IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
BIA Workshop“Everything you ever wanted to know about BIA
but were afraid to ask”Berkshire Business Continuity Forum
Robin Gaddum FBCI, May 2016
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
What do you want to get out of today?
Agenda
1. What is a Business Impact Analysis and why do you need one?
2. What comes first, BIA or Risk Assessment?
3. A new ISO guidance standard for BIAs to supplement ISO 22301 - so what?
4. What's the secret to a good BIA?
5. Does the BIA have a future as organisations move towards resilience?
What level of experience do we have in the room?
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
What is a Business Impact Analysis (BIA)? Why do you need one?
Source: BCI Good Practice Guide 2013 http://www.thebci.org/
Syndicate Questions (20 minutes):
1. Where does the BIA fit in the BCM Lifecycle?
2. What is the BIA’s purpose?
3. Have a go!
- What should it include?- How to structure it?- How would you present it for
review and approval?
4. How would you go about completing your BIA?
NB: You are allowed to cheat!
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
What comes first, BIA or Risk Assessment?
Syndicate Questions (15 minutes):
1. Who ‘owns’ the BIA and why?
2. How do you determine BIA scope?
3. Do you need to consider worst-case scenarios and if so, why?
4. How do you define the level of impact that is intolerable?
5. What might you do:
- Before starting the BIA?- After completing the BIA?
6. What does your BIA contribute to your BC Plan?
BIA and Risk Assessment –what is the difference?
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
What's the secret to a good BIA?
Syndicate Questions (15 minutes):
1. What internal objections to doing a BIA might you encounter?
2. Common BIA problems from your own experience?
3. Hints and tips for getting it right?
What have we learnt..?
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
ISO/TS 22317:2015Guidelines for business impact analysis (BIA)
Available to buy at http://shop.bsigroup.com/
This new standard offers supplementary guidance to ISO 22301 and ISO 22313
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
Does the BIA have a future and what might it look like?
Issues:
1. Less appropriate for fixed and mobile asset dependent businesses
2. Automation eroding importance of a solely people-centric BIA, e.g. STP
3. Out of date almost immediately
4. Labour and time-intensive
5. Rarely leveraged for information insight and decision support
In summary, the BIA’s cost does not justify its value other than for compliance purposes
Response:
1. Systems modelling approach, e.g. Bayesian networks
2. Systems Impact Analysis to assess fully automated business processes
3. Automatic update in near real time
4. Ditto above
5. Self-service business analytics, dashboards, situation and workflow
As they stand today, BIAs must either dramatically diminish in time, cost and difficulty, or transform into something that enables operations management
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
For more informationRobin Gaddum FBCIAssociate Partner, IBM [email protected] 610130
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
Impact Categories and Risk Appetite example
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
Process impacts example
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
Process prioritisation and Business Continuity requirements
IBM Resiliency Services: Always there, in an always-on world
© 2015 IBM Corporation
Process resource recovery requirements example
