Business Impact Analysis Use Case Design

The Business Processes application captures the base data for a given process. A process may be assigned to a particular business unit or shared across multiple business units. A business process may also be referenced to one or multiple products or services. The application enables you to track the business processes personnel, criticality, recovery time objective (RTO) and ITIL category, and associate it with other aspects of the enterprise infrastructure.

Note: The Business Processes application is included in the Enterprise Catalog package.

The BIA Campaign application creates new Business Impact Analysis records based on the selected scoping methodology as well as links existing BIA records discovered during the campaign.

The Business Impact Analysis (BIA) application enables organizations to inventory their business processes or products and services, as well as their dependencies (people, processes, technologies, and third parties). A BIA should be completed for each product and service, or for each business process, depending on the methodology used by the organization.

Use the BIA application to do the following:

• Apply decision criteria to help organizations determine the criticality for each product or service.

• Determine criticality at the business process level using a traditional business continuity approach.

The BIA Archive application stores a copy of each completed and approved BIA and associates that archived copy to the BIA records.

The Impact Tolerances application enables organizations to define the maximum tolerable period of disruption to important products and services or business processes. It identifies the type of impact, such as harm to consumers, market integrity, market participants, threat to financial stability, policyholder protection, and safety and soundness. Impact tolerances must always be expressed as a unit of time - hours, days, or weeks, but can also include other metrics such as financial loss, impact to reputation, regulatory impact, and consumer impact. Impact tolerances can also be defined over time to identify the resilience during each time period.

The Company application stores general, financial, and compliance information at the company level. Combined with the Division and Business Unit applications, this application supports roll-up reporting of governance, risk, and compliance initiatives across the enterprise.

Note: The Company application is included in the Enterprise Catalog package.

The Business Unit application provides a detailed view of all activities related to the specific business unit.

Note: The Business Unit application is included in the Enterprise Catalog package.

The Division application represents the intermediate unit within the business hierarchy which is a layer below the high-level company and a layer above the individual business unit. You can use this application to further document the relationships within your business and measure the effectiveness and compliance of individual divisions within the enterprise.

Note: The Division application is included in the Enterprise Catalog package.

The Products and Services application maintains all products and services provided within an organization. For example, a financial services firm provides a variety of products and services, such as banking, brokerage, and lending services.

Note: The Products and Services application is included in the Enterprise Catalog package.

The BR Task Driver dashboard contains quick links for frequent tasks and features metrics specific to the current user, such as BIAs pending my action, past due BCDR Plans, and active Incidents.

The BR Process Manager dashboard displays items relevant to Business Process Owners and Program leads. Charts are designed to help leads monitor how processes are functioning and identify gaps. The dashboard features metrics, such as expired BIAs and BCDR plans, BIA RTOs and RPOs, and the dependency mapping status by business unit.

• Creates BIAs campaigns for all business processes in organization, runs BIA campaigns, and initiates advanced workflows.
• Approves or rejects BIAs.

• Can create BIA Campaign and initiate advanced workflow.
• Can approve or reject completed BIAs that have been approved by the BUM.

Can create BIAs for business processes that they own and initiate workflow on their BIAs.

• Can complete the Finance section of the BIA.
• Can select cross-references in the Financial Impact Category.
• Can submit BIAs.

• Can complete Compliance-related questions on the BIA and submit the BIA.
• Can select cross-references in the Compliance Impact Category.

The BIA Campaign JS data feed is a Java script transporter data feed that automates the creation of Business Impact Analysis records based on the selected scoping methodology and target records. The scoping method can be a Business Process, Business Unit or Products and Services. Depending on the selected scoping methodology, the data feed generates Business Impact Analysis (BIA) records for the following:

• On business process scoping, 1 BIA record is created for each selected business process record.

• On products and services scoping, 1 BIA record is created for each selected products and services record.

• On business unit scoping, BIA's are created either for business processes or products and services related to the selected business unit.

For more information on the JavaScript data feed, see Configuring the JavaScript Transporter Settings.

The Business Impact Analysis – Business Process Copy Feed is a Web Services Transporter feed that copies the supporting infrastructure from the evaluated business processes into the Business Impact Analysis application. The supporting infrastructure includes child processes, products and services, business unit, information assets, risks, contacts, facilities, devices, applications, third party profiles, engagements, and subcontractors. It copies Third Parties, Engagements, Subcontractors, Stakeholders (Contacts), Facilities, Devices, Information Assets, Qualitative Risks, Quantitative Risks and Applications from the Business Process into the related BIA.

Once a BIA record is enrolled into the advanced workflow, the value of the DFM: BP/PS copy field is set to Yes, which initiates the data feed. The data feed leverages the DFM_Copy Content From BP To BIA report contained in the Business Impact Analysis application.

The Business Impact Analysis – Products and Services Copy Feed is a Web Services Transporter feed that copies the supporting infrastructure from the evaluated product and service into the Business Impact Analysis application. The supporting infrastructure includes child products and services, business processes, third parties, facilities, contacts, devices, applications, information assets, risks, engagements, and subcontractors.

Once a BIA record is enrolled into an advanced workflow, the value of the DFM: BP/PS copy field is set to Yes, which initiates the data feed. The data feed leverages the DFM_Copy Content From P&S To BIA report contained in the Business Impact Analysis application.

Business Process Copy Feed is a Web Services Transporter feed that copies the supporting infrastructure from the evaluated business processes into the Business Impact Analysis application. The supporting infrastructure includes child processes, products and services, business unit, information assets, G/L accounts, and loss events.

Once a BIA record is enrolled into the advanced workflow, the value of the DFM: BP/PS copy field is set to Yes, which initiates the data feed. The data feed leverages the DFM_Copy Content From BP To BIA report contained in the Business Impact Analysis application.

The Copy BIA Supporting Infrastructure to Products or Services Feed is a Web Services Transporter feed that copies the supporting infrastructure from the product and service being evaluated as part of a Business Impact Analysis into the corresponding Product and Service record. The supporting infrastructure includes child products and services, business processes, third parties, facilities, contacts, devices, applications, information assets, risks, engagements, and subcontractors.

Once the BIA is approved by the Product and Service Owner, the data feed runs to copy the supporting infrastructure.