Page Sub-category English content to be translated Arabic translations
s Page Business Continuity Management Awareness 1 Newsletter Issue # 3 For more info.. visit the BCM Portal
Content 1. Message from Business Continuity
Management 2. What is Business Impact Analysis? 3. Conducting the Business Impact Analysis 4. Outcome of the Business Impact Analysis 5. Important words 6. For More Info...visit... http://www.thebci.org/ 7. https://en.wikipedia.org/wiki/Business_cont inuity 8. http://www.drj.com/ 9. https://www.linkedin.com/groups/738227 10. https://www.linkedin.com/groups/1471 Message from Dear Colleagues, Continuing on our journey of BCM Business Awareness, we are pleased to release the next Continuity edition of the Alinma Business Continuity Awareness Management Newsletter. In this Newsletter, we will discuss BIA – Business Impact Analysis. How to Conduct BIA and what are the outcomes of a successful BIA exercise. Alinma Bank has started this journey to enhance its BC capabilities through a structured Awareness program which will be mix of email messages, newsletters, class room training sessions and e-LMS (Electronic Learning Management System). Every employee plays a role in BCM, and hence your cooperation and active participation is very important. For any comments and suggestions for improving this newsletter kindly write us at BCM@alinma.com
Page What is Business The business impact analysis is a process for
2 Impact Analysis? analyzing the consequences of a disruptive incident on the organization. The outcome is to produce a statement and justification of business continuity requirements. A business impact analysis (BIA) exercise predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries. There are many possible scenarios which should be considered. Conducting the Business Impact While there are many ways to conduct the BIA, one Analysis of the best practiced/professional ways is through Survey using questionnaire. Use a BIA questionnaire to survey; managers BC Champions and others within the business. Survey those with detailed knowledge of how the business manufactures its products or provides its services to identify the potential impacts if the business function or process that they are responsible for is interrupted. The BIA should also identify the critical business processes and resources needed for the business to continue to function at different levels.
Page Outcome of the An organizational structure of product and
3 Business Impact services, processes and functions Analysis A list of processes that contribute to the delivery of the organization’s most urgent product and services within scope; A list of products and services that are identified to be not so critical, along with the justification for such a decision. Approved MTPD (Maximum Tolerable Period of Disruption) for the organization; Approved MAO (maximum acceptable outage) for each product/ service/ process. Recovery Time Objectives (RTOs) for the processes;
Recovery Time Objectives (RTOs) for the
technology; Recovery Point Objectives (RPOs) for the processes; Recovery Point Objectives (RPOs) where systems/ data is used; Main process dependencies – internal and external; A list of internal and external resource requirements for the continuity and recovery of the organization’s most urgent product, services and processes. These resources may be in terms of people, desks, desktops/ laptops, phones, printers, other equipment, supplies etc Page Important 1. 1.Threats Analysis 4 Wordsx Evaluating threats is a part of the BCM program that consider the following: The probability of an event occurring depends on the time period under consideration Estimates of probability or based on historic information It is impossible to identify all threats 2. Recovery Time Objective (RTO) The targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity 2. Recovery Time The targeted duration of time and a service level Objective (RTO) within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity 3. Recovery Point The amount of data at risk. It's determined by the Objective (RPO) amount of time between data protection events and reflects the amount of data that potentially could be lost during a disaster recovery. The metric is an indication of the amount of data at risk of being lost
4. Maximum Maximum tolerable period of disruption is the
Tolerable Point of maximum amount of time that an enterprise's key Disruption products or services can remain unavailable or (MTPD) undeliverable after an event that causes disruption to operations, before its stakeholders perceive unacceptable consequences.