APPENDIX 2: BIA QUESTIONNAIRE

<Organization>

Business impact analysis questionnaire

<Version>

<Date of approval and publishing>

Purpose

The purpose of the business impact analysis (BIA) is to identify the effects of any adverse event on the business of <organization> and this questionnaire is designed to assist in gathering relevant information to understand the impact of such events. The BIA questionnaire also assists in identifying critical processes, resources, assets, etc. that would need to be protected and for which contingency or alternative plans need to be prepared, and in identifying continuity and recovery requirements.

Questionnaire contacts

Please provide the following details about the people involved in completing this questionnaire. If more than one person is involved, please add additional columns as needed.

Information

BCM coordinator

Others – contact 1

Name

 

 

Extension

 

 

Office location/floor

 

 

E-mail address

 

 

Terminology

Business impact analysis (BIA)

Process of analyzing business functions and the effect that a business disruption might have upon them.

Criticality rating

Rating that identifies the importance of a process to the operations of the department/product/service and <organization>.

High criticality

The operations in the department would be significantly impaired if this process is not performed.

Medium criticality

This process provides information which assists in the efficient performance of the functions within the department/product/service. However, the department/ product/service can function without the process in its day-to-day operations for a short period of time.

Low criticality

This process provides information that is not required for the day-to-day operations of the department/product/service. The process is mainly used for managing the department/product/service and does not impact the operations of <organization> for a long period of time.

Recovery point objective (RPO)

The point to which information must be restored to ensure business objectives can be met in line with maximum tolerable downtime for the process.

RTO

The target time set for: 1 – resumption of product or services delivery after an incident; 2 – resumption of performance of an activity after an incident; and 3 – recovery of an IT system and applications.

Backlog

The amount of work that is conducted during the disaster using the alternative processes which needs to be processed as usual once the recovery has been established.

Disaster/crisis

An occurrence and/or perception that threatens the operations, staff, shareholder value, stakeholders, brand, reputation, trust and/or strategic/business goals of <organization>.

Seasonal impact

The impact of the process during a specific period of time. Specially occurs when transactions are conducted frequently.

Understanding your processes – general process information

Please provide details of all processes within your department/product/service.

Image

Understanding your processes – internal and external dependencies

Please provide details of all processes within your department/product/service.

Image

Understanding your processes – impacts and criticality

Please provide details related to the impacts of not performing the individual processes in your business unit or department/product/service. If a quantitative description of impacts is hard to define, please use a qualitative description (high – medium – low). If an impact is irrelevant to the process, please use N/A.

Image

Identifying RTO, season, and RPO

Please provide details of the RTO for each of the processes in your department. While identifying the RTO, please take into account the impacts listed earlier of not performing the process. There might be periods of time for certain processes where they have a higher criticality and a shorter RTO than in usual conditions. Such periods of time are called “seasons”.

When disasters occur, there is a probability of data and information being lost. Please identify what is the acceptable data loss for electronic and hard-copy data in the RPO rating. If possible, please indicate whether the lost data can be recreated or not.

Image

Understanding your processes – IT and resource requirements

Please provide details of all processes within your department/product/service.

#

Process name

System(s) name

System RTO

List vital records (hard copies) required to perform this process

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Succession planning – identification of human resources

Please provide information about critical resources in your department and identify alternative persons who can perform their job in case they are not available. This section will assist in the implementation of succession planning.

#

Name of resource

Designation

Alternative person

Explanations, if any

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Assets required during disaster – identification of recovery resources

Please provide in the following table the resources needed during a disaster, in numbers. Additional resources/assets can be added to the list freely. It should be assumed that a worst-case scenario has occurred.

Image

Image

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.193.141