1 PURPOSE

Business Impact Analysis

Business Impact Analysis

  1. To identify the critical business functions and processes within each Business Unit.
  2. To analyse the potential impact of a disaster to a Department or Business Unit.
  3. To provide information to recover critical business functions in the most cost-effective manner.
  4. To establish and maintain a process which ensures compliance with legal and regulatory requirements at all times.

2 SCOPE

  1. These procedures are applied to the Organization for the conduct of the Business Impact Analysis (BIA) phase.
  2. These procedures are applied to the Organization BCM Coordinator and Business Unit BCM Coordinators. Other staff should include business, technology and financial experts.
  3. The criticality of the CBF is based on the requirement by the management of BCM Institute to support its core business; namely
    • Ability to service customers in critical business transactions
    • Ability to register new businesses
    • Ability to submit important/time-sensitive reports to management
    • In the event of a disaster, the quality of the above services may degenerate but should continue to be available to BCM Institute’s customer.

3 RESPONSIBILITY

  1. It is the Organization BCM Coordinator’s responsibility to identify the critical business functions and do up a planning regarding how the organisation should go about recovering these critical functions in the most cost-effective manner.
  2. It is the BCM Steering Committee’s responsibility to:
    • Review the consolidated findings and recommendations of business impact analysis efforts based on MBCO and disruption
    • Identify and prioritise the critical business functions of the organisation
    • Establish and approve the recovery priority of these CBFs in conjunction with the allocation of resources needed to operate these functions

4 PROCEDURE

4.1 Identification of critical business function

(Part 1 of BIA Questionnaire/Template)

  1. List CBFs: List the critical business functions which must be carried out to continue your key business transactions.
  2. Priority for analysing the impact of risk on CBFs is based on:
    • Compliance with legal and regulatory requirements
    • Employment Act – Ministry of Manpower
    • Singapore Statutes Online – 354A – Workplace Safety and Health Act
    • Financial position/Potential loss impact (direct and indirect) to BCM Institute
    • Political/Marketing standing
    • Potential impact on BCM Institute’s reputation
    • Quality concerns
    • Inter-dependencies by other CBF
    • Support roles of BCM Institute’s CBF during a crisis
    • Environmental impact
    • Social responsibility
  3. Critical business functions of the organisation is identified by the following process:
    Draw up a list of criteria based on the MBCO
    Assess each critical business function submitted by the various business units using the list of criteria and probable disasters
    Identify the CBFs of the organisation based on the assessment
  4. Name of Function: Give a name or identifier to the function of up to 3 words. This will be used later to identify the function.
  5. Description of Function: Give a one line description for each function listed. Please start each description with a verb.
  6. Impact on Business: Identify if the impact is “soft” or “hard”. If it is “hard” impact, quantify the losses e.g. Loss of Revenue. If it is “soft”, quantify the potential loss e.g. opportunities, penalties, goodwill and reputational. For each disaster scenario, the individual business unit should draw up the corresponding impacts on its CBFs. These impacts can be obtained by examining the following generic categories:
    • Potential impact due to non-compliance with external requirements and restrictions
    • Potential impact due to non-compliance with organisational policies
    • Probable backlogs and resources needed to clear them
    • CBFs which are disrupted
    • Potential impact due to concentration of critical staff, information or production assets at a particular location
    • Quantification: The quantified amount to be in Singapore dollars (or local currencies) and it is for one week.

4.2 Timeliness of critical business functions: (Part 2 of BIA Questionnaire/Template)

  1. Normal timescale: For the same critical business functions, state the timescale within which each function has to be carried out with normal support and resources
  2. Crisis timescale: If the function can be carried out in a slower time, possibly by different means in a crisis, state the timescale.
  3. Function especially critical during Estimate the time frame, if any, within which the function’s performance is especially critical e.g. during a particular day of the week, week of the month, or month of the year.
  4. Priority for resuming critical business functions: The priority for resuming CBFs is based on the following:
  • Potential loss impact if the CBF is not recovered on time
  • Parallels and interdependencies between business process supporting the various CBFs
  • Recovery time requirements of each CBF

4.4 Inter-dependencies: (Part 4 of BIA Questionnaire/Template)

  1. The dependencies are based on a non-crisis scenario. The operations and processes to support each CBF are identified using the following metrics:
    • Dependencies on external parties
    • Inter-department parallels and dependencies
    • Intra-department parallels and dependencies
    • Parallels and interdependencies between business processes
  2. Write the source and target business units according to the following:
    • Source Dept/Unit: To perform critical functions, I depend on this other (target) department to function normally.
    • Target Dept/Unit: Source Dept/Unit = This other (target) department needs me to function normally if it is to perform its critical functions.

4.5 Vital Records: (Part 5 of BIA Questionnaire/Template)

  1. Records includes original document, unique document, reference manuals, operating procedure manuals, files, contracts, reference material, data.

5 DEFINITIONS

  1. Business Impact Analysis (BIA)
  2. Organization BCM Coordinator
  3. Business Unit BCM Coordinator
  4. Business Impact Analysis Questionnaires (BIAQ)

6 RELATED DOCUMENT

  1. Nil

7 RECORDS

  1. BCM Institute’s Business Continuity Management (BCM) applies to the business and support units, mainly:
  • BIT: Business and IT
  • CE: Certification and Examination
  • FIN: Finance (out of scope for Certification Audit)
  • HRA: HR/Admin
  • PA: Programme Administration
  • SA: Sales

8 APPENDICES

  1. Please refer to BIA Template in BIA Report.

http://www.gmhasia.com/bcm-manual/bcminstitute/wiki/BCM_Procedure:Business_Impact_Analysis