Implementing business impact analysis according to

ISO 22301

Presenter: Dejan Kosutic

©2017 27001Academy www.advisera.com/27001academy

• Open and close your Panel

• View, Select, and Test your audio

• Submit text questions – they will be addressed throughout the session

• Raise your hand

GoToWebinar Control Panel

2

©2017 27001Academy www.advisera.com/27001academy 3

The implementation steps for business impact analysis (BIA) according to ISO 22301

If you’re planning to start the BIA…

… to succeed, you need to understand the significance of the BIA, and learn what is acceptable according to the standard

©2017 27001Academy www.advisera.com/27001academy 4

Business impact analysis is the key step for your BCM – do it right and you‘ll solve 50% of your business

continuity

©2017 27001Academy www.advisera.com/27001academy

Agenda

5

• Terminology

• BIA in the BCM process

• Steps in the BIA

• Determining MAO, RTO and RPO

• Biggest challenges with BIA implementation

©2017 27001Academy www.advisera.com/27001academy

Terminology

6

• MTPD – Maximum Tolerable Period of Disruption

• MAO – Maximum Acceptable Outage

• RTO – Recovery Time Objective

• RPO – Recovery Point Objective

• Maximum Data Loss

©2017 27001Academy www.advisera.com/27001academy

BIA in the BCM process

7

AnalysisBCM Policy

Business impact

analysis

BCM Strategy

BC Plans

Risk assess-

ment

©2017 27001Academy www.advisera.com/27001academy

Steps in the BIA…

8

Your TextAnalyze and assess

Your TextMandatory procedures

Your TextDefining the BIA methodology

Your TextCollecting the data

Your TextCalculating MAO/RTO/RPO

©2017 27001Academy www.advisera.com/27001academy

…Steps in the BIA

9

Your TextMandatory procedures

Your TextWriting the report (optional)

Your TextIncorporating the results in

BC strategy

©2017 27001Academy www.advisera.com/27001academy

Determining the MAO and RTO

10

©2017 27001Academy www.advisera.com/27001academy

Determining the RPO

11

©2017 27001Academy www.advisera.com/27001academy

Biggest challenges with the BIA

12

• Determine the best way to estimate the RTO and MTPD

• Management buy-in for the whole BC lifecycle & funding

• How to ensure that the responses are valid and are not either overstating or understating the impact

• People don’t grasp RTO & MTPD• What items and activities to be included in

the BIA

©2017 27001Academy www.advisera.com/27001academy

Conclusion

13

Don’t underestimate the BIA –without this kind of analysis your

business continuity would be based on wrong foundations

Q & A

Dejan Kosutic

www.advisera.com/27001academy/webinars

Thank you!