brought the project to a halt was absence
of critical personnel – the managers who
controlled the operation, failed to participate, and failed to delegate authority.
Meeting after meeting was called to
define the project’s scope. During meeting
after meeting, when the roll was taken, the
critical personnel were absent. The project
apparently had, for these managers, a low
priority.
As with all BIAs, all potential interrup-
tions to “business as usual” should be con-
sidered. Some may be unlikely to occur
– off-the-wall thoughts – but they still
deserve an airing. As with everything to do
with “risk management,” as many people
as possible should be involved; input from
all corners should be welcomed.
BIA
Didn’t
v
John Glenn, MBCI, (JohnGlennMBCI.
com) is an enterprise risk management/
business continuity practitioner with more
than 13 years experience. Glenn invites
comments on this article and others at his
Web site to JohnGlennMBCI@gmail.com.
Do a BIA?
By NATALIE R. WILSON-JONES, CBCP
Not all Auditor Courses are Accredited by ANSI... In Fact, only ICOR’s is. ANSI Accredited Program
BCM 5000: Auditing BCM Programs for PS Prep Certification
• 5 day course designed for for internal auditors, certifying
bodies, and those interested in preparing for a 3rd party audit
of their organization’s Business Continuity Management
System (BCMS)
• Teaches auditors the core components of a BCMS along with
how to conduct an audit against all three standards approved
for PS Prep certification: ASIS SPC.1: 2009, BS 25999-2: 2007,
and NFPA 1600: 2010
• Internal auditors, consultants, and BCM professionals will
benefit from taking the same course as the 3rd party
certifying bodies complete
Ask about our other ANSI Accredited Courses
contact us: theicor.org
+1630-705-0910
If your organization has started own the path of building a busi- ness continuity program, no doubt your team is also trying to save on the cost of time, people, and
resources while performing that task.
To achieve both tasks, some executives have taken the approach of using
only a few resources to push a business continuity and disaster recovery
plan writing campaign. This campaign produces quick success by outlining some procedures they envision
that will absolutely secure successful
business operations recovery in case
of a disruptive incident. Notice I said
“plan writing” campaign and not a
systematic planning methodology.
Then, when the leaders feel the plan
is complete that item can be “checked
off” the proverbial to-do list as done.
You cannot write a good and
viable plan unless you have defined
the goal of your plan. A plan writing
campaign, like any task in a project,
is only one component of a longer list
of objectives and actions within a systematic planning methodology that
ultimately makes up a comprehensive
deliverable. In this case, the deliverable is a business continuity capability within an organization.
One of the components that is
tossed aside most often is the business
impact analysis, or BIA. The BIA
according to the Disaster Recovery
Institute International (DRII) achieves
the following:
Identifies the impacts resulting from
business interruptions that can affect
the organization and techniques that
can be used to quantify and qualify
such impacts. Identifies time-critical
functions, their recovery priorities, and
inter-dependencies so that recovery
time objectives can be established
and approved.
