SlideShare una empresa de Scribd logo

Business Impact Analysis - Clause 4 Of BS25999 In Practice

Dipankar Ghosh
Dipankar Ghosh

Business Impact Analysis - Clause 4.1.1 Requirements Of BS25999-2:2007

1 de 13
Business Impact Analysis Clause 4.1.1 Requirements Of BS25999-2:2007
Executive Summary This document attempts to Most of the content within the provide an understanding of the example tables are self- BIA process as required by the explanatory, however some of British Standard, BS25999- them have been supported with 2:2007 call outs A flow chart illustrates the flow The example does not strictly of the BIA process per Clause stick to the BS standard but 4.1.1 of the standard includes additional items which Subsequently, each step in the are believed to add value from the process has been demonstrated actionable information point of by means of an example view 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 2 2
Section 4.1.1 Of BS25999-2:2007 4.1.1 Business Impact Analysis 4.1.1.1 There shall be a defined, documented and appropriate method for determining the impact of any disruption of the activities that support the organisation’s key products and services (see 3.2.1) 4.1.1.2 The organisation shall: a) Identify activities that support its key products and services b) Identify impacts resulting from the disruption to these activities, and determine how these vary over time c) Establish maximum tolerable period of disruption (MTPoD) for each activity by identifying: (1) The maximum time after the start of the disruption within which each activity needs to be resumed (2) The minimum level at which each activity needs to be performed upon resumption; and (3) The length of time within which normal levels of operation need to be resumed; d) Categorise its activities according to their priority for recovery and identify its critical activities e) Identify all dependencies relevant to the critical activities, including suppliers and outsourced partners f) For suppliers and outsource partners on whom critical activities depend determine what BCM arrangements are in place for the relevant products and services they provide g) Set recovery time objectives (RTO) for the resumption of critical activities within their maximum tolerable period of disruption; and h) Estimate the resources that each critical activity will require for resumption 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 3 3
BIA Flow Chart 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 4 4
Identifying Activities & Impacts Including 4.1.1.2 c 2 Impacts Over Time (4.1.1.2) 4.1.1.2 c 3 Company XYZ Building Grand HQ City Indore Department Software Development Activity/Process Company Impact Over Time On Values MTPoD RTO Minimum Time To Values (< Level Of Resume 30 min 1 8 1 1 1 MTPoD) Performance Normal 4.1.1.2 b hr hrs day wk mt Operations Identify h impacts and Software requirements Human Life L L L L L L 3 days 2 days Do paper based 5 days determine how analysis Implications requirements analysis for all they vary over Financial L L L L M H projects for time Implications which deadlines are near Reputation L L L L M H Loss Customer L L L L M H Satisfaction Software architecture Human Life L L L L L L 16 hours 12 hours Do paper based 2 days and design Implications design and architecture Financial L L L L M H activities for all Implications projects for which deadlines Reputation L L L M M H are near Loss Customer L L L M H H Satisfaction Software construction Human Life L L L L L L 16 hours 12 hours Software 1 day Implications construction work for Financial L Implications 4.1.1.2 c L L 1 M M H projects for which deadlines These are the cells which are the transition points from Low are near Reputation to Medium impact and may be used to derive theM Loss L L L M H MTPoD. 4.1.1.2 a Using one’s judgement the MTPoD can be considered as 4.1.1.2 g Customer Identify activities any time between the timeL represented by the transitioning Satisfaction L L M H H Note that RTO is mandatory only for the critical activities per the supporting key low impact time and the next medium impact time. In this standard. It can be calculated after putting a safety cushion per company 02/08/2009 services 02/08/2009 products & Dipankar Ghosh example it is a time between 8 hours and 1Ghosh Dipankar day 5 policy over the MTPoD. The safety cushion should consider the cycle time 5 to deliver product/service from the time the activity is resumed.
Categorising Activities by Priorities and 4.1.1.2 d Indentify activities which are critical to the Identifying Critical Activities organisation. This may be based on the company’s policy. For Activity/Process Company Impact Over Time On Values MTPoD RTO Priority Criticality example, any activity Values (< MTPoD) whose RTO is <= 16 30 1 8 1 1 1 min hr hrs day week month Hours can be considered to be critical Software Human Life L L L L L L by the company. Requirements Implications All other activities analysis Financial L L L L M H though could become Select your time Implications 3 days 2 days 2 critical over time if they Not Critical intervals as Reputation Loss L L L L M H are not brought up appropriate for your within their respective Customer L L L L M H RTOs. function Satisfaction Software architecture Human Life L L L L L L and design Implications Financial L L L L M H Implications 16 hours 12 hours 1 Critical Reputation Loss L L L M M H Customer L L L M H H Satisfaction Software construction Human Life L L L L L L Implications Financial L L L M M H Implications 16 hours 12 hours 1 Critical Reputation Loss L L L M M H Customer L L L M H H 4.1.1.2 d Satisfaction Prioritising activities by comparing the RTOs of the activities and ensuring activities with lower RTOs are given higher priority 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 6 6
Identify Dependencies for All Critical Activities – You Are Dependent On Them Activity / Process Priority Criticality Agency/Department External/Internal Description of dependency Software requirements 2 Critical Sales and Accounts Internal Receive inputs from this team on analysis Management client requirements Technology Internal Ensure that network, systems, telecom and other technical resources required are available Client External/Internal Receive inputs on software requirements Software architecture 1 Critical Technology Internal Ensure that network, systems, and design telecom and other technical resources required are available Client External/Internal Receive design review and approval Software construction 1 Critical Technology Internal Ensure that network, systems, telecom and other technical resources required are available 4.1.1.2 e Additionally, if you are dependent upon a supplier/partner you are required to ensure that the supplier/partner has 4.1.1.2 e adequate BCM arrangements. This will entail some sort of Identify internal and external dependencies. This audit of your supplier/partner BCM processes. Also includes those who are dependant on you and 02/08/2009 there are alternatives to your existing suppliers 02/08/2009 ensure that Dipankar Ghoshyou are dependant upon. Dipankar Ghosh those 7 7
Identify Dependencies for All Critical Activities – They Are Dependent On You Activity / Process Priority Criticality Agency/Department External/Internal Description of dependency Software requirements 2 Critical Sales and Accounts Internal Provide outputs to this team to take analysis Management these up with client Client External/Internal Provide outputs to client for their consideration/feedback/approval etc. Software Quality Internal Provide system requirements specs to produce test plans and test cases Software architecture 1 Critical Client External/Internal Provide design deliverables to client and design for approval Software Quality Internal Provide design deliverables to consider for test plans and test cases Software construction 1 Critical Client External/Internal Ensure that network, systems, telecom and other technical resources required are available 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 8 8
Estimating Resources for Critical Activities for Resumption Not Critical Critical Activity/Process Resources Elapsed Time 12 1 2 Work Alternative Action Who/When hrs day days from Arrangement Home Requir ed? Software Staff requirements analysis (RTO – 2 Business Analyst 0 0 1 √ In absence of business - - days) analyst the architect and the senior programmer will do the job. Select your time S/w Architect 0 0 1 √ In absence of architect - - intervals as the senior programmer appropriate for your will do the job. If function as well the required, another type of resource. senior programmer will be utilised. E.g. Staff may have different intervals Senior Programmer 0 0 3 √ In absence of the - - than say IT senior programmer the architect will do the Applications, which job. If required, While some would like to put in turn may have another senior a MTPoD and/or RTO to the programmer will be different time resources this paper provides utilised. frames for Utilities the alternative approach of recording the actual requirements against elapsed 4.1.1.2 h time. This takes care of the Estimate resources for each critical activity for resumption. Add as much MTPoD/RTO information information you want on these resources. For example, for staff members it for the resources and at the can be whether working from home is required or not. It is also prudent to same time provides additional have alternative (backup) arrangements for the resources required and identify information such as numbers any gaps that may exist and have a plan for the same. reqd. and alternative 02/08/2009 02/08/2009 arrangements. Dipankar Ghosh Dipankar Ghosh 9 9
Estimating Resources for Critical Activities for Resumption Activity/ Resources Elapsed Time Alternative Not Critical Action Who/When Critical Process Arrangements 1 12 1 2 hr hours day days Software Premises Requirements analysis PM Towers X X X √ None 1. Arrangement for 1. BX (RTO – 2 home working to 14/08/09 days) be made. To ensure that each person has a PC/laptop, telephone/mobile and internet 2. ZC 2. Finalise contract 31/08/09 with 3rd party for making alternate premises available with 3-5 desk positions within an hour of notice. To include Telephone with STD/ISD and broadband internet Software Desk Positions 0 0 0 5 None As in premises above - Requirements Analysis (RTO – 2 days) Software Software MS Office 0 0 0 3 Utilise paper - - Requirements Analysis (RTO – 2 days) Visio 0 0 0 1 Utilise paper - - 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 10 10
Estimating Resources for Critical Activities for Resumption Not Critical Critical Activity/ Resources Elapsed Time Alternative Action Who/When Process Arrangements 1 12 1 2 hr hours day days Software Hardware Requirements analysis PC/Laptop 0 0 1 3 None 1. Make arrangements with TD (RTO – 2 current PC/Laptop suppliers / 31/08/09 days) alternate suppliers to provide spare PC/Laptops within 4 hours of request 2. Finalise contract with 3rd party for making alternate premises available with 3-5 desk positions within an hour of notice. To include Telephone with STD/ISD and broadband internet Storage (pen 0 0 1 1 Spare pen - - drive/disc) drives/discs available Speaker/Mic 0 0 1 1 Spare - - speakers/mic available 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 11 11
Estimating Resources for Critical Activities for Resumption Not Critical Critical Activity/ Resources Elapsed Time Alternative Action Who/When Process Arrangements 1 12 1 2 hr hours day days Software Telecom &Internet Requirements analysis Telephone/Mobile 0 0 1 1 1. Use facility at - - (RTO – 2 with STD/ISD facility alternate days) recovery location (ref Premises section above) 2. Use facility available at home (ref Premises section above) Internet 0 0 1 1 As above - - 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 12 12
Estimating Resources for Critical Activities for Resumption Not Critical Critical Activity/ Resources Elapsed Time Alternative Action Who/When Process Arrangements 1 12 1 2 hr hours day days Software Utilities/Other Requirements analysis Water Supply X X √ √ None Arrange with at least 2 local water KK (RTO – 2 suppliers to provide 10,000 litres 09/01/10 days) (2 days supply) at a notice of 4 hours. Power Supply X X √ √ Standby - - Genset of 100 KVA available within 10 minutes of power outage Air conditioning X X √ √ None Procure and install wall / pedestal KK System fans 19/01/10 Fuel Supply X X √ √ 20,000 KL - - (equivalent of3 days‘ requirement) diesel always available in store 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 13 13

Recomendados

Assessing the impact of a disruption: Building an effective business impact a...
Assessing the impact of a disruption: Building an effective business impact a...Assessing the impact of a disruption: Building an effective business impact a...
Assessing the impact of a disruption: Building an effective business impact a...Bryghtpath LLC
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningDipankar Ghosh
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness Imad Almurib
 
BIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and DependenciesBIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and DependenciesRamiro Cid
 
BUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemBUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemKuroba Kaitou
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.inSatya Yadav
 

Recomendados

Assessing the impact of a disruption: Building an effective business impact a...
Assessing the impact of a disruption: Building an effective business impact a...Assessing the impact of a disruption: Building an effective business impact a...
Assessing the impact of a disruption: Building an effective business impact a...Bryghtpath LLC
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningDipankar Ghosh
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness Imad Almurib
 
BIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and DependenciesBIA - Example of Business Impact Analysis and Dependencies
BIA - Example of Business Impact Analysis and DependenciesRamiro Cid
 
BUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemBUSINESS CONTINUITY MANAGEMENT system
BUSINESS CONTINUITY MANAGEMENT systemKuroba Kaitou
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.inSatya Yadav
 
Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning PresentationThe Chamber For a Greater Chapel Hill-Carrboro
 
Effective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesEffective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesSlideTeam
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTContinuity and Resilience
 
Risk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesRisk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesSlideTeam
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementDiane Christina
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides SlideTeam
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
Introduction to Business Continuity Management
Introduction to Business Continuity ManagementIntroduction to Business Continuity Management
Introduction to Business Continuity ManagementProf. David E. Alexander (UCL)
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
 
Business Continuity - Business Risk &amp; Management
Business Continuity - Business Risk &amp; ManagementBusiness Continuity - Business Risk &amp; Management
Business Continuity - Business Risk &amp; ManagementAndrew Styles
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planingHanaysha
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recoverymadunix
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
 
Risk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation SlidesRisk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation SlidesSlideTeam
 
Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides SlideTeam
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintluweinet
 

Más contenido relacionado

La actualidad más candente

Effective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesEffective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesSlideTeam
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTContinuity and Resilience
 
Risk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesRisk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesSlideTeam
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementDiane Christina
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides SlideTeam
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity CapabilityRod Davis
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
 
Business Continuity - Business Risk &amp; Management
Business Continuity - Business Risk &amp; ManagementBusiness Continuity - Business Risk &amp; Management
Business Continuity - Business Risk &amp; ManagementAndrew Styles
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planingHanaysha
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recoverymadunix
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planningSandeep Kashyap
 
Risk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation SlidesRisk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation SlidesSlideTeam
 
Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides SlideTeam
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 

La actualidad más candente (20)

Business Continuity Planning Presentation
Business Continuity Planning PresentationBusiness Continuity Planning Presentation
Business Continuity Planning Presentation
 
Effective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation SlidesEffective Business Continuity Plan Powerpoint Presentation Slides
Effective Business Continuity Plan Powerpoint Presentation Slides
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
 
Risk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesRisk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation Slides
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides Business Continuity Plan PowerPoint Presentation Slides
Business Continuity Plan PowerPoint Presentation Slides
 
Building a Business Continuity Capability
Building a Business Continuity CapabilityBuilding a Business Continuity Capability
Building a Business Continuity Capability
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Introduction to Business Continuity Management
Introduction to Business Continuity ManagementIntroduction to Business Continuity Management
Introduction to Business Continuity Management
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation Slides
 
Business Continuity - Business Risk &amp; Management
Business Continuity - Business Risk &amp; ManagementBusiness Continuity - Business Risk &amp; Management
Business Continuity - Business Risk &amp; Management
 
Business continuity & Disaster recovery planing
Business continuity & Disaster recovery planingBusiness continuity & Disaster recovery planing
Business continuity & Disaster recovery planing
 
Business continuity planning and disaster recovery
Business continuity planning and disaster recoveryBusiness continuity planning and disaster recovery
Business continuity planning and disaster recovery
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planning
 
Risk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation SlidesRisk Management Process Steps Powerpoint Presentation Slides
Risk Management Process Steps Powerpoint Presentation Slides
 
Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides Risk Assessment PowerPoint Presentation Slides
Risk Assessment PowerPoint Presentation Slides
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 

Destacado

Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysisdlfrench
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintluweinet
 
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
 
Impact Analysis Template - Enterprise
Impact Analysis Template - EnterpriseImpact Analysis Template - Enterprise
Impact Analysis Template - EnterpriseToby Elwin
 
02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIABCM Institute
 
Business continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysisBusiness continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysismoranjustin
 
Bbp change impact analysis sample_2009_v07
Bbp change impact analysis sample_2009_v07Bbp change impact analysis sample_2009_v07
Bbp change impact analysis sample_2009_v07Muhammad_Abdelgawad
 
Business continuity and disaster recovery
Business continuity and disaster recoveryBusiness continuity and disaster recovery
Business continuity and disaster recoveryAdeel Javaid
 
A Top Down Business Impact Analyses Method V5
A Top Down Business Impact Analyses Method V5A Top Down Business Impact Analyses Method V5
A Top Down Business Impact Analyses Method V5Gewurtz
 
Impact Analysis - LoopConf
Impact Analysis - LoopConfImpact Analysis - LoopConf
Impact Analysis - LoopConfChris Lema
 
Scope or: How to Manage Projects for Organization Success
Scope or: How to Manage Projects for Organization SuccessScope or: How to Manage Projects for Organization Success
Scope or: How to Manage Projects for Organization SuccessToby Elwin
 
Iso 22301 - der neue Standard für Business Continuity Management
Iso 22301 - der neue Standard für Business Continuity ManagementIso 22301 - der neue Standard für Business Continuity Management
Iso 22301 - der neue Standard für Business Continuity Managementhaemmerle-consulting
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
 
Simplify your external dependency management - DPC11
Simplify your external dependency management - DPC11Simplify your external dependency management - DPC11
Simplify your external dependency management - DPC11Stephan Hochdörfer
 
Business Impact Analysis and DR The Hutt Valley DHB Experience
Business Impact Analysis and DR The Hutt Valley DHB ExperienceBusiness Impact Analysis and DR The Hutt Valley DHB Experience
Business Impact Analysis and DR The Hutt Valley DHB ExperienceHealth Informatics New Zealand
 
Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...BSI British Standards Institution
 
Bs25999 business continuity implementation
Bs25999 business continuity implementationBs25999 business continuity implementation
Bs25999 business continuity implementationiso27001consulting
 
Cole ready aim fire impact!- status impact analysis - nasa
Cole ready aim fire impact!- status impact analysis - nasaCole ready aim fire impact!- status impact analysis - nasa
Cole ready aim fire impact!- status impact analysis - nasaNASAPMC
 
Gersetenmaier.william l
Gersetenmaier.william lGersetenmaier.william l
Gersetenmaier.william lNASAPMC
 

Destacado (20)

Business Impact Analysis
Business Impact AnalysisBusiness Impact Analysis
Business Impact Analysis
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprint
 
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)
 
Impact Analysis Template - Enterprise
Impact Analysis Template - EnterpriseImpact Analysis Template - Enterprise
Impact Analysis Template - Enterprise
 
02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA02 Practical Strategies of Conducting BIA
02 Practical Strategies of Conducting BIA
 
Business continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysisBusiness continuity - 5 key steps to effective business impact analysis
Business continuity - 5 key steps to effective business impact analysis
 
Bbp change impact analysis sample_2009_v07
Bbp change impact analysis sample_2009_v07Bbp change impact analysis sample_2009_v07
Bbp change impact analysis sample_2009_v07
 
Business continuity and disaster recovery
Business continuity and disaster recoveryBusiness continuity and disaster recovery
Business continuity and disaster recovery
 
A Top Down Business Impact Analyses Method V5
A Top Down Business Impact Analyses Method V5A Top Down Business Impact Analyses Method V5
A Top Down Business Impact Analyses Method V5
 
Impact Analysis - LoopConf
Impact Analysis - LoopConfImpact Analysis - LoopConf
Impact Analysis - LoopConf
 
Scope or: How to Manage Projects for Organization Success
Scope or: How to Manage Projects for Organization SuccessScope or: How to Manage Projects for Organization Success
Scope or: How to Manage Projects for Organization Success
 
Iso 22301 - der neue Standard für Business Continuity Management
Iso 22301 - der neue Standard für Business Continuity ManagementIso 22301 - der neue Standard für Business Continuity Management
Iso 22301 - der neue Standard für Business Continuity Management
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
 
Simplify your external dependency management - DPC11
Simplify your external dependency management - DPC11Simplify your external dependency management - DPC11
Simplify your external dependency management - DPC11
 
Business Impact Analysis and DR The Hutt Valley DHB Experience
Business Impact Analysis and DR The Hutt Valley DHB ExperienceBusiness Impact Analysis and DR The Hutt Valley DHB Experience
Business Impact Analysis and DR The Hutt Valley DHB Experience
 
Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...
 
Bs25999 business continuity implementation
Bs25999 business continuity implementationBs25999 business continuity implementation
Bs25999 business continuity implementation
 
Cole ready aim fire impact!- status impact analysis - nasa
Cole ready aim fire impact!- status impact analysis - nasaCole ready aim fire impact!- status impact analysis - nasa
Cole ready aim fire impact!- status impact analysis - nasa
 
Business Continuity.Bs25999
Business Continuity.Bs25999Business Continuity.Bs25999
Business Continuity.Bs25999
 
Gersetenmaier.william l
Gersetenmaier.william lGersetenmaier.william l
Gersetenmaier.william l
 

Similar a Business Impact Analysis - Clause 4 Of BS25999 In Practice

Project mgt
Project mgtProject mgt
Project mgtNgoc Dep
 
D05 Define VOC, VOB and CTQ
D05 Define VOC, VOB and CTQD05 Define VOC, VOB and CTQ
D05 Define VOC, VOB and CTQLeanleaders.org
 
VoIP Implementation WBSTask NameDurationStart DateEnd DatePredeces.docx
VoIP Implementation WBSTask NameDurationStart DateEnd DatePredeces.docxVoIP Implementation WBSTask NameDurationStart DateEnd DatePredeces.docx
VoIP Implementation WBSTask NameDurationStart DateEnd DatePredeces.docxjessiehampson
 
Program Management Dashboards
Program Management DashboardsProgram Management Dashboards
Program Management DashboardsBob Prieto
 
Status reporting guidelines
Status reporting guidelinesStatus reporting guidelines
Status reporting guidelinesEric Tachibana
 
Paul Capello Cerner Health Conference
Paul Capello Cerner Health ConferencePaul Capello Cerner Health Conference
Paul Capello Cerner Health Conferencetigcap
 
Paul Capello CHC 2010 Final
Paul Capello CHC 2010 FinalPaul Capello CHC 2010 Final
Paul Capello CHC 2010 Finaltigcap
 
Offset 2012 Analysis
Offset 2012 AnalysisOffset 2012 Analysis
Offset 2012 AnalysisAnkur Gupta
 
Failure of tube reduced in split air conditioner (2)
Failure of tube reduced in split air conditioner (2)Failure of tube reduced in split air conditioner (2)
Failure of tube reduced in split air conditioner (2)prj_publication
 
data-driven PMO : How to unlock value from your PMO
data-driven PMO : How to unlock value from your PMOdata-driven PMO : How to unlock value from your PMO
data-driven PMO : How to unlock value from your PMOThibaut De Vylder
 
Requirements & scope
Requirements & scopeRequirements & scope
Requirements & scopeCraig Brown
 
Project EvaluationSD2 - countFuncLOC projectProject Team[DATE]Dev.docx
Project EvaluationSD2 - countFuncLOC projectProject Team[DATE]Dev.docxProject EvaluationSD2 - countFuncLOC projectProject Team[DATE]Dev.docx
Project EvaluationSD2 - countFuncLOC projectProject Team[DATE]Dev.docxbriancrawford30935
 
Enhancing Fed Gov Transparency DemocrAssessment And Participative Planning
Enhancing Fed Gov Transparency DemocrAssessment And Participative PlanningEnhancing Fed Gov Transparency DemocrAssessment And Participative Planning
Enhancing Fed Gov Transparency DemocrAssessment And Participative PlanningGov2.0
 
Contract Risk Assessment by using integrated systems
Contract Risk Assessment by using integrated systemsContract Risk Assessment by using integrated systems
Contract Risk Assessment by using integrated systemsPedram Danesh-Mand
 
ASCLME project management indicators
ASCLME project management indicatorsASCLME project management indicators
ASCLME project management indicatorsIwl Pcu
 
ASCLME project management indicators
ASCLME project management indicatorsASCLME project management indicators
ASCLME project management indicatorsIwl Pcu
 
Experience with the Design of Logical Frameworks and the Evaluation of Delive...
Experience with the Design of Logical Frameworks and the Evaluation of Delive...Experience with the Design of Logical Frameworks and the Evaluation of Delive...
Experience with the Design of Logical Frameworks and the Evaluation of Delive...Iwl Pcu
 
Translinked Project Map
Translinked Project MapTranslinked Project Map
Translinked Project MapTranslinked
 
Matrix of responsibility
Matrix of responsibilityMatrix of responsibility
Matrix of responsibilityFarzana Amin
 

Similar a Business Impact Analysis - Clause 4 Of BS25999 In Practice (20)

Project mgt
Project mgtProject mgt
Project mgt
 
D05 Define VOC, VOB and CTQ
D05 Define VOC, VOB and CTQD05 Define VOC, VOB and CTQ
D05 Define VOC, VOB and CTQ
 
VoIP Implementation WBSTask NameDurationStart DateEnd DatePredeces.docx
VoIP Implementation WBSTask NameDurationStart DateEnd DatePredeces.docxVoIP Implementation WBSTask NameDurationStart DateEnd DatePredeces.docx
VoIP Implementation WBSTask NameDurationStart DateEnd DatePredeces.docx
 
Program Management Dashboards
Program Management DashboardsProgram Management Dashboards
Program Management Dashboards
 
Status reporting guidelines
Status reporting guidelinesStatus reporting guidelines
Status reporting guidelines
 
Paul Capello Cerner Health Conference
Paul Capello Cerner Health ConferencePaul Capello Cerner Health Conference
Paul Capello Cerner Health Conference
 
Paul Capello CHC 2010 Final
Paul Capello CHC 2010 FinalPaul Capello CHC 2010 Final
Paul Capello CHC 2010 Final
 
Offset 2012 Analysis
Offset 2012 AnalysisOffset 2012 Analysis
Offset 2012 Analysis
 
Failure of tube reduced in split air conditioner (2)
Failure of tube reduced in split air conditioner (2)Failure of tube reduced in split air conditioner (2)
Failure of tube reduced in split air conditioner (2)
 
data-driven PMO : How to unlock value from your PMO
data-driven PMO : How to unlock value from your PMOdata-driven PMO : How to unlock value from your PMO
data-driven PMO : How to unlock value from your PMO
 
Requirements & scope
Requirements & scopeRequirements & scope
Requirements & scope
 
Project EvaluationSD2 - countFuncLOC projectProject Team[DATE]Dev.docx
Project EvaluationSD2 - countFuncLOC projectProject Team[DATE]Dev.docxProject EvaluationSD2 - countFuncLOC projectProject Team[DATE]Dev.docx
Project EvaluationSD2 - countFuncLOC projectProject Team[DATE]Dev.docx
 
Enhancing Fed Gov Transparency DemocrAssessment And Participative Planning
Enhancing Fed Gov Transparency DemocrAssessment And Participative PlanningEnhancing Fed Gov Transparency DemocrAssessment And Participative Planning
Enhancing Fed Gov Transparency DemocrAssessment And Participative Planning
 
Contract Risk Assessment by using integrated systems
Contract Risk Assessment by using integrated systemsContract Risk Assessment by using integrated systems
Contract Risk Assessment by using integrated systems
 
D07 Project Charter
D07 Project CharterD07 Project Charter
D07 Project Charter
 
ASCLME project management indicators
ASCLME project management indicatorsASCLME project management indicators
ASCLME project management indicators
 
ASCLME project management indicators
ASCLME project management indicatorsASCLME project management indicators
ASCLME project management indicators
 
Experience with the Design of Logical Frameworks and the Evaluation of Delive...
Experience with the Design of Logical Frameworks and the Evaluation of Delive...Experience with the Design of Logical Frameworks and the Evaluation of Delive...
Experience with the Design of Logical Frameworks and the Evaluation of Delive...
 
Translinked Project Map
Translinked Project MapTranslinked Project Map
Translinked Project Map
 
Matrix of responsibility
Matrix of responsibilityMatrix of responsibility
Matrix of responsibility
 

Business Impact Analysis - Clause 4 Of BS25999 In Practice

  • 1. Business Impact Analysis Clause 4.1.1 Requirements Of BS25999-2:2007
  • 2. Executive Summary This document attempts to Most of the content within the provide an understanding of the example tables are self- BIA process as required by the explanatory, however some of British Standard, BS25999- them have been supported with 2:2007 call outs A flow chart illustrates the flow The example does not strictly of the BIA process per Clause stick to the BS standard but 4.1.1 of the standard includes additional items which Subsequently, each step in the are believed to add value from the process has been demonstrated actionable information point of by means of an example view 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 2 2
  • 3. Section 4.1.1 Of BS25999-2:2007 4.1.1 Business Impact Analysis 4.1.1.1 There shall be a defined, documented and appropriate method for determining the impact of any disruption of the activities that support the organisation’s key products and services (see 3.2.1) 4.1.1.2 The organisation shall: a) Identify activities that support its key products and services b) Identify impacts resulting from the disruption to these activities, and determine how these vary over time c) Establish maximum tolerable period of disruption (MTPoD) for each activity by identifying: (1) The maximum time after the start of the disruption within which each activity needs to be resumed (2) The minimum level at which each activity needs to be performed upon resumption; and (3) The length of time within which normal levels of operation need to be resumed; d) Categorise its activities according to their priority for recovery and identify its critical activities e) Identify all dependencies relevant to the critical activities, including suppliers and outsourced partners f) For suppliers and outsource partners on whom critical activities depend determine what BCM arrangements are in place for the relevant products and services they provide g) Set recovery time objectives (RTO) for the resumption of critical activities within their maximum tolerable period of disruption; and h) Estimate the resources that each critical activity will require for resumption 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 3 3
  • 4. BIA Flow Chart 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 4 4
  • 5. Identifying Activities & Impacts Including 4.1.1.2 c 2 Impacts Over Time (4.1.1.2) 4.1.1.2 c 3 Company XYZ Building Grand HQ City Indore Department Software Development Activity/Process Company Impact Over Time On Values MTPoD RTO Minimum Time To Values (< Level Of Resume 30 min 1 8 1 1 1 MTPoD) Performance Normal 4.1.1.2 b hr hrs day wk mt Operations Identify h impacts and Software requirements Human Life L L L L L L 3 days 2 days Do paper based 5 days determine how analysis Implications requirements analysis for all they vary over Financial L L L L M H projects for time Implications which deadlines are near Reputation L L L L M H Loss Customer L L L L M H Satisfaction Software architecture Human Life L L L L L L 16 hours 12 hours Do paper based 2 days and design Implications design and architecture Financial L L L L M H activities for all Implications projects for which deadlines Reputation L L L M M H are near Loss Customer L L L M H H Satisfaction Software construction Human Life L L L L L L 16 hours 12 hours Software 1 day Implications construction work for Financial L Implications 4.1.1.2 c L L 1 M M H projects for which deadlines These are the cells which are the transition points from Low are near Reputation to Medium impact and may be used to derive theM Loss L L L M H MTPoD. 4.1.1.2 a Using one’s judgement the MTPoD can be considered as 4.1.1.2 g Customer Identify activities any time between the timeL represented by the transitioning Satisfaction L L M H H Note that RTO is mandatory only for the critical activities per the supporting key low impact time and the next medium impact time. In this standard. It can be calculated after putting a safety cushion per company 02/08/2009 services 02/08/2009 products & Dipankar Ghosh example it is a time between 8 hours and 1Ghosh Dipankar day 5 policy over the MTPoD. The safety cushion should consider the cycle time 5 to deliver product/service from the time the activity is resumed.
  • 6. Categorising Activities by Priorities and 4.1.1.2 d Indentify activities which are critical to the Identifying Critical Activities organisation. This may be based on the company’s policy. For Activity/Process Company Impact Over Time On Values MTPoD RTO Priority Criticality example, any activity Values (< MTPoD) whose RTO is <= 16 30 1 8 1 1 1 min hr hrs day week month Hours can be considered to be critical Software Human Life L L L L L L by the company. Requirements Implications All other activities analysis Financial L L L L M H though could become Select your time Implications 3 days 2 days 2 critical over time if they Not Critical intervals as Reputation Loss L L L L M H are not brought up appropriate for your within their respective Customer L L L L M H RTOs. function Satisfaction Software architecture Human Life L L L L L L and design Implications Financial L L L L M H Implications 16 hours 12 hours 1 Critical Reputation Loss L L L M M H Customer L L L M H H Satisfaction Software construction Human Life L L L L L L Implications Financial L L L M M H Implications 16 hours 12 hours 1 Critical Reputation Loss L L L M M H Customer L L L M H H 4.1.1.2 d Satisfaction Prioritising activities by comparing the RTOs of the activities and ensuring activities with lower RTOs are given higher priority 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 6 6
  • 7. Identify Dependencies for All Critical Activities – You Are Dependent On Them Activity / Process Priority Criticality Agency/Department External/Internal Description of dependency Software requirements 2 Critical Sales and Accounts Internal Receive inputs from this team on analysis Management client requirements Technology Internal Ensure that network, systems, telecom and other technical resources required are available Client External/Internal Receive inputs on software requirements Software architecture 1 Critical Technology Internal Ensure that network, systems, and design telecom and other technical resources required are available Client External/Internal Receive design review and approval Software construction 1 Critical Technology Internal Ensure that network, systems, telecom and other technical resources required are available 4.1.1.2 e Additionally, if you are dependent upon a supplier/partner you are required to ensure that the supplier/partner has 4.1.1.2 e adequate BCM arrangements. This will entail some sort of Identify internal and external dependencies. This audit of your supplier/partner BCM processes. Also includes those who are dependant on you and 02/08/2009 there are alternatives to your existing suppliers 02/08/2009 ensure that Dipankar Ghoshyou are dependant upon. Dipankar Ghosh those 7 7
  • 8. Identify Dependencies for All Critical Activities – They Are Dependent On You Activity / Process Priority Criticality Agency/Department External/Internal Description of dependency Software requirements 2 Critical Sales and Accounts Internal Provide outputs to this team to take analysis Management these up with client Client External/Internal Provide outputs to client for their consideration/feedback/approval etc. Software Quality Internal Provide system requirements specs to produce test plans and test cases Software architecture 1 Critical Client External/Internal Provide design deliverables to client and design for approval Software Quality Internal Provide design deliverables to consider for test plans and test cases Software construction 1 Critical Client External/Internal Ensure that network, systems, telecom and other technical resources required are available 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 8 8
  • 9. Estimating Resources for Critical Activities for Resumption Not Critical Critical Activity/Process Resources Elapsed Time 12 1 2 Work Alternative Action Who/When hrs day days from Arrangement Home Requir ed? Software Staff requirements analysis (RTO – 2 Business Analyst 0 0 1 √ In absence of business - - days) analyst the architect and the senior programmer will do the job. Select your time S/w Architect 0 0 1 √ In absence of architect - - intervals as the senior programmer appropriate for your will do the job. If function as well the required, another type of resource. senior programmer will be utilised. E.g. Staff may have different intervals Senior Programmer 0 0 3 √ In absence of the - - than say IT senior programmer the architect will do the Applications, which job. If required, While some would like to put in turn may have another senior a MTPoD and/or RTO to the programmer will be different time resources this paper provides utilised. frames for Utilities the alternative approach of recording the actual requirements against elapsed 4.1.1.2 h time. This takes care of the Estimate resources for each critical activity for resumption. Add as much MTPoD/RTO information information you want on these resources. For example, for staff members it for the resources and at the can be whether working from home is required or not. It is also prudent to same time provides additional have alternative (backup) arrangements for the resources required and identify information such as numbers any gaps that may exist and have a plan for the same. reqd. and alternative 02/08/2009 02/08/2009 arrangements. Dipankar Ghosh Dipankar Ghosh 9 9
  • 10. Estimating Resources for Critical Activities for Resumption Activity/ Resources Elapsed Time Alternative Not Critical Action Who/When Critical Process Arrangements 1 12 1 2 hr hours day days Software Premises Requirements analysis PM Towers X X X √ None 1. Arrangement for 1. BX (RTO – 2 home working to 14/08/09 days) be made. To ensure that each person has a PC/laptop, telephone/mobile and internet 2. ZC 2. Finalise contract 31/08/09 with 3rd party for making alternate premises available with 3-5 desk positions within an hour of notice. To include Telephone with STD/ISD and broadband internet Software Desk Positions 0 0 0 5 None As in premises above - Requirements Analysis (RTO – 2 days) Software Software MS Office 0 0 0 3 Utilise paper - - Requirements Analysis (RTO – 2 days) Visio 0 0 0 1 Utilise paper - - 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 10 10
  • 11. Estimating Resources for Critical Activities for Resumption Not Critical Critical Activity/ Resources Elapsed Time Alternative Action Who/When Process Arrangements 1 12 1 2 hr hours day days Software Hardware Requirements analysis PC/Laptop 0 0 1 3 None 1. Make arrangements with TD (RTO – 2 current PC/Laptop suppliers / 31/08/09 days) alternate suppliers to provide spare PC/Laptops within 4 hours of request 2. Finalise contract with 3rd party for making alternate premises available with 3-5 desk positions within an hour of notice. To include Telephone with STD/ISD and broadband internet Storage (pen 0 0 1 1 Spare pen - - drive/disc) drives/discs available Speaker/Mic 0 0 1 1 Spare - - speakers/mic available 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 11 11
  • 12. Estimating Resources for Critical Activities for Resumption Not Critical Critical Activity/ Resources Elapsed Time Alternative Action Who/When Process Arrangements 1 12 1 2 hr hours day days Software Telecom &Internet Requirements analysis Telephone/Mobile 0 0 1 1 1. Use facility at - - (RTO – 2 with STD/ISD facility alternate days) recovery location (ref Premises section above) 2. Use facility available at home (ref Premises section above) Internet 0 0 1 1 As above - - 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 12 12
  • 13. Estimating Resources for Critical Activities for Resumption Not Critical Critical Activity/ Resources Elapsed Time Alternative Action Who/When Process Arrangements 1 12 1 2 hr hours day days Software Utilities/Other Requirements analysis Water Supply X X √ √ None Arrange with at least 2 local water KK (RTO – 2 suppliers to provide 10,000 litres 09/01/10 days) (2 days supply) at a notice of 4 hours. Power Supply X X √ √ Standby - - Genset of 100 KVA available within 10 minutes of power outage Air conditioning X X √ √ None Procure and install wall / pedestal KK System fans 19/01/10 Fuel Supply X X √ √ 20,000 KL - - (equivalent of3 days‘ requirement) diesel always available in store 02/08/2009 02/08/2009 Dipankar Ghosh Dipankar Ghosh 13 13