Business Impact Analysis (BIA) and Business Continuity Plan (BCP)
docx
keyboard_arrow_up
School
Jomo Kenyatta University of Agriculture and Technology, Nairobi *
*We aren’t endorsed by this school
Course
2301
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
10
Uploaded by samuelnjehia
Running head: RISK MANAGEMENT PROJECT PART 4
1
Business Impact Analysis (BIA) and Business Continuity Plan (BCP)
Students Name
Institutional Affiliation
Course
Date
RISK MANAGEMENT PROCESS PART 4
2
Business Impact Analysis (BIA) and Business Continuity Plan (BCP)
Business Impact Analysis (BIA) plan for Health Network,
Inc.
A business impact analysis is an important process that entails analyzing,
assessing, and forecasting the potential implications of a tragedy or a company setback
(Blokdyk, 2019These business difficulties can have a detrimental influence on a
company's activities and operations. Therefore it's critical to have a business impact
analysis plan to help the company undertake successful business impact analysis.
Because risk management is so important to The Health Network, Inc., I've been
assigned with drafting a BIA plan. Following an assessment of the current risk
management plan, various threats were identified that could impact business functions
and operations. As a result, a business impact analysis plan should be created to guide
the BIA process.
The objectives of a BIA
A business impact analysis's purpose is to figure out how a disaster or business
failure may affect business activities and operations. It also guarantees that recovery
criteria are set to examine mission-critical functions in the BCP and determine the RPO
and RTO. Analyzing the areas of weakness and susceptibility is another key task.
RISK MANAGEMENT PROCESS PART 4
3
The business functions
The Health Network, Inc. has several business activities like:
i.
The HDNet Exchange operations comprise protecting electronic medical
communications from its customers and afterward forwarded to the receipt
clients.
ii.
The HDNet Pay services assist in the management of secure payments and
invoices.
iii.
The HDNet Connect services help the company's customers get the right brand
care at the right time. It also contains all pertinent information on the company's
staff, making it simple for clients to connect with the appropriate personnel.
The services mentioned above are vital to the company's normal operation
because they are reliant on them. If our organization were to encounter a threat or a
calamity, these vital functions would be jeopardized.
Critical Resources
The three production data centers, one thousand production servers, and 650
corporate laptops and mobile devices are among the company's important resources.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
RISK MANAGEMENT PROCESS PART 4
4
Business impact analysis outline
Plan, organize and communicate
A business impact analysis roadmap should be prepared before carrying out the
analysis. The organization's goals are laid out at this point, and they're double-checked
to make sure they're on track with the organization's plans. It is decided how
quantitative and qualitative data will be obtained and evaluated (Sikdar, 2017).
Furthermore, the style of communication is a crucial aspect in how everyone involved in
the business impact analysis should be informed about why it is being done.
Collecting Information
The most critical procedures, responsibilities, and resources are defined at this
stage. It is also established what would happen if important functions and operations
could not be carried out. Different calamities that could affect the company are also
evaluated, including the severity of the disaster and how it could affect the company.
Data Collection and Interpretation
After gathering all essential data, it is documented in a formal document. The
errors are then double-checked and corrected. Conclusions can be formed from the
data, such as determining the most significant resources for the company. The
RISK MANAGEMENT PROCESS PART 4
5
company's basic standards for recovery after a tragedy are determined. The RPO and
RTO, as well as the amount of money lost due to downtime and the vulnerabilities that
your company would benefit from addressing, are all identified (Snedaker, 2007).
Create a good DR plan using the BIA you just completed
After completing the business impact analysis, the evidence obtained can be
used to design an effective disaster recovery plan that can be used to mitigate the
detected risks. The data can also be used to calculate the cost-effectiveness of a
disaster recovery solution.
RISK MANAGEMENT PROCESS PART 4
6
Business Continuity Plan (BCP) for Health Network, Inc.
The business continuity plan's goal is to prepare and help the company in the
case of a disaster, allowing it to quickly recover and resume normal operations (Fani &
Subriadi, 2019). The BCP will employ DLIS since the Arlington office is the primary
location for business divisions, including Legal, Financial, Customer Service, and other
corporate systems like accounting and payroll applications, which are the most
vulnerable.
Scope
According to (Fani & Subriadi, 2019), the business continuity plan should provide
a friendly site that is a short distance from the headquarters. In addition, the BCP's
scope will include:
Fifty DLIS file servers.
Its twelve databases.
Payroll system.
Electronic money transfer service.
Emergency Team Employees
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
RISK MANAGEMENT PROCESS PART 4
7
When a crisis strikes, the Emergency Management Team will have broad
responsibility for the DLIS system's recovery. They are also the designated contact
between the BCP Coordinator and the Recovery Team Lead during recovery operations.
Damage Assessment Team
The Damage Assessment Team is responsible for determining the level of
damage to the facility, infrastructure, and IT systems, as well as recovery time
objectives. Network Team members and the complete IT department's workforce make
up the Damage Assessment Team. The Damage Assessment Team Lead will update
the BCP Coordinator and EMT Lead on the status of the destruction assessment and
any issues that arise.
Technical Response Team
The Technical Recovery Team will be in charge of ensuring that all applications
hosted on DLIS hardware are fully restored in a different location to minimize downtime
and project risk. It will be made up of the complete IT workforce to ensure that
applications are more accessible in an emergency and demonstrate that the application,
once recovered, performs as intended.
Maintain Operations
Work will continue at the designated warm site in a disaster and when corporate
offices are relocated. The site will have servers bolstered every week to ensure that
RISK MANAGEMENT PROCESS PART 4
8
they are up to date with all relevant data. Because it will be a heated location with
workstations, their applications may become obsolete as the servers take precedence.
Notification / Activation Phase
In the event of a disaster, the teams will be the first to be notified. They'll begin
storing and moving equipment and hardware to a warm area and preparing to assemble
the devices so that work can resume. Furthermore, an emergency may occur with or
without prior notice. In any situation, the notice procedure will be the same. How
employees are notified depends on the type of emergency and whether it occurs during
or after regular business hours. During normal business hours, awareness will be
accomplished via phone, email, voice, cell phone, and pager.
Recovery Phase
In a disaster, the response team will assess the potential damage to the network,
hardware, and other accessories. If basic equipment/devices have been harmed, the
crew can swiftly begin attempting to restore such gadgets to functioning order. Because
the focus is solely on strategic devices, which keep the organization running, any
extraneous services may be halted.
Reconstitution Phase
RISK MANAGEMENT PROCESS PART 4
9
Reconstitution operations refer to the steps required to resume DLIS activities at
the same or a new location. Unexpected events at the warm site should be pushed back
till duties at the current site have been resumed. The goal is to provide a smooth
transition of activity from the warm site office to the home office. The heated site will
continue to function until the essential structure is reconstructed and tested.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
RISK MANAGEMENT PROCESS PART 4
10
References
Blokdyk, G. (2019). Business Impact Analysis BIA A Complete Guide - 2020 Edition.
New York: Emereo Pty Limited.
Fani, S. V., & Subriadi, A. P. (2019). Business continuity plan: examining of multi-usable
framework.
Procedia Computer Science
,
161
, 275-282.
Sikdar, P. (2017).
Practitioner's Guide to Business Impact Analysis
. CRC Press.
Snedaker, S. (2013).
Business continuity and disaster recovery planning for IT
professionals
. Newnes.