Not logged in - Login
View History

Business Continuity Process Overview

Introduction and Purpose

Abriska 22301 has been specifically designed to satisfy these requirements in both a robust and repeatable manner, whilst allowing the organisation the flexibility to tailor each element of the tool to their specific needs. One of the most important aspects of a business continuity programme is the business impact analysis (BIA), through this process the business identifies the organisation’s key products and services, critical activities and required resources.

Output

Abriska 22301 generates a business impact analysis and risk assessment in line with the requirements of ISO 22301. Key products and services are identified and related to critical activities within the organisation. Each activity is assessed in terms of impact over time should the activity not be able to operate.

Configuration Setup Required

The following elements require configuration within Abriska:

Impacts

An impact/ harm matrix will be developed within Abriska. This is used within the business continuity module to evaluate the impact over time for each activity. This can include a number of impact types (e.g. financial, operational) and also a number of impacts below each type (e.g. within financial additional costs or lost revenue). Both quantitative and qualitative scales can be defined for each impact. A threshold is set to each impact; Abriska will then calculate a maximum acceptable outage/maximum tolerable period of disruption for each activity. An example impact matrix below shown below with the threshold set at major for each impact.

Timescales

Timescales are used to assess impact over time and to determine appropriate recovery resources. A single timescale should be selected for the whole organisation; if a single timescale is not suitable then multiple timescales can be created however, this will restrict the reporting capability. Timescales can be made up of units using seconds, minutes, hours, days and weeks. An example timescale is shown within the output at the beginning of this document.

Frequencies

For each activity, a frequency for how frequently the activity is undertaken is recorded. Abriska includes the following by default:

  • On Demand
  • Daily
  • Weekly
  • Monthly
  • Quarterly

Operating Hours

For each activity, the active hours must be recorded within Abriska. This list of options is created within Abriska, this is a simple text label. The following are available by default:
  • Office Hours
  • 24x7

Critical Periods

Some activities may vary in criticality over the month, week etc. e.g. payroll may only be critical for 5 days at the end of each month. The following critical periods are available and can be added to by URM support (these options cannot be removed):

  • Financial working day (by working day over a month)
  • Week (by day)
  • Month (by day)
  • Year (by month)

Recovery Time Objective compared to Maximum Acceptable Outage

Abriska maintains the integrity of each activities’ Recovery Time Objective (RTO) against the Maximum Acceptable Outage (MAO), there are two options for how this can be setup:

  • RTO
  • RTO

Organisational Setup Dependencies

Resources

Resources are a common element throughout various Abriska modules. Resources are represented as a hierarchy based on the following high level types:

  • Information
  • Processes
  • People
  • Premises
  • Technology
  • Suppliers
  • Equipment
  • Media
  • Intangibles Each activity defined within the BIA will be related through to these resources.

Divisions

A divisional structure must be defined within Abriska to allow business activities to be allocated to the appropriate business unit. The divisions are built up as a hierarchy to allow risks to be reported at any level of the organisation. An example is shown on the right.

Contacts & Teams

To support activity and action owners the list of contacts (users of the system and named individuals who do not require access) and teams must be setup within Abriska.


Back to Business Impact Analysis