This document provides guidance on conducting a Business Impact Assessment (BIA) and developing a Business Continuity Plan. The BIA involves analyzing an organization's key functions, resources, dependencies, and vulnerabilities. This includes assessing people, premises, processes, providers, and the organization's profile. Considerations for increasing resilience are also outlined. The BIA then informs the creation of a Business Continuity Plan, which documents how key requirements identified in the BIA can be achieved, such as maintaining minimum staffing levels, alternative facilities, backup systems and data recovery procedures, contact details for alternative suppliers, and communications strategies.
This document provides guidance on conducting a Business Impact Assessment (BIA) and developing a Business Continuity Plan. The BIA involves analyzing an organization's key functions, resources, dependencies, and vulnerabilities. This includes assessing people, premises, processes, providers, and the organization's profile. Considerations for increasing resilience are also outlined. The BIA then informs the creation of a Business Continuity Plan, which documents how key requirements identified in the BIA can be achieved, such as maintaining minimum staffing levels, alternative facilities, backup systems and data recovery procedures, contact details for alternative suppliers, and communications strategies.
This document provides guidance on conducting a Business Impact Assessment (BIA) and developing a Business Continuity Plan. The BIA involves analyzing an organization's key functions, resources, dependencies, and vulnerabilities. This includes assessing people, premises, processes, providers, and the organization's profile. Considerations for increasing resilience are also outlined. The BIA then informs the creation of a Business Continuity Plan, which documents how key requirements identified in the BIA can be achieved, such as maintaining minimum staffing levels, alternative facilities, backup systems and data recovery procedures, contact details for alternative suppliers, and communications strategies.
1. List your organisations Key Functions in priority order.
Key Functions 1. 2. 3. 4. 5. 6. 2. Using the guidance set out below undertae a !usiness "#pact $nalysis o% your depart#ent& 'lling in your answers to the %ollowing (uestions on the blan !"$ )ro%or#a sheet under the rele*ant headings+ PEOPLE PREMISES PROCESSES PROVIDERS PROFILE Key Sta! ,hat sta- do you re(uire to carry out your ey %unctions. Bui"#in$s! ,hat locations do your depart#ents ey %unctions operate %ro#. /)ri#ary site& alternati*e pre#ises0 IT! ,hat "1 is essential to carry out your ey %unctions. Reci%&oca" A&&an$e'ents! 2o you ha*e any reciprocal agree#ents with other organisations. Re%utation! ,ho are your ey staeholders. S(i""s ) E*%e&tise ) T&ainin$! ,hat sills 3 le*el o% e4pertise is re(uired to undertae ey %unctions. Faci"ities! ,hat %acilities are essential to carry out your ey %unctions. Docu'entation! ,hat docu#entation 3 records are essential to carry out your ey %unctions& and how are these stored. Cont&acto&s ) E*te&na" P&o+i#e&s! 2o you tender ey ser*ices out to another organisation. "% so 5 to who# and %or what. Le$a" Consi#e&ations! ,hat are your legal& statutory and regulatory re(uire#ents. Mini'u' Sta,n$ Le+e"s! ,hat is the #ini#u# sta6ng le*el with which you could pro*ide so#e sort o% ser*ice. E-ui%'ent ) Resou&ces! ,hat e(uip#ent 3 resources are re(uired to carry out your ey %unctions. Syste's . Co''unications ,hat syste#s and #eans o% co##unication are re(uired to carry out your ey %unctions. Su%%"ie&s! ,ho are your priority suppliers and who# do you depend on to undertae your ey %unctions. Vu"ne&a/"e 0&ou%s! ,hich *ulnerable groups #ight be a-ected i% your organisation %ails to carry out ey %unctions. BIA PROFORMA FOR 1OUR DEPARTMENT (Function222222222222222233223) PEOPLE PREMISES PROCESSES PROVIDERS PROFILE Key Sta! Bui"#in$s! IT! Reci%&oca" A&&an$e'ents! Re%utation! S(i""s ) E*%e&tise ) T&ainin$! Faci"ities! Docu'entation! Cont&acto&s ) E*te&na" P&o+i#e&s!
Le$a" Consi#e&ations! Mini'u' Sta,n$ Le+e"s! 4o&(stations! Syste's . Co''unications Su%%"ie&s! Vu"ne&a/"e 0&ou%s! CONSIDERATIONS FOR INCREASIN0 1OUR OR0ANISATION5S RESILIENCE PEOPLE PREMISES PROCESSES PROVIDERS PROFILE Key Sta! 7an sta- be contacted out o% hours. 7ould e4tra capacity be built into your sta6ng to assist you in coping during an incident.
Bui"#in$s! 7ould you operate %ro# #ore than one pre#ise. 7ould you relocate operations in the e*ent o% a pre#ise being lost or i% access to IT! "s data baced5up and are bac5ups ept o- site. 2o you ha*e any disaster reco*ery arrange#ents in place. Reci%&oca" A&&an$e'ents! 2o you ha*e agree#ents with other organisations regarding sta6ng& use o% %acilities in the e*ent o% an incident. Re%utationa" Da'a$e! 8ow could reputational da#age to your organisation be reduced. 8ow could you pro*ide in%or#ation to sta- and staeholders in an S(i""s ) E*%e&tise ) T&ainin$! 7ould sta- be trained in other roles. 7ould other #e#bers o% sta- undertae other non5specialist roles& in the e*ent o% an incident. Faci"ities! $re any o% your %acilities #ulti5purpose. $re alternati*e %acilities a*ailable in the e*ent o% an incident. Docu'entation! "s essential docu#entation stored securely /e.g. 're proo% sa%e& baced5up0. 2o you eep copies o% essential docu#entation elsewhere. Cont&acto&s ) E*te&na" P&o+i#e&s! 2o you now o% alternati*e contractors or are you reliant on a single contractor. 2o your contractors ha*e contingency plans in place. 7ould contractors be contacted in the e*ent o% an incident. Le$a" Consi#e&ations! 2o you ha*e syste#s to log decisions9 actions9 and costs& in the e*ent o% an incident. Mini'u' Sta,n$ Le+e"s! ,hat is the #ini#al sta6ng le*el re(uired to continue to deli*er your ey %unctions at an acceptable le*el. ,hat #easures could be taen to #ini#ise E-ui%'ent ) Resou&ces! 7ould alternati*e e(uip#ent 3 resources be ac(uired in the e*ent o% an incident 3 disruption. 7ould ey e(uip#ent be replicated or do #anual Syste's . Co''unications! $re your syste#s :e4ible. 2o you ha*e alternati*e syste#s in place /#anual processes0. ,hat alternati*e #eans Su%%"ie&s! 2o you now o% suitable alternati*e suppliers. 7ould ey suppliers be contacted in an e#ergency. Vu"ne&a/"e 0&ou%s! 8ow could *ulnerable groups be contacted 3 acco##odated in the e*ent o% an incident. USIN0 BUSINESS IMPACT ANAL1SIS TO BUILD A PLAN !"$ "denti'es your re(uire#ents %or continuing your ey %unctions !usiness 7ontinuity )lan 2ocu#ents how your re(uire#ents identi'ed in the !"$ can be achie*ed PEOPLE o Key ;ta- o Key ;ills o <4pertise 3 co#petence re(uired o =ini#u# sta6ng le*els re(uired to continue 3 reco*er ey %unctions o >oti'cation 3 in*ocation procedure 3 protocol o =anage#ent structure %or dealing with an incident o "n%or#ation and ad*ice to sta- /response procedures0 o Key sta- 3 contact list /including out o% hours details0 o =ulti sill training in ey areas o ?eciprocal $rrange#ents to co*er sta- short %alls o 8o#e woring o ;ta- wel%are issues PREMISE S o Key %acilities o Key <(uip#ent o Key ?esources o ;pecialist <(uip#ent o ;ecurity 3 restrictions o $lternati*e sites o $lternati*e %acilities o Loss 3 da#age assess#ent o ;ite security o ?elocation arrange#ents 3 protocol o "n*entories o% e(uip#ent3 resources and details o% how to reco*er these o ;al*age& site clearance and cleaning arrange#ents PROCES SES o Key processes o 7ritical periods o Key "1 syste#s 3 applications o Key docu#entation 3 data o ?ecord eeping re(uire#ents o Key co##unication re(uire#ents o $ction cards %or reco*ery o% ey processes o 7heclists o 7opies 3 !ac5ups 3 sa%e storage /reco*ery procedure0 o 7ontingency procure#ent arrange#ents o 2ocu#ented #anual procedures o 2ata reco*ery procedures PROVIDE RS o Key dependencies /supply and receipt0 o Key suppliers o Key contractors 3 ser*ice pro*iders 3 suppliers o ?eciprocal arrange#ents in place with other organisations o 7ontact details %or ey pro*iders 3 contractors 3 suppliers 3 support ser*ices o $lternati*e suppliers /re(uired %or ey %unctions0 o $lternati*e pro*iders /re(uired %or ey %unctions0 o $lternati*e contractors /re(uired %or ey %unctions0 o ?esilience capability o% suppliers 3 pro*ider 3 contractors to business disruption o 1hird party business continuity arrange#ents PROFILE o Key staeholders o Legal 3 statutory 3 regulatory re(uire#ents o @ulnerable groups o 7o##unication strategy 3 plan 3 procedures o ;taeholder liaison /regulator& clients& unions0 o =edia liaison o )ublic in%or#ation 3 ad*ice o >oti'cation o% at ris groups 3 alternati*e care arrange#ents