Identification of the recovery objetives and a prioritized order of recovery for business processes and resources
  • Collection of information to help drive appropriate recovery strategies

1. Provide a high level description of how your business line supports the mission and corporate priorities:

*For Financial Impact - Corporation needs to determine the thresholds that determine the five levels of severity

CRITICALITY LEVEL CRITICALITY RATING CALCULATED RTO
SERVICE/PROCESS PROCESSING OF BUILDING PERMIT APPLICATIONS Non-essential 6 2 - 4 Weeks
IMPACT 1 DAY 3 DAYS 1 WEEK 2 WEEK 4 WEEK WEIGHT
FINANCE
REPUTATION
Maximum Tolerable Outage (MTO)

2. For each service/process provide additional details for critical impact critera

Examples Include: Financial, Reputation, Operational, Legal and Regulatory Compliance, Contractual Compliance, Health and Safety

(SERVICE/PROCESS) COMMENTS
PROCESSING OF BUILDING PERMIT APPLICATIONS
PLANS REVIEW
INSPECTING CONSTRUCTION/DEMOLITION

3. If the IT systems were impacted, what is the maximum acceptable level of data loss (hours/day/weeks)?

This represents the Recovery Point Objective (RPO) or tolerance to lose data

SERVICE/PROCESS RPO PROCESS TO MANUALLY RECREATE DATA (IF ANY)
PROCESSING OF BUILDING PERMIT APPLICATIONS
PLANS REVIEW
INSPECTING CONSTRUCTION/DEMOLITION

4(a). List ALL IT upstream dependencies for each service/process

UPSTREAM DEPENDENCIES (IT) - These are services defined within the organizations IT service catalogue DESKTOP APPLICATIONS - These are applications installed locally on user devices (desktops, laptops, tablets etc.)

INTERNAL FUNCTION (SERVICE/PROCESS) UPSTREAM DEPENDENCIES (IT) DESKTOP APPLICATIONS COMMENTS
PROCESSING OF BUILDING PERMIT APPLICATIONS
PLANS REVIEW

4(b). List ALL secondary IT service requirements

Secondary IT service requirements are defined as those which are not required to meet the service/process RTO but are needed at some point in time as part of the business delivery process

INTERNAL FUNCTION (SERVICE/PROCESS) TIER 1
(0-4 HOURS)
TIER 2
(24 - HOURS)
TIER 3
(3 - DAYS)
TIER 4
(7 - DAYS)
TIER 5
(2-4 WEEKS)
PROCESSING OF BUILDING PERMIT APPLICATIONS
PLANS REVIEW

5. List ALL additional functions (cloud providers, mobile apps, suppliers, clients, etc.) that the service/process requires to function

Indicate if this dependency would be required to meet RTO at the MSL

EXTERNAL DEPENDENCIES (SERVICE/PROCESS) CLOUD PROVIDERS MOBILE APPS OTHER EXTERNAL FUNCTIONS (SUPPLIERS, CLIENTS, ETC.)
PROCESSING OF BUILDING PERMIT APPLICATIONS
PLANS REVIEW

6. Delivery of service/process - information and technology requirements

It is important to identify and protect those files, records and databases that are imperative for departmental operations Some records are needed to make and receive payments, protect legal and financial rights and maintain confidential information

VITAL RECORDS
FILES/DATABASES/PAPER -PLEASE SPECIFY DESCRIPTION LOCATION OF VITAL RECORDS FORMAT UPDATED

Please detail the technology required to deliver the service/process. Include critical applications/function along with the primary support contact

TECHNOLOGY REQUIRED
COMPUTERS, MOBILE DEVICES, NETWORK ACCESS – PLEASE SPECIFY NORMAL #MSL DESKTOP APPLICATIONS FUNCTION SUPPORT CONTACT COMMENTS

9. Other Internal Dependencies (Upstream/Downstream) - For each service/process please list all Upstream and Downstream service/process dependencies:

UPSTREAM DEPENDENCY - A SERVICES/PROCESS REQUIRED TO SUPPORT THE DELIVERY OF ANOTHER SERVICE/PROCESS DOWNSTREAM DEPENDENCIES - A SERVICES/PROCESS THAT REQUIRES THE SUPPORT OF ANOTHER SERVICE/PROCESS FOR DELIVERY
SERVICE/PROCESS UPSTREAM DEPENDENCY DOWNSTREAM DEPENDENCY COMMENTS

User Profile 12 messages

Switch User