implementing business impact analysis according to iso 22301 · the implementation steps for...
TRANSCRIPT
Implementing business impact analysis according to
ISO 22301
Presenter: Dejan Kosutic
©2017 27001Academy www.advisera.com/27001academy
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions – they will be addressed throughout the session
• Raise your hand
GoToWebinar Control Panel
2
©2017 27001Academy www.advisera.com/27001academy 3
The implementation steps for business impact analysis (BIA) according to ISO 22301
If you’re planning to start the BIA…
… to succeed, you need to understand the significance of the BIA, and learn what is acceptable according to the standard
©2017 27001Academy www.advisera.com/27001academy 4
Business impact analysis is the key step for your BCM – do it right and you‘ll solve 50% of your business
continuity
©2017 27001Academy www.advisera.com/27001academy
Agenda
5
• Terminology
• BIA in the BCM process
• Steps in the BIA
• Determining MAO, RTO and RPO
• Biggest challenges with BIA implementation
©2017 27001Academy www.advisera.com/27001academy
Terminology
6
• MTPD – Maximum Tolerable Period of Disruption
• MAO – Maximum Acceptable Outage
• RTO – Recovery Time Objective
• RPO – Recovery Point Objective
• Maximum Data Loss
©2017 27001Academy www.advisera.com/27001academy
BIA in the BCM process
7
AnalysisBCM Policy
Business impact
analysis
BCM Strategy
BC Plans
Risk assess-
ment
©2017 27001Academy www.advisera.com/27001academy
Steps in the BIA…
8
Your TextAnalyze and assess
Your TextMandatory procedures
Your TextDefining the BIA methodology
Your TextCollecting the data
Your TextCalculating MAO/RTO/RPO
©2017 27001Academy www.advisera.com/27001academy
…Steps in the BIA
9
Your TextMandatory procedures
Your TextWriting the report (optional)
Your TextIncorporating the results in
BC strategy
©2017 27001Academy www.advisera.com/27001academy
Determining the MAO and RTO
10
©2017 27001Academy www.advisera.com/27001academy
Determining the RPO
11
©2017 27001Academy www.advisera.com/27001academy
Biggest challenges with the BIA
12
• Determine the best way to estimate the RTO and MTPD
• Management buy-in for the whole BC lifecycle & funding
• How to ensure that the responses are valid and are not either overstating or understating the impact
• People don’t grasp RTO & MTPD• What items and activities to be included in
the BIA
©2017 27001Academy www.advisera.com/27001academy
Conclusion
13
Don’t underestimate the BIA –without this kind of analysis your
business continuity would be based on wrong foundations
Q & A
Dejan Kosutic