BUSINESS IMPACT ANALYSIS



Similar documents
WHAT IS DISASTER RECOVERY

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Disaster Recovery Plan

Business Continuity Plan. Components and sequencing description

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Business Continuity Planning

Unit Guide to Business Continuity/Resumption Planning

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

Online Backup Plus Frequently Asked Questions

Glossary of Records Management Terms

Continuity of Business

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

BUSINESS CONTINUITY PLANNING GUIDELINES

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Domain 3 Business Continuity and Disaster Recovery Planning

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

BARRAMUNDI L IMITED RISK MANAGEMENT POLICY

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

Prudential Practice Guide

Clinic Business Continuity Plan Guidelines

1. Backup and Recovery Policy

Attachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Planning at Financial Institutions

Documentation. Disclaimer

BUSINESS CONTINUITY PLAN

BCP and DR. P K Patel AGM, MoF

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Business Continuity Information Gathering Template

Business Continuity Glossary

Business Continuity (Policy & Procedure)

How To Manage A Business Continuity Strategy

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

BACKUP SECURITY GUIDELINE

UMHLABUYALINGANA MUNICIPALITY

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

How To Manage A Disruption Event

University of Aberdeen Information Security Policy

Protecting your Enterprise

15 Organisation/ICT/02/01/15 Back- up

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Managing business risk

Prudential Practice Guide

Disaster Recovery Plan

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Fire Department Guide. Creating and Maintaining Business Continuity Plans (BCP)

Business Continuity Planning and Disaster Recovery Planning

Demographics QUESTIONS COMMENTS

Supervisory Policy Manual

Temple university. Auditing a business continuity management BCM. November, 2015

MHA Consulting. Business Continuity Management 101

Business Continuity Plan Infectious Diseases

IT Disaster Recovery Plan Template

Online Backup Frequently Asked Questions

SAMPLE ELECTRONIC DISCOVERY INTERROGATORIES AND REQUESTS FOR PRODUCTION

MGIC BUSINESS CONTINUITY PROGRAM

Disaster Recovery for Small Businesses

Vendor Management. Outsourcing Technology Services

Document Management Plan Preparation Guidelines

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Security Architecture. Title Disaster Planning Procedures for Information Technology

Identify and Protect Your Vital Records

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN

Operational Risk Publication Date: May Operational Risk... 3

Business Continuity Planning (800)

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Business Continuity Plan Toolkit

BUSINESS CONTINUITY PLAN

Central Bank of India. Business Continuity Management Policy

Proposal for Business Continuity Plan and Management Review 6 August 2008

Interactive-Network Disaster Recovery

State of South Carolina Policy Guidance and Training

Coping with a major business disruption. Some practical advice

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

University of Liverpool

Data Storage And Backup

Protecting Your Business

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

NCUA LETTER TO CREDIT UNIONS

HIPAA RISK ASSESSMENT

Disaster Recovery Planning

Table of Contents... 1

Statement of Guidance

Call: Disaster Recovery/Business Continuity (DR/BC) Services From VirtuousIT

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

SUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS

Transcription:

Introduction A Business Impact Analysis (BIA) is an assessment by the Business of the potential financial and non-financial impact of an outage. It is designed to define the basic requirements for the survival of the business itself. Assumptions The recovery solution should be one that permits the business to sustain operations at the recovery site for a period of four weeks. During this time plans will be made for a return to the primary production site or arrangements made for expansion into a more long term recovery solution. The recovery solution is compromised of a combination of seats, technology and records to permit the following Business Objectives to be met. * Settlement. (committed trades and Bank of Canada) * Maintain funding / liquidity for the Bank * Fulfill funding obligations to clients * Client contact * Trade / Deal execution The Process The purpose of the following questionnaire is to gather the information concerning the exposure and impact to the company as a whole that will result if the Business Unit experiences a significant disruption. Assume that the building is destroyed and unusable for or at least 6 months. An interim solution will be established at the Recovery site, and a longer term one planned for a period beyond that. The combined BIA's will be analysed to provide the following from an overall company perspective: - assessment of the operational, reputational and financial impacts should a disruption occur; - definition of the priorities for the resumption of business activities following a major disruption; - provision of a draft statement of continuity requirements to enable resumption of business. The follow-up interview with the respondent and eventual risk analysis will: - identify specific areas of operational risk; - identify areas where operational practice can be improved to give greater resilience. Thank you for your co-operation. Completed by Title Department Team Business Activity Telephone No. Date

Operational and Reputational Impacts What impact would the incident have on your team's operation and hence the company's cash flow? You should assume the worst scenario and that no resumption of this activity takes place. Please indicate what level of adverse impact to the company as a whole you consider will occur at each stage, using the timeframes indicated below. There is no need to enter a value in every box - only those where there is a change. Mark the appropriate boxes with a number 1-5 that represents the level of impact (see table at foot of page). 0.5 day 1 day 2 days 3 days 1 week 2 weeks 1 month 3 months 6 months Cash Flow Public image Financial Reporting Client Services Competitive Advantage Industry Image Legal/Contractual Violations Regulatory Requirements Employee Morale Third Party Relations Levels of adverse impact: 1 2 3 4 5 No impact Detectable impact but no resulting losses Some impact with consequential loss Significant impact on company results Major impact threatening the survival of the company Notes

Financial Impacts Following a disruption to your business activity it is possible that some level of financial impact will result. For each type of impact listed below that would result from a disruption to your business activity, estimate the cumulative financial impact/exposure to your team only at the various points in time shown. Assume that the disaster occurs at the worst possible time for this activity and that the disruption lasts for up to 6 months. All amounts should be entered in $000. Category None Inability to settle o/s trades Loss of new business Loss of existing business Cancelled existing sales Compensation payments Contractual penalties/fines Availability of operating funds Loss of operating funds Drop in share value Lost interest on funds Lost productivity Extraordinary expenses Other (please specify) 0.5 day 1 day 2 days 3 days 1 week 2 weeks 1 month 3 months 6 months NOTES

Monthly Impact Profile Please consider the severity of impact to your team following a disruption to your business activity. You should assume the worst scenario and that no resumption of your activity takes place. What we are looking for is seasonal variations in likely impact. Using the scale below please indicate what level of adverse impact you would expect each month. Enter a cross in the appropriate box. Scale: 1 represents low impact, 3 average impact and 5 very severe impact. January February March April May June July August September October November December 1 2 3 4 5 NOTES:

Work Backlog For EACH DAY of the disruption to your business activity indicate how long it will take to handle any backlogged work which needs to be done before normal operations resume once your activity is back in operation again. Only include time attributed to the backlog and exclude normal work for the day of resumption. Assume that only the normal resources for this activity are available. Place an "X" in one box only. No backlog 2 hours 4 hours 8 hours 16 hours or over Not possible to re-process How will you have to handle the backlog when your business activity resumes? (Place an "X" in one box only.) You must handle the backlog prior to addressing current work You will be able to establish priorities at the time of business resumption NOTES:

Lost Data When centralized computer services are resumed after major business disruption the potential exists that some previously processed data will be lost. Depending on your backup methodology the time required to re-enter or reconstruct data may or may not be significant. For example, a whole day's data may be lost if the disruption occurs before the backup tapes are sent off-site. How much time will it take your area to re-renter or reconstruct lost data entered on a busy day? Assume that any work in progress (files and working documents) are unavailable unless secured remotely. Place a "X" in one box only. 2 Hours 6 Days 4 Hours 1 Week 8 Hours 2 Weeks 24 Hours 3 Weeks 2 Days 4 Weeks 3 Days Over 4 Weeks 4 Days Not Possible 5 Days Notes:

Workaround Procedures Following a disruption, both centrally provided IT services and some business operations may be halted. Does your area have DOCUMENTED procedures (or a proven method) for "working around" a disruption to centrally provided computer services and/or business operations? Yes No If YES: How long will this activity be able to operate using these procedures When were these procedures last: and maintain an acceptable level of business? Updated? Tested? Used for 1 hour or less Training? Up to 2 hours Never 1 day Within 6 Months Less than 5 days Within 1 Year 5 to 10 days Within 2 Years 10 to 15 days Over 2 Years Over 15 days Place an "X" in one box only. NOTES:

Business Recovery Requirements Following a major disruption, estimate the number (Quantity) of each of the following resources that your activity will require for critical business operations. The number for each category should indicate cumulative totals as time progresses. REMEMBER - THIS IS BASED ON YOUR BUSINESS OBJECTIVES DURING A DISASTER, NOT BUSINESS AS USUAL! However, you should think about the stage at which your department would need to be operating normally again during the six month period. Requirement Personnel Telephones PC's (LAN) PC's (Standalone) Laptop PC's Dedicated laser printer Access to laser printer (no. of users) Dedicated impact printer Access to impact printer (no. of users) Other IT requirements (please specify) Normal Level 0.5 day 1 day 2 days 3 days 1 week 2 weeks 1 month 3 months 6 months Dedicated copier Access to copier (no. of users) Dedicated fax Access to fax (no. of users) Filing cabinets Fire-resistant cabinets/safes Special equipment * Special forms * Access to shredder (no.of users) Other premises requirements (please specify) * Please list any special requirements below.

Business Recovery Requirements NOTES

Software/Applications Please list the desktop software (e.g.word, Excel, Access) and application systems (including data feeds) that your business activity would need following a major disruption. REMEMBER - THIS IS SURVIVAL, NOT BUSINESS AS USUAL! Place a "X" in the appropriate box to indicate at which point in the recovery process it would be needed. A full list of software, applications and data feeds currently used by your business line is provided separately for your assistance. Software / Application Name 0.5 day 1 day 2 days 3 days 1 week 2 weeks 1 month 3 months 6 months NOTES

Business Records Does your business activity use or produce critical business records (not electronically held on PC's or centrally-provided computer systems)? Please identify the status of your business activity's records management program, by marking all that apply. No critical business records No formal records management Records management - documents identified Records management - defined retention Records management - document duplication Records management - documents off site List the critical business records that are your activity's responsibility or that are required by your activity but owned or created by another. Indicate which are least critical and which are most critical using the 1-5 scale (1 represents the least critical and 5 the most critical). Indicate the primary medium used to STORE these records, which may not necessarily be the medium from which they are used. Place a "X" in the appropriate boxes. Optical Floppy Critical Business Records 1 2 3 4 5 Paper Tape Disk Disk Other NOTES:

Computer Reports Does your business activity use critical computer reports? Please list the critical computer reports that are required by your activity. Indicate also the frequency, e.g. Daily, Weekly, etc. by placing a "X" in the appropriate box. Critical Computer Reports System D W M Y Other Frequency NOTES:

Services Please indicate the dependence of your business activity on the following services in maintaining day-to-day operations. Please add any services that are missing from the list. Rate dependence as 1 "Low" if your activity has little or no dependence on the service. Rate dependence as 5 "High" if your activity cannot operate without the service. Place a "X" in the appropriate box. Service 1 2 3 4 5 Internal E-mail (ability to send/receive) External E-mail (ability to send/receive) Access to E-mail folders Access to archived E-mail messages Voice mail Internet Intranet Extranet Video conferencing Voice recording Mobile 'phones Pagers IT Help Desk Document scanning Microfiche Telex Post Room Couriers Travel booking Other (please specify) NOTES

Internal Dependencies Please indicate the dependence of your business activity on other functions and business units for daily operations. Indicate only where there are dependencies on the business personnel, not on information or computer systems. Rate dependence as 1 "Low" if your activity has little or no dependence on the business unit. Rate dependence as 5 "High" if your activity cannot operate without the other business unit. Please list the business units on which you depend and the type of the service you receive from them and place a "X" in the appropriate box according to your level of dependence on them. Business Unit Name Service Provided 1 2 3 4 5 NOTES

External Dependencies Please indicate the dependence of your business activity on external organisations for daily operations. These dependencies could involve suppliers, service companies, information providers (e.g. Reuters, Bloomberg), custodians, banks, utilities, service providers, etc. Rate dependence as 1 "Low" if your activity has little dependence on the organisation. Rate dependence as 5 "High" if your activity cannot operate without the organisation. Please list the organisations on which you depend and the type of the service you receive from them and place a "X" in the appropriate box according to your level of dependence on them. Organisation Name Service Provided 1 2 3 4 5 NOTES

NOTES/QUESTIONS/COMMENTS Please comment on any areas where you wish to expand your answers, list questions you have or any other applicable information.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information