Inputs to the BIA

The inputs to the BIA are coming from your business and mission team members. These inputs are used to inform the business continuity and disaster recovery process:

  • Business process supported: You must clearly identify the business process that is supported when developing your BIA. This information will be looked at when developing the rationale behind why your organization should expend resources to operate this system during a disaster.
  • Information and services criticality: This is where you define the specific data and information systems that support the business process identified previously.
  • Business impact: Have the business think about and document what impact would occur to the business if the information or information systems identified in the BIA were to become unavailable.
  • Information systems utilized: This is where you specifically identify what information systems are used to support the information used as part of the critical business process.
  • Allowable outage: Have the business think about how long can they go without the information and/or the information system. This value is highly dependent on the type of information being discussed and the business unit in question, and therefore could vary wildly from group to group.

For example, the allowable outage for the organization's payroll system may be very different than an e-commerce application. The organization may decide that due to payroll processing requirements, an outage of 24 hours may be acceptable. However, the e-commerce application may only be able to endure an outage of a few minutes before the impact is considered too high.

  • Recovery priority: This is where the business unit establishes how they want their information and information systems to be managed from a BCDR perspective from the information technology perspective.

This is typically accomplished by establishing a tiering system where the higher the tier number the lower the priority.

For example:

    • The e-commerce application mentioned previously may be assigned as a tier one application where it is given a high priority to be recovered and has high resources given to ensure effective recovery.
    • The payroll system may be defined as a tier two application. It has fewer resources assigned to its recovery since it has a greater allowable outage window.

This assignment of recovery priority is important for many reasons:

    • It tells the IT team clearly how the business views criticality of the information system and what their expectations are from a recovery perspective.
    • It ensures that the business understands the impact regarding resources and cost. A tier one application is usually very expensive to build a disaster recovery solution for.

If it is a business requirement, then it is money well spent. However, if it truly isn't business critical and therefore not tier one, its tier level can be reduced, saving the organization resources and money.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.134.103.74