BIA & BCP

docx

School

Cumberland University *

*We aren’t endorsed by this school

Course

632

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

4

Uploaded by ngararichrisgmail.com

Report
Business Impact Analysis A business impact analysis (BIA) defines a comprehensive process that focuses on determining and evaluating the criticality of business process and resources that can help to ensure the continuity and resilience of an organization after the occurrence of disastrous events. In other words, business impact analysis helps organizations to evaluate the potential adverse effects of a disastrous event. The information collected through BIA helps organizations to identify essential resources and critical business processes that can help the firm to remain resilient. Similarly, it helps the firm to develop detailed business continuity plans that help the firm to remain productive even after disruptive events. Conducting business impact analysis at Health Networks will help to evaluate how the firm’s essential resources and critical business activities such as the payment process can be impacted by the identified threats. The business impact analysis process at Health Networks will also focus on evaluating how adverse impacts on the firm’s IT infrastructure and human resources can limit the continuity of the firm by limiting its ability to satisfy its customers’ need. Critical business functions Health Networks leverages its IT resources to provide services to its customers and receive payments. the firm relies on its IT infrastructure to provide all the three services as indicated below: Payment service - this business function provides billing services and a platform where customers can make secure payments. similarly, Health Networks relies on this service to interact with financial firms such as credit card firms to process the payments made by its customers. any outage of this service means that customers cannot make any payments to the firm. Medical messaging service – Health Network specializes in providing a secure communication platform where medical practitioners such as doctors and nurses can communicate securely. The service also facilitates communication between the health care institutions. Outage of this service will affect Health Network’s ability to provide one of the crucial services to its customers. such outages can result into the firm losing its customers. Knowledge management – Health Network’s IT resources also help the firm to collect and manage immense amount of information. for example, Health Networks collects data about the doctors, nurses and medical institutions that leverage its services. Security Ensuring that all employees and IT are resources are secure is also an essential business function at Health Networks. This means that the firm has to implement and maintain robust physical security, provide conducive work environment for all its employees and implement cybersecurity measures to secure its information systems. Facilities management Health Networks has three data centers and other numerous facilities such as the offices. All these facilitates face numerous challenges such as destruction by fire or natural disasters. For example, the Arlington offices face destruction threats due to the winter storms on the East Coast. As a result, facilities management is a critical business function at Always Fresh since it determines the safety of all the firms assets.
Human resource management Like in any other organization, Health Networks must manage its employees. The firm employees more than 600 individuals who execute different roles within the firm. The human resource department focuses on meeting all employees’ demands and ensuring that the firm provides a conducive work environment. similarly, it focuses on ensuring that the employees meet the firm’s expectations and execute their tasks as expected. Critical resources Information Technology resources As indicated above, all the services provided by the firm, and all business functions at Health Networks rely on the functionality of the firm’s IT resources. For example, the firm’s main services namely HNetPay, HNetConnect and HNetExchange relies on the availability and functionality of the firm’s IT infrastructure. Health Network’s IT resources face numerous threats that range from insider attacks from disgruntled employees to internet-based attacks. similarly, the functionality and availability of the firm’s IT resources can be affected by theft of hardware resources or loss of mobile devices such as laptops and smartphones. It is essential to note that unavailability of the firm’s IT resources limits the ability of Health Network to provide any of the three services to its customers. any prolonged outage of the three services can lead to loss of customers and reduced profits. Human resources Health Networks relies heavily on its workforce to facilitate the execution of different business functions and to provide services to its customers. all the employees work on the various facilities, such as in the firm’s headquarters in Minneapolis, Minnesota, or the other two offices located in Portland Oregon and Arlington Virginia. The employees determine the success levels that Health Networks can achieve and how satisfied the firm’s customers are satisfied with the services provided by the firm. One of the critical business functions at Health Networks is human resources management. The firm has to ensure the employees operate in a safe and secure environment. for example, Health Networks has to ensure that all the employees operating at the Arlington Offices are safe during the Winter storms. Data Health Networks leverages its information system resources to collect, process and store immense amounts of data. it is essential to note that Health Networks stores different types of information such as customers’ data and corporate data. for example, Health Networks collects information such as the transactional data, customer billing information and other financial data. similarly, the firm collects customers’ data such as the details about the clinics and doctors who leverage the firm’s services. Maximum acceptable outage (MAO) The maximum acceptable outage is a metric that refers to the time frame during which an organization must recover from a disastrous event before the impacts of the event become disastrous and compromises the functionality of the firm, or its survivability and continuity. The table below represents an assessment of the impacts on Health Network’s critical business functions against time.
Business Process Impact MOA Knowledge management/ data management Critical 2 days Messaging service critical 2 days Payment/ finance services Major 5 days Facilities Management moderate 10 days Human resource management minor 14 days Recovery Point Objective (RPO) and Recovery Time Objective (RTO) Recovery Point Objective (RPO) defines is a measure that evaluates how frequently an organization takes its backups, and it indicates the amount of data that needs to be reentered after an outage. Recovery time objective defines the amount of downtime that a firm can tolerate without experiencing significant impacts that can threaten its continuity and survivability. Health Networks relies entirely on its information system resources to provide services to its customers. this means that without data and other IT resources, the firm cannot provide services to its customers. as a result, Health Networks’ RPO should be zero or near-zero since the firm cannot tolerate any loss of data. Health Networks can achieve such an RPO by mirroring all its systems or ensuring that all its data is backed up in the cloud or off-site backup facilities in real time. Also, prolonged outage of the firm’s service can lead to customer dissatisfaction, which in turn can lead to loss of income and inability of the firm to recover from the disaster. As a result, the RTO for the three main services is as indicated below: Service RTO HNetPay 4 days HNetExchange 2 days HNet Connect 2 days Business continuity plan Based on all the threats and vulnerabilities that affect the survival and continuity of Health Networks, it is essential for the firm to develop a detailed business continuity plan that will outline all guidelines and measures that will help the firm to improve its survivability. This business continuity plan will outline some of the measures that Health Network should implement to enhance its ability to protect its crucial services such as HNetPay, HNetConnect and HNetExchange against significant impacts caused by any disruptive events. Health Networks faces numerous threats that could have adverse effects on its ability to deliver services to its customers. for example, the threat of outage of services due to loss of hardware resources or cyberattacks can result into reduced profitability, reduced customer satisfaction and loss of customers. it is essential for the firm to implement measures that will help to guarantee its ability to continue executing essential services even if disastrous events occur. BCP activation process The firm’s incident management team manager is responsible for the activation of this plan. The incident management team leader should notify the risk management manager who determines the ideal way to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
handle the disastrous event, as well as communicate with the executives, top managers and all other relevant organizational stakeholders. Internal communication process First, the occurrence of the event should be communicated to all the relevant managers and executives, who will be instructed to share the information with other the stakeholders in their departments. The second process will involve ensuring that all employees are safe and accounted for. The risk manager should then notify all the necessary authorities and law enforcement about the incident. Business continuity measures Health Networks should consider the following strategies to enhance its ability to survive disastrous events. Migrating to the cloud Health Networks relies heavily on the availability of its data centers and all the IT resources they hold. However, the data centers face numerous threats that can lead to downtime or unavailability of the IT services. Health Networks should migrate to the cloud to ensure that its IT resources are off-premise and are secure from typical IT challenges. Cloud solutions such as AWS and Microsoft Azure also provide advanced security features that will help Health Networks to protect its data resources against internet threats such as ransomware attacks and denial of service attacks. cloud solutions also provide advanced backup options that can help Health Networks to implement real-time backup of all its data resources. Acquiring offices in safer location Health Networks should move its Arlington offices to safer locations to ensure the safety of its employees and other essential resources such as it hardware resources and other office equipment. Investing in acquiring alternative facilities will also help to ensure the firm can operate even if one of the facilities is destroyed.

Related Documents

Mitigating Malicious Employees and Natural Disasters.docx
Screenshot 2023-10-29 at 02.41.40.png
SITXWHS003 - Student Assessment Tasks.docx
LB5242 Value Creation.docx
Uopeople work (35).docx
SIX POINTS TO CONSIDER BEFORE YOU WORK ON THE BUSI.docx
Recycled Plastic..docx
BSBWHS332X Hazard Identification Form.v1.0.docx
Essay (13).pdf
Securing the Communications Sector.pptx
Module 3 Dialogue Your Doctoral Support Systems.docx
RES497 Week 2 Assignment.docx