Methods for establishing component priorities, including business functions and processes
A business impact analysis needs to include a list of the main business areas in the organization. To establish the priorities the list needs to be prepared in order of importance (Rittinghouse and Ransome, 2011). The business areas include accounting, customer service handling, finance, and treasury, human resources, information technology, production process, marketing and public relations and maintenance. Additionally, for each of the areas listed above a brief description of the business processes and their dependence on information technology needs to be included. Further, the communication involved, key personnel and any other relevant information needs to also be included.
Methods for establishing component priorities, including BIA scenarios and components
Methods for establishing component priorities, including financial and service impact of components not being available
The absence of certain business functions and process may have significant financial impact on the organization. According to Barnes and Barnes (2004), the unavailability of a business function may cause a loss in data and communication throughout the organization and this may result in the organization stopping its operations. An effective method for determining the financial and service impact of a component not being available is by using a form of critical rating. Once the business processes are rated, they are sorted in order of their criticality. Once this is done, the business processes are sorted on the level of dependencies. This will help establish the impact that of the absence of a business process (Snedaker, 2011).
Methods for establishing component priorities, including recovery time frameworks
This will entail establishing the criticality level for each business process and functions. Once the recovery criticality is established, the relative priority for each component is compared against others that have the same contingency resources. The establishment of priority levels helps to align the contingency resources with the critical business functions and process (Gantz and Philpott, 2012).
Methods for determining component reliance and dependencies, including component dependencies
Determination of component reliance and dependencies is achieved through using business impact analysis of data points (Snedaker, 2011). Each data point is analyzed and its dependency on information technology noted. For instance, a data point can include desktops, laptops, and workstations. In this case, the information technology dependency may involve the configuration data required for this computer equipment. Another data point that may be considered is reporting. According to Snedaker (2011), the information technology dependency may include how to generate the reports in case the business function was disabled.
Methods for determining component reliance and dependencies, including resources required to recover component in the event of failure
One of the key resources required to recover component in the event of failure is having a contingency budget. Such a budget can be effective in managing the expenses in the organization, provide for employee overtime and can be used to service information technology systems when they fail.
Methods for determining component reliance and dependencies, including human assets needed to recover components
Business functions and processes will depend on one or several assets to operate. For example, reports need to be printed, thus printers will be required in the organization. Additionally, personnel in the organization also are classified as assets. Personnel form the most critical assets. In an organization, there are the replaceable personnel and those who cannot be easily replaced. The organization needs to be aware of the critical personnel whose absence may make the organization would suffer. Based on the information concerning critical personnel, the organization can be able to establish critical paths, which they can use to redistribute duties to other personnel.
Recommendations
Huge amounts of data are used in organizations. Thus, it becomes very important to use a scenario approach in prioritizing process. This is because a scenario approach helps to focus more on the final result easily. Furthermore, it is vital for the organization to have a clear understanding of how the different data collected affects information technology and operations of the organization. This will be essential in developing a solid business impact analysis. Additionally, it becomes important not to inform personnel of the replaceable and non-replaceable personnel as this may derail effective implementation of the business impact analysis.
References
Barnes, J. C., & Barnes, D. (2004). Business continuity and HIPAA business continuity management in the health care environment (2nd Ed.). Brookfield, Conn.: Rothstein Associates.
Gantz, S. D., & Philpott, D. R. (2012). FISMA and the Risk Management Framework the New Practice of Federal Cyber Security. Burlington: Elsevier Science.
Rittinghouse, J. W., & Ransome, J. F. (2011). Business continuity and disaster recovery for InfoSec managers. Amsterdam: Elsevier Digital Press.
Snedaker, S. (2011). Business continuity & disaster recovery for IT professionals. Burlington, MA: Syngress.