activity-based business impact analysis (bia): better data, better plans
Post on 25-May-2015
268 Views
Preview:
DESCRIPTION
TRANSCRIPT
Activity-Based BIA: Better Data, Better Plans
Presented by:
Sean Murphy, Lootok Michael Chaly, Lootok
October 16, 2013
Agenda
Who are we? (10 min)
What is the process for an activity-based BIA? (10 min)
How do we build a critical path? (20 min)
What are some other activities we can use to do a BIA? (10 min)
Questions?
How do we identify dependencies? (10 min)
Lootok is the Hopi word for “The Day After Tomorrow.”
We are change agents
for business continuity and crisis management.
Who is Lootok?
Branding for BCM Programs
Cognitive Learning Techniques
Activity-Based Approach
We do business continuity . differently
Does making it interesting make a difference?
20% of what we hear
10% of what we
read
30% of what we see
50% of what we hear & see
70% of what we say or write
90% of what we do or interact with
We remember�
Activities help us anchor new concepts.
Adoption and awareness are key to sustaining a BCM program.
Lootok Demand Model
Unaware
Draftee
Enlisted
Loyalist
Evangelist
• Lack of awareness • Lack of interest • Lack of time • Lack of perceived value • Lack of support
• Interest • Incentive • Desire for success • Consequence • Desire to belong
What is your objective for the BIA?
OR
Agenda
Who are we? (10 min)
What is the process for an activity-based BIA? (10 min)
How do we build a critical path? (20 min)
What are some other activities we can use to do a BIA? (10 min)
How do we identify dependencies? (10 min)
Questions?
r
Playing
Hooky
Objective:
Identify resources
for recovering
critical processes
Annoying
A real headache
Very hard to do without
Agenda
Who are we? (10 min)
What is the process for an activity-based BIA? (10 min)
How do we build a critical path? (20 min)
What are some other activities we can use to do a BIA? (10 min)
How do we identify dependencies? (10 min)
Questions?
Work with the client
project manager to customize
the BIA template
Validation workshop to verify
results and make
decisions for moving
forward
Kickoff Workshop to collect
initial data and engage
team
Follow-up sessions
with department
leaders
Analyze data and deliver reports
An Activity-Based BIA Process
1 2 3 4 5
1
Visually appealing fliers and invites differentiate your program from other initiatives. These help reinforce the impact and consistency of your business continuity program’s brand, while giving participants information in a concise, digestible format.
Fliers, Invites and GuidesLike everything else in life, BCM needs to be publicized as a brand in order for people to pay attention to it. Creating a unique brand identity for BCM at your company brings personality to business continuity and presents the program as an opportunity for personal and organizational empowerment.
Branding, Certificates and SwagLootok’s Demand Model addresses the need to continually build upon the excitement and engagement of thoseemployees who begin to understand the importance of BCM. Continuing to build on demand prevents employees from falling back to a baseline of understanding or losing their interest by never taking their knowledge to the next level.
Demand Model
Work with the client
project manager to customize
the BIA template
Set the foundation.
SCENARIO 1: WEATHER BOMB
A wet low-pressure system from the Gulf has collided with a cold low-pressure system from Canada, creating a rare “weather bomb” over Detroit. 22 inches of snow combined with hurricane-force winds have shut down the city with power outages in several areas. Streets are blocked with snowdrifts as high as 15 feet. The event has occurred outside of the blizzard season and the city is unprepared to respond.
SCENARIO 2: RIOTS
A new city budget has stopped funding for critical social services that many residents depend on. An organized protest turned violent when a gang altercation erupted among protestors. Riot police have been called in to address looting and arson, and all citizens and businesses are advised to stay clear of the downtown area.
In teams, participants are tasked with identifying the top three company assets to either attack to bring maximum disruption to the company or defend to offer maximum security to the company. In doing so, the group identifies its most critical assets, what is likely to disrupt those assets, and potential ways to protect them from disruption.
Attackers & DefendersDue to the many variables of a crisis, a plan can only be seen as a starting point. That is why it is critical for team members to have a strong understanding of “who’s in charge” in different crisis scenarios. This executive-level activity helps to formalize an organization’s crisis management structure.
Who’s in Charge
Who’s in Charge Server Failure
Rapid fire scenarios push participants to think creatively about multiple types of situations that may require business recovery, emergency response and/or crisis management. Following each scenario, team members are challenged to make quick decisions, helping to validate plans and policies or build them where they don’t exist.
Rapid Fire Scenarios
2 Kickoff
Workshop to collect
initial data and
engage team
Create the context.
This forced prioritization exercise guides development of the critical path, a vital tool for working in a disrupted environment with limited time and resources. By evaluating business processes and defining recovery strategies, participants focus recovery efforts to ensure proper resources are available when an incident hits.
Critical Path Activity
4 hrs
x
12 hrs
12 hrs
24 hrs
24 hrs
24 hrs4 hrsx
xx
8 hrs
x
x
The Impact Matrix Activity is designed to capture the potential impact caused by loss of any resource used to manufacture and supply customers with the company’s top products or services. As teams are guided to identify critical resources, they create a visual representation of the impact that a disruption to those resources would have on operations.
Impact Matrix Activity
3 9
Playing Hooky is an activity that challenges participants to answer the question, “How bad would it be if a process or business partner was not available?”
Playing Hooky
3 Follow-up sessions
with department
leaders
Build consensus.
Lootok can work with your organization to define or develop the template for the BIA Report. The report will include the business functions, the criticality and impact assessments and the maximum tolerable downtime (MTD) assessment for each. Dependencies, both internal and external, will be noted - along with any issues to be resolved.
BIA ReportOnce there has been a comfort level established around the impact analysis, Lootok facilitates the closing meeting with key stakeholders in a closing meeting. During this session, the group determines results from the BIA and agrees upon next steps.
Closing MeetingIn order to produce a high-quality BIA, Lootok compiles relevant data from executive and functional workshops, conducts any validation that may be required, and examines any abnormalities or red flags in data to obtain a better understanding of results.
Data Validation Sessions
Analyze data and deliver reports 4
Validation workshop to verify results
and make decisions for
moving forward
5
Compile and review findings.
Agenda
Who are we? (10 min)
What is the process for an activity-based BIA? (10 min)
How do we build a critical path? (20 min)
What are some other activities we can use to do a BIA? (10 min)
How do we identify dependencies? (10 min)
Questions?
r
Critical Path
Activity
Objective:
Examine and
agree upon critical
process RTOs
Agenda
Who are we? (5 min)
What is the process for an activity-based BIA? (10 min)
How do we build a critical path? (20 min)
What are some other activities we can use to do a BIA? (10 min)
Questions? (5 min)
How do we identify dependencies? (10 min)
r
Attackers &
Defenders
Objective:
Identify key
company assets
and vulnerabilities
How might you attack or defend your own organization?
Align teams in their perception of the top assets and threats.
r
Fire in the
Warehouse
Objective:
Prioritize products
and services to focus
planning efforts
Agenda
Who are we? (10 min)
What is the process for an activity-based BIA? (10 min)
How do we build a critical path? (20 min)
What are some other activities we can use to do a BIA? (10 min)
Questions?
How do we identify dependencies? (10 min)
Raychel Oshea-Patino Business Continuity Manager, PVH
228 Park Avenue South #25440 New York, NY 10003
www.lootok.com [e] hello@lootok.com
[p] 646.961.3684
Sean Murphy CEO & President
Questions?
Michael Chaly BCM Advisor
top related