What is the difference between a risk analysis (RA) and a business impact analysis (BIA)?
Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. Business continuity planning "identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity”. In addition to some disagreement among business continuity professionals regarding the BIA and risk assessment definitions and outcomes, disagreement also exists regarding the order of execution: ...view middle of the document...
Typically, a business continuity plan is also a compilation or collection of the plans. What other plans might a BCP and all supporting documents include?
Identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity. A Business impact analysis (BIA) differentiates critical (urgent) and non-critical (non-urgent) organization functions/activities. Critical functions are those whose disruption is regarded as unacceptable. Perceptions of acceptability are affected by the cost of recovery solutions. A function may also be considered critical if dictated by law. After defining recovery requirements, each potential threat may require unique recovery steps. Common threats include: epidemic, earthquake, fire, flood, cyber-attack, sabotage, and so on.
What is the main difference between a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP)?
A disaster recovery plan is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster. A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.
What is the purpose of a risk assessment and a business impact analysis? Why is it important first step in defining a BCP and DRP?
Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk, the magnitude of the potential loss, and the probability that the loss will occur. The purpose of a business impact analysis is to determine what impact a disruptive event would have on a financial institution. As such, a BIA has three primary goals: Determine Criticality-Every critical business function must be identified, and the impact of a disruption must be determined. A Business Continuity Plan (BCP) is a document approved by management. It seeks to ensure that the company can continue operations “business as usual” in the event of a disaster. A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters.
How do RA relate to business impact analysis for an organization?
Disaster recovery risk assessment and business impact analysis (BIA) are crucial steps in the development of a disaster recovery plan. But, before we look at them in detail, we need to locate disaster recovery risk...