Building A Business Impact Analysis (BIA) Process: A Hands-On Blueprint, by Barry Cardoza

BUILDING A BUSINESS IMPACT ANALYSIS (BIA) PROCESS:
A HANDS-ON BLUEPRINT
(includes CD)
by Barry Cardoza

This book leads you step-by-step through compiling a Business Impact Assessment (BIA),
the first step in a meaningful Business Continuity Plan. The BIA is not just about satisfying
requirements. Its most important goal is to provide your organization with a solid foundation
upon which you can build a comprehensive Business Continuity Plan that is team-driven,
flexible and useful.

The accompanying CD includes:
- flow chart of BIA considerations and action items;
- sample communications and forms; and,
- customizable examples of a spreadsheet approach and a database approach to data
collection and analysis.

- - - - - - - -

EXCERPT FROM AUTHOR'S INTRODUCTION

“This is the book that I wish I had when I was first told that I needed to do a company-wide
Business Impact Analysis (BIA). At that time, few regulatory guidelines referred to the BIA.
Those that did refer to the BIA did not specify what a BIA should contain, much less how to
go about putting one together. Few case studies had been published. Classes on the topic
were as rare as real estate bargains in Manhattan. What did become apparent was that (1)
the BIA would be something very different to each individual company, and (2) no best
practices had been established. The stakeholders (executive management, regulators, audit,
etc.) are probably the reason you are doing a BIA in the first place. If they are not happy with
the results of your BIA, you will not be happy either. However, the BIA is not just about
satisfying requirements. The most important goal of the BIA should be to provide your
company with a solid foundation of information upon which you can build a comprehensive
Business Continuity Plan.”

- - - - - - - -

TABLE OF CONTENTS

INTRODUCTION
ACKNOWLEDGMENTS
CONVENTIONS USED IN THIS BOOK
1. AN OVERVIEW OF THE BIA
2. GAINING EXECUTIVE SUPPORT
3. INCLUDE STAKEHOLDERS IN PLANNING PROCESS
4. SETTING THE GOALS
5. THE DELIVERABLE
6. DEFINITION OF CRITICAL IMPACT
7. TOPPLE THE SILOS WHEN MEASURING IMPACT
Regarding The Issue, “Most Critical”
Regarding The Issue, “Recovery Time Objective” (RTO)
8. IMPACT & RTO; ABOUT HOW MUCH OR WHEN?
9. UPSTREAM/DOWNSTREAM DEPENDENCIES
What We Mean By “Dependencies”
Critical Business Function Identification
Dependency Identification
10. BOTTOM-UP OR TOP-DOWN? – THE RIGHT APPROACH TO YOUR BIA
The Bottom-Up Philosophy
The Top-Down Philosophy
Critical Analytical Considerations
Bringing The Two Philosophies Together
Using Two Philosophies To Streamline The Process
Applying The Two Philosophies
A Caution Regarding Business Functions vs. Tasks
11. IT’S A PROCESS, NOT A PROJECT
12. DEFINING IMPACT CATEGORIES
13. THE DATA COLLECTION PHASE
Grouping The Data
Means of Collecting The Data
14. INCLUDING EVERY DEPARTMENT
Identifying All Departments
Handling Departments That Don’t Fit The Usual Model
15. ASKING THE RIGHT PEOPLE
16. ASKING THE RIGHT QUESTIONS IN THE RIGHT WAY
Set the Scope
Use Definitions
Use Precise Questions
Use Examples
Keep The Questions To A Minimum
Give Managers the Ability to Visualize the Questions
Predetermined Scale versus Numeric Input
17. DATA VALIDATION
18. IN-HOUSE OR OUTSOURCE, BUY OR BUILD?
19. BUYING A SYSTEM TO MANAGE THE PROCESS
20. BUILDING A SYSTEM TO MANAGE THE PROCESS
21. FINAL PREPARATION FOR THE BIA KICKOFF
22. KICKING OFF THE BIA
23. THE ANALYSIS PHASE
24. TO WEIGHT OR NOT TO WEIGHT (THE DATA)
Why You Might Want To Apply Weights To Impact
Why You Might NOT Want To Apply Weights To The Impact
25. THE HEART OF THE BIA; FIVE QUESTIONS
26. CHARTS AND GRAPHS; THE UNAVOIDABLE REQUEST
Who Will Ask?
Make Them Meaningful
Avoid Chart/Graph Pitfalls
27. VIEWING BIA (AND OTHER) DATA GEOGRAPHICALLY
28. REALITY CHECK; HAVE YOU MET THE GOALS?
29. CONTINUOUS PROCESS IMPROVEMENT
30. SO, WHERE DO YOU WANT TO GO FROM HERE?
GLOSSARY
APPENDICES
Appendix A – BUILDING A SYSTEM TO MANAGE THE PROCESS
Assumptions For Our Examples
Common Data Fields
Impact Category Data Fields
Appendix B – A SPREADSHEET APPROACH
A Spreadsheet For Collecting Data
A Spreadsheet For Analyzing Data
A Spreadsheet For Dependency Information
Appendix C – A RELATIONAL DATABASE APPROACH
General
Building The Database
Queries
Forms As Input Screens
Analytics
Reports
Importing Data, Using Database with Spreadsheets
Troubleshooting Data Import
Forms As Menus
Customizing The Database To Your Environment
Appendix D – CONTENTS OF THE ACCOMPANYING CD
Using the CD-ROM
File Types
Macintosh
Sub-Folders/Directories
Files Contained on the CD-ROM
Troubleshooting
Legal Notice
Questions or Feedback

- - - - - - - -

ABOUT THE AUTHOR

Barry Cardoza has more than 30 years experience in business management, business
process analysis, continuous process improvement, technology systems development, and
project management. His experience has been within a very diverse combination of
industries, including retail office supply and books, lawn and garden wholesale, and even
theatrical production. It also includes more than 17 years of experience within the banking
industry.

Barry currently is responsible for the international business continuity strategy, policy,
compliance, and program implementation for a large bank. Barry chairs the Bay Area
Response Coalition (BARC), which is a coalition of financial institutions seeking to work with
each other and the public sector toward increased crisis preparedness and response. He is
on the Steering Committee for a sister organization, the Southern California Financial
Institutions Recovery Coalition (SoCal FIRC) and an appointee to the Board of Directors of the
Business Resumption Managers Association (BRMA). He contributes articles to a number of
publications on a variety of technical and non-technical topics and is a frequent presenter at
both regional and national conferences.

- - - - - - - -
2006, 416 pages plus CD.
ISBN-10: 097271345X
ISBN-13: 978-0972713450
Order #DR822
- - - - - - - -