EVALUATING YOUR BIA RESULTS - Michael Herrera, CEO MHA Consulting / June 9, 2021
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
EVALUATING YOUR BIA RESULTS
Michael Herrera, CEO
MHA Consulting / June 9, 2021
Company Background
KEY FACTS
20 20 CAPABLE GLOBAL SAAS
Years in Average years Comprehensive Diverse, global Compliance and
operation. industry suite of services. client base. risk tools.
experience.
SENIOR LEADERSHIP
A 20-year proven track A simple mission: Ensure We seek to partner with SaaS Tools: BIA On-
record of applying industry the continuous operations clients who have a Demand, BCM One, Michael A. Herrera, CBCP
standards and best of our clients’ critical commitment to BCM versus Compliance Confidence, Chief Executive Officer
Phoenix, Arizona
practices across a diverse processes. a check the box mentality. Residual Risk. www.mha-it.com
pedigree of clients. www.bcmmetrics.com
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 2
Unique or Competitive Advantage
Services & Technology Education Healthcare Financial Institutions
Consumer Products Insurance Travel & Entertainment Government/Utility
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 3
Robust Suite of Services
ASSESS CURRENT CONTINUITY RESPONSE & EXERCISES CONTINUOUS
ENVIRONMENT STRATEGIES & RECOVERY PLANS IMPROVEMENT
SOLUTIONS
• Current State • Business Continuity • Crisis Management • Mock Disaster • On-going Training &
Strategies & Solutions Exercises Awareness Programs
• Policy & Standards • Business Recovery
• IT Services Continuity • Plan Functional • Post-Exercise
• Business Impact • IT Disaster Recovery
Strategies & Solutions Walkthroughs Improvement Programs
Analysis
• Supply Chain • Supply Chain • Alternate Worksite • Refresh Current State
• Threat & Risk Recovery
Continuity Strategies Exercises Assessment
Assessment
& Solutions
• Component, Full and • Update BIAs & Threat
Business Process Assessment
Failovers
• Third Party Assessments
• Coordinated Third
Party Exercises • Monitor & Measure
Resilience Improvement
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 4
Evaluating Your BIA Results
Agenda
Abstract
The importance of a sound methodology
Establishing a strong cross-functional team In talking about doing BIAs, it’s common to focus on the
technical aspects of the task and the issue of
collaborating effectively with department heads.
How to review the results as you go
Frequently overlooked is the challenge of presenting
your BIA findings to management and getting that all-
Preparing for the management presentation
important approval that allows you to proceed with
implementation.
Aligning with Information Technology
Today we’ll take closer look at how to evaluate your BIA
results to maximize results and ensure management
support.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 5
Reviewing The Results
01 Has basic BUSINESS UNIT INFORMATION (e.g., name, address, peak times) been fully
captured?
Is the list of BUSINESS UNIT PROCESSES complete and relevant? Are they
02 processes, not tasks?
Is the LIST OF SYSTEMS/APPLICATIONS business processes depend on complete?
03 Has anything been missed (third party, reliance, RPO, workaround)?
Is the naming convention clean, correct and aligned with Information Technology?
Are IMPACTS (quantitative or qualitative) of functions/processes not being performed
04 over a period of time (hours, days, etc.) reasonable?
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 6
Reviewing The Results
01 Are DEPENDENCIES (internal, external) complete?
Has a complete list of SERVICE LEVELS and REGULATORY or LEGAL
02 REQUIREMENTS been identified by process?
03 Are MANUAL WORKAROUNDS identified by process if available?
04 Have VITAL RECORDS for each process been properly identified?
Do CALCULATED RTOs AND RPOs make sense based on the nature
05 of the business unit and align with the mission of the organization?
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 7
Finalizing The Review
REVISE the results based on Have the business unit manager Now the results are ready to
your review of each SIGN OFF on the revised results be reviewed by your BIA
participating area. of their BIA study. validation team.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 8
Factors Influencing The RTO
Quantitative Strategic to Ability to
Impact Company Mission Recover
01 02 03 04 05 06
Qualitative Cost to Management
Impact Recover Says So!
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 9For Each Process, Identify Anything Else
That Could Impact The Business Processes
Mergers & acquisitions 01 04 Closure of facilities, etc.
New computer systems 02 03 Threats and risks that need to be
coming online addressed (e.g., no data backup)
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 10Factors Influencing The RPO
01 02 03
Legal and regulatory Supports critical Lack of manual
requirements functions workarounds
06 05 04
Data strategic to Synchronization Volume of
company initiatives complexity data
07 08 09
Cost to backup Ability to restore Management says so!
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 11The BIA Validation
PROCESS RTOS - Do SYSTEM RTOS - Do IDENTIFY and RESOLVE ADDRESS the next FORMALIZE the
the RTOs for the the RTOs for the issues in alignment of steps in the planning proccess and systems
business processes systems align with the processes and systems process including RTOs and RPOs.
align with the mission process RTOs of the RTOs with the mission alignment of systems
of the organization? organization? of the organization. and application RTOs
with Information
Technology.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 12The Perfect World
IMPACT & DOLLARS
Business Impact
Optimum Recovery Strategy
COST TO RECOVER
8 hrs 12 hrs 1 day 2 days 3 days 5 days 7 days 14 days
RECOVERY TIME
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 13Preparing to Meet with IT
1) Be prepared for disagreement 4) Review the process RTOs and the
with the results of the BIA. systems that support them; remember
alignment with the mission.
2) Remind IT that the business is driving 5) Obtain validation to
the RTOs of their processes and the ensure buy-in with results.
dependencies that support them.
3) Review the BIA process and how 6) Information Technology initiates planning for
RTOs and RPOs were calculated. disaster recovery using system RTOs and RPOs.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 14Management Report
DECIDE on the format and
ISSUE the final report. Be sure to include
structure of the report.
those who participated in the BIA, their
Remember left and right management, and the level of
brain thinkers – use facts, management requesting the BIA.
figures, graphs/pictures.
VALIDATE the report and make
changes where appropriate.
PREPARE and issue the draft
report to the manager who
participated in the BIA interviews REVIEW all feedback. Re-interview any
and request their feedback. participants if questions arise about
their responses to the draft report.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 15The Report
Example Executive summary
Business unit / process priority
System and application priority
Internal and external dependencies
Vital records
Findings and recommendations
Appendices
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 16Meet With Management
PRESENT findings and Be PREPARED to ADDRESS the next It is THEIR Get a FORMAL
recommendations review the BIA steps in the planning RESPONSIBILITY to MANAGEMENT
to the senior process, defend the process including validate your findings SIGNOFF on the
management team in findings, and discuss alignment of systems and make the final report once approved.
both written and the risks and and applications RTOs decisions.
oral reports. recommendations with Information
chosen. Technology.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 17Keys To BIA Success
4) Seek executive advice up front
1) Scope BIA appropriately.
and signoff at the end.
5) Obtain validation to
2) Develop data gathering plan that is aligned with
ensure buy-in with results.
industry standards, meets executive requirements,
and complements company culture.
6) Align results with Information Technology for
3) Use objective data wherever possible, but
disaster recovery planning.
recognize subjective data is valuable.
© 2021 MHA CONSULTING. ALL RIGHTS RESERVED. 18Thank You! Questions? Michael Herrera herrera@mha-it.com (602) 708-1718
You can also read
