Scribd Logo
Upload

Welcome to Scribd!

  • 484 views

    Business Impact Analysis (BIA) and Risk Assessment Data Gathering Worksheet

    Uploaded by

    Sokoine Hamad Denis
    The document provides templates and guidelines for collecting information to conduct a Business Impact Analysis and risk assessment for a department. The templates include sections to identify the department's key activities, the potential impact of disruption to each activity, recovery time objectives, critical records, roles and facilities/equipment/technology/suppliers that are essential for operations. This information would be used to analyze risk and inform business continuity strategies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Business Impact Analysis (BIA) and Risk Assessment Data Gathering Worksheet

    Uploaded by

    Sokoine Hamad Denis
    484 views6 pages
    The document provides templates and guidelines for collecting information to conduct a Business Impact Analysis and risk assessment for a department. The templates include sections to identify the department's key activities, the potential impact of disruption to each activity, recovery time objectives, critical records, roles and facilities/equipment/technology/suppliers that are essential for operations. This information would be used to analyze risk and inform business continuity strategies.

    Original Description:

    Business Impact Analysis

    Original Title

    BIA-Worksheet-Template

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides templates and guidelines for collecting information to conduct a Business Impact Analysis and risk assessment for a department. The templates include sections to identify the department's key activities, the potential impact of disruption to each activity, recovery time objectives, critical records, roles and facilities/equipment/technology/suppliers that are essential for operations. This information would be used to analyze risk and inform business continuity strategies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    484 views6 pages

    Business Impact Analysis (BIA) and Risk Assessment Data Gathering Worksheet

    Uploaded by

    Sokoine Hamad Denis
    The document provides templates and guidelines for collecting information to conduct a Business Impact Analysis and risk assessment for a department. The templates include sections to identify the department's key activities, the potential impact of disruption to each activity, recovery time objectives, critical records, roles and facilities/equipment/technology/suppliers that are essential for operations. This information would be used to analyze risk and inform business continuity strategies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 6

    Business Impact Analysis (BIA) and Risk Assessment Data Gathering Worksheet

    Background

    Department Name

    Department Owner
    (Director/Manager)
    P&S #1
    Products and Services Directly or P&S #2
    Indirectly Delivered by This P&S #3
    Department P&S #4
    P&S #5

    Department Overview

    The following table captures key department characteristics that may influence the assignment of recovery objectives and the selection of recovery strategies.

    Department Narrative Description

    Customers and Outputs (Internal or External) 

    Peak Operating Periods or Seasonality 

    Impact Analysis and Recovery Requirements

    The following table describes each department’s activity and the possible impact should it fail to operate.

    Proposed RTO
    Activity Description Impact of Downtime (Over Time)
    (hours/days)
    Financial:
    Regulatory, Legal
    and/or Contractual:
    Reputational:
    Operational:
    Health/Safety:
    Financial:
    Proposed RTO
    Activity Description Impact of Downtime (Over Time)
    (hours/days)
    Regulatory, Legal
    and/or Contractual:
    Reputational:
    Operational:
    Health/Safety:
    Financial:
    Regulatory, Legal
    and/or Contractual:
    Reputational:
    Operational:
    Health/Safety:

    Critical Records
    The following table summarizes the various informational needs necessary to operate – both electronic and hard-copy.

    Record / Data Name Description Location Backed Up? Offsite (if yes, list location)
    Yes
    No
    Partial

    Key Threats, Vulnerabilities and Risk Treatment Options

    The section of the BIA data gathering worksheet is used to “link” the department’s inputs to current-state business continuity risk mitigation efforts (controls),
    summarize alternate procedures and manual workarounds, estimate impact and likelihood of failure, and identify other possible risk treatments.

    Loss of Key Roles/Personnel


    The following table summarizes key roles and/or personnel in order to understand their importance and potential impact on department.

    Description
    Impact of Loss Probable Impact of Estimated Risk Treatment
    Role (Responsibilities Existing Controls
    Described Loss Likelihood of Loss Options
    and Activity)
    Catastrophic Certain
    Major Probable
    Description
    Impact of Loss Probable Impact of Estimated Risk Treatment
    Role (Responsibilities Existing Controls
    Described Loss Likelihood of Loss Options
    and Activity)
    Moderate Possible
    Minor Unlikely

    Loss of Key Facility or Equipment


    The following table summarizes the facilities used and equipment needed for the operation of this department.

    Risk Treatment
    Existing Controls,
    Options
    Recovery Strategies Impact of Loss Probable Impact of Estimated
    Facility / Equipment Description of Use (Alternate Sites,
    Alternate Described Loss Likelihood of Loss
    Contingent
    Procedures
    Sourcing, etc.)
    Catastrophic Certain
    Major Probable
    Moderate Possible
    Minor Unlikely

    Loss of Key Technology


    The following table summarizes the key technology (i.e. systems and applications) necessary for the operation of this department.

    Existing
    Technology Requested
    Controls Impact of Estimated
    Technology Source Description Probable Requested Data Loss Risk Treatment
    or Manual Loss Likelihood of
    Name (IT, 3rd of Use Impact of Loss RTO (hours) Tolerance Options
    Work Described Loss
    Party, etc.) (hours)
    Arounds
    Catastrophic Certain
    Major Probable
    Moderate Possible
    Minor Unlikely
    Loss of Key Supplies/Vendors
    The following table summarizes the key supplies or services provided to the department that are necessary to maintain operations.

    Existing Controls
    Estimated
    Description of (Safety Stock, Impact of Loss Probable Impact Risk Treatment
    Supply or Service Source(s) Likelihood of
    Use Alternate Described of Loss Options
    Loss
    Supplier, etc.)
    Catastrophic Certain
    Major Probable
    Moderate Possible
    Minor Unlikely

    Recovery Requirements

    The following tables summarize various resource requirements and when they are needed following the onset of a disruptive event.

    Staffing Resource Requirements


    The following table summarizes the quantities, work-from-home capabilities and recovery requirements for those key roles identified above.

    Total
    Normal Current Work From Week Week Week (needed
    Role < Day 1 Day 1 Day 2 Day 3 Day 4 Day 5
    Level Location Home* 2 3 4 by role for
    recovery)

    Equipment/Supply Requirements
    The following table summarized the quantities, offsite availability and recovery requirements for the key equipment and supplies identified above.
    Currently
    Normal
    Resource Available Off- < Day 1 Day 1 Day 2 Day 3 Day 4 Day 5 Week 2 Week 3 Week 4 Total
    Level
    Site?
    Yes
    No
    Ratings Definitions
    Estimated Likelihood

    Rating Name Description


    Certain: More than one failure per
    Failure is almost inevitable more than once annually.
    year
    Probable: Failure once every 1 or 2
    This process or similar processes have often failed at least once over a two year period.
    years
    Possible: Failure once every 3 to 5 This process or similar processes have experienced occasional failures, but not in major proportions (no more than
    years every three to five years).
    Unlikely: Failure once every 6 years
    Isolated failures associated with similar processes, often occurring once every six or more years.
    or more

    Probable Impact

    Rating Name Description


    Failure affects safety or involves noncompliance with customer or regulatory requirements. May endanger personnel.
    Catastrophic Most likely will result in serious disruption to customer operations and / or other operational, financial or reputation
    issues.
    High degree of customer dissatisfaction due to the nature of the failure. Failure does not involve safety or government
    Major regulation. May result in serious disruption to customer-facing operations and / or other operational, financial or
    reputation issues.
    Failure causes some customer dissatisfaction which may include discomfort or annoyance. Customer will notice
    Moderate
    performance issues and deterioration. The event may result in product or service delivery delay.
    Due to the nature of this failure, the customer experiences only slight annoyance. Customer will probably notice slight
    Minor deterioration of the process or system performance or a slight inconvenience with a subsequent process, i.e. minor
    rework.

    You might also like