To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed...
Transcript of To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed...
![Page 1: To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed risk analysis….” NO! Risk analysis assumptions do not hold for BC events Risk](https://reader036.fdocuments.net/reader036/viewer/2022070221/613593900ad5d206764776f3/html5/thumbnails/1.jpg)
Ian Charters FBCI
To BIA
or not to
BIA?
BCM
The Key Questions
“Securing our Digital City”
Presentation at CSM-ACE 2010 – 26th October 2010
![Page 2: To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed risk analysis….” NO! Risk analysis assumptions do not hold for BC events Risk](https://reader036.fdocuments.net/reader036/viewer/2022070221/613593900ad5d206764776f3/html5/thumbnails/2.jpg)
Why do a BIA?
What is a BIA?
When do we do a BIA?
How do we measure disruption cost?
Do we update the BIA every year?
So is it worth it?
![Page 3: To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed risk analysis….” NO! Risk analysis assumptions do not hold for BC events Risk](https://reader036.fdocuments.net/reader036/viewer/2022070221/613593900ad5d206764776f3/html5/thumbnails/3.jpg)
Time
Successful recovery
Limited recovery
Failure
RTO MTPD
What is a BIA?
The process of analysing business functions and the
effect that a business disruption might have upon them (BS 25999 & BCI Good Practice Guidelines 2010)
Maximum Tolerable Period of Disruption Of Products and Services => of business activities => of support services
Provides the required timescales that have to be
achieved by our recovery strategies and plans
BIA is about: Services & Activities, Impacts and TIME
![Page 4: To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed risk analysis….” NO! Risk analysis assumptions do not hold for BC events Risk](https://reader036.fdocuments.net/reader036/viewer/2022070221/613593900ad5d206764776f3/html5/thumbnails/4.jpg)
When do we do a BIA?
AS/NZS 5050:2010 "Detailed risk analysis….” NO!
Risk analysis assumptions do not hold for BC events
Risk analysis should not limit the scope of BIA
Successful Business Recovery after an incident
depends on the speed of the resumption of delivery of
services not the cause of the incident
Prevention is better than cure – but is costly –
controlled failure may be more cost-effective
BIA must come first – before threats, strategies and plans
![Page 5: To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed risk analysis….” NO! Risk analysis assumptions do not hold for BC events Risk](https://reader036.fdocuments.net/reader036/viewer/2022070221/613593900ad5d206764776f3/html5/thumbnails/5.jpg)
How do we measure of disruption cost?
Impacts grow over time and:
Are Cumulative
Some are intangible
MTPD is approximate – but so are strategies
![Page 6: To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed risk analysis….” NO! Risk analysis assumptions do not hold for BC events Risk](https://reader036.fdocuments.net/reader036/viewer/2022070221/613593900ad5d206764776f3/html5/thumbnails/6.jpg)
An annual update of the BIA?
Work towards BIA as a process rather than an annual project
![Page 7: To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed risk analysis….” NO! Risk analysis assumptions do not hold for BC events Risk](https://reader036.fdocuments.net/reader036/viewer/2022070221/613593900ad5d206764776f3/html5/thumbnails/7.jpg)
Why do a BIA?
Ensures recovery plans meet customer’s service
(minimum) expectations
Delivers effective plans
Can save money!
A forward-looking BIA can identify opportunities (or
dangers) of proposed changes
Builds resilience over time
Understanding the business may lead to operational
improvements and threat reductions
A thorough BIA should repay the effort many times over
![Page 8: To BIA or not to BIA? - CSM-ACE · 2015. 7. 14. · When do we do a BIA? AS/NZS 5050:2010 "Detailed risk analysis….” NO! Risk analysis assumptions do not hold for BC events Risk](https://reader036.fdocuments.net/reader036/viewer/2022070221/613593900ad5d206764776f3/html5/thumbnails/8.jpg)
Ian Charters [email protected]
www.continuity.co.uk
To BIA
or not
to BIA?BCM
A BIA:• Identifies impacts over time• finds the point of no return• is not an annual chore• … but a vital business tool for:
• Effective recovery plans• Business planning
Key points