a. BIA data collection
methodologies
(1) Finalize an appropriate
data collection method (e.g., questionnaires, interviews, workshop, or an
agreed combination)
(i) Understand the
need for appropriate design and distribution of questionnaires, including
explanation of purpose, to participating departmental managers and staff
(ii) Understand the role of
and manage project kick-off meetings to distribute and explain the
questionnaire
(iii) Understand the role of and
support respondents during completion of questionnaires
(iv) Review completed
questionnaires and identify those requiring follow-up interviews
(v) Conduct follow-up
discussions when clarification and/or additional data is required
(i) Understand the
need for consistency, with the structure of each interview predefined and
following a common format
(ii) Ensure the base data to
be collected at each interview is predefined
(iii) Understand the need for
initial interview to be reviewed and verified by the interviewee
(iv) Schedule follow-up
interviews, if initial analysis shows a need to clarify and/or add to the data
already provided
(i) Understand the
need for and establish a clear agenda and set of objectives
(ii) Identify the
appropriate level of participating management and obtain agreement
(iii) Choose appropriate venue,
evaluating location, facilities, and staff availability
(v) Ensure workshop
objectives are met
(vi) Ensure all issues outstanding
at the end of the workshop are identified and responsibility for their
resolution agreed upon
(2) Recommend and obtain
agreement as to how potential financial and non-financial impact can be
quantified and evaluated
(3) Identify and obtain
agreement on requirements for non-quantifiable impact information and gain
agreement
(4) Develop questionnaire
(if used) and completion instructions
(5) Determine data analysis
methods (manual or computer)
(1) Prepare draft BIA report
containing initial impact findings and issues
(2) Issue draft report to
participating managers and request feedback
(3) Review manager feedback
and, where appropriate, revise findings accordingly or add to outstanding
issues
(4) Schedule a workshop or
meeting with participating manager(s) to discuss initial findings, when
necessary
(5) Ensure original findings
are updated to reflect changes arising from these meetings
(6) Prepare final BIA report
according to organization
(7) Prepare and undertake
formal presentation of BIA findings to peers and executive bodies
Note:
No standards exist for the format or distribution of BIA reports, so these
reports will vary between organizations.
4.
Define Criticality of Business Functions and Records, and Prioritize
a. Establish
definition of criticality, and negotiate with management either single or
multiple levels of criticality
(1) Business functions
(2) Support functions
c. Identify and
prioritize vital records to support business continuity and business
restoration
5.
Determine Recovery Timeframes and Minimum Resource
Requirements
a. Determine recovery
windows for critical business functions based on
level
of criticality
b. Determine the order
of recovery for critical business functions, and support functions and systems
based on parallel and interdependent activities
c. Determine
minimum resource requirements for recovery and resumption of critical functions
and support systems
(2) Owned versus non-owned
resources
(3) Existing resources and
additional resources required
6.
Identify and Prioritize Business Processes
a. Interdependencies
between the business processes
b. Process and
technology dependencies
(1) Intradepartment
(2) Interdepartment
(3)
External relationships
7.
Determine Replacement Times
b. Key personnel