Page Sub-category English content to be translated Arabic translations

s
Page Business Continuity Management Awareness
1 Newsletter
Issue # 3
For more info.. visit the BCM Portal

Content 1. Message from Business Continuity

Management
2. What is Business Impact Analysis?
3. Conducting the Business Impact Analysis
4. Outcome of the Business Impact Analysis
5. Important words
6. For More Info...visit...
http://www.thebci.org/
7. https://en.wikipedia.org/wiki/Business_cont
inuity
8. http://www.drj.com/
9. https://www.linkedin.com/groups/738227
10. https://www.linkedin.com/groups/1471
Message from Dear Colleagues, Continuing on our journey of BCM
Business Awareness, we are pleased to release the next
Continuity edition of the Alinma Business Continuity Awareness
Management Newsletter. In this Newsletter, we will discuss BIA –
Business Impact Analysis. How to Conduct BIA and
what are the outcomes of a successful BIA exercise.
Alinma Bank has started this journey to enhance its
BC capabilities through a structured Awareness
program which will be mix of email messages,
newsletters, class room training sessions and e-LMS
(Electronic Learning Management System). Every
employee plays a role in BCM, and hence your
 cooperation and active participation is very
important. For any comments and suggestions for
improving this newsletter kindly write us at
BCM@alinma.com

Page What is Business The business impact analysis is a process for

2 Impact Analysis? analyzing the consequences of a disruptive incident
on the organization. The outcome is to produce a
statement and justification of business continuity
requirements. A business impact analysis (BIA)
exercise predicts the consequences of disruption of
a business function and process and gathers
information needed to develop recovery strategies.
Potential loss scenarios should be identified during a
risk assessment. Operations may also be interrupted
by the failure of a supplier of goods or services or
delayed deliveries. There are many possible
scenarios which should be considered.
 Conducting the
Business Impact While there are many ways to conduct the BIA, one
Analysis of the best practiced/professional ways is through
Survey using questionnaire. Use a BIA questionnaire
to survey; managers BC Champions and others
within the business. Survey those with detailed
knowledge of how the business manufactures its
products or provides its services to identify the
potential impacts if the business function or process
that they are responsible for is interrupted. The BIA
should also identify the critical business processes
and resources needed for the business to continue
to function at different levels.

Page Outcome of the  An organizational structure of product and

3 Business Impact services, processes and functions
Analysis  A list of processes that contribute to the delivery of
the organization’s most urgent product and services
within scope;
 A list of products and services that are identified to
be not so critical, along with the justification for such
a decision.
 Approved MTPD (Maximum Tolerable Period of
Disruption) for the organization;
 Approved MAO (maximum acceptable outage) for
each product/ service/ process.
 Recovery Time Objectives (RTOs) for the processes;

 Recovery Time Objectives (RTOs) for the

technology;
 Recovery Point Objectives (RPOs) for the
processes;
  Recovery Point Objectives (RPOs) where systems/
data is used;
 Main process dependencies – internal and
external;
 A list of internal and external resource
requirements for the continuity and recovery of the
organization’s most urgent product, services and
processes. These resources may be in terms of
people, desks, desktops/ laptops, phones, printers,
other equipment, supplies etc
Page Important 1. 1.Threats Analysis
4 Wordsx Evaluating threats is a part of the BCM program that
consider the following:
 The probability of an event occurring depends on
the time period under consideration
 Estimates of probability or based on historic
information
 It is impossible to identify all threats 2. Recovery
Time Objective (RTO) The targeted duration of time
and a service level within which a business process
must be restored after a disaster (or disruption) in
order to avoid unacceptable consequences
associated with a break in business continuity
2. Recovery Time The targeted duration of time and a service level
Objective (RTO) within which a business process must be restored
after a disaster (or disruption) in order to avoid
unacceptable consequences associated with a break
in business continuity
3. Recovery Point The amount of data at risk. It's determined by the
Objective (RPO) amount of time between data protection events and
reflects the amount of data that potentially could be
lost during a disaster recovery. The metric is an
indication of the amount of data at risk of being lost

4. Maximum Maximum tolerable period of disruption is the

Tolerable Point of maximum amount of time that an enterprise's key
Disruption products or services can remain unavailable or
(MTPD) undeliverable after an event that causes disruption
to operations, before its stakeholders perceive
unacceptable consequences.