Business Unit and Functional Priorities

Recovery Strategy 
819
organizations will complete a business impact assessment (BIA) as part of their business 
continuity planning process. This analysis identifies vulnerabilities, develops strategies to 
minimize risk, and ultimately produces a BIA report that describes the potential risks that 
an organization faces and identifies critical business units and functions. A BIA also identi-
fies costs related to failures that include loss of cash flow, equipment replacement, salaries 
paid to clear work backlogs, profit losses, opportunity costs from the inability to attract 
new business, and so forth. Such failures are assessed in terms of potential impacts on 
finances, personnel, safety, legal compliance, contract fulfillment, and quality assurance, 
preferably in monetary terms to make impacts comparable and to set budgetary expecta-
tions. With all this BIA information in hand, you should use the resulting documentation as 
the basis for this prioritization task.
At a minimum, the output from this task should be a simple listing of business units in 
priority order. However, a more detailed list, broken down into specific business processes 
listed in order of priority, would be a much more useful deliverable. This business process–
oriented list is more reflective of real-world conditions, but it requires considerable addi-
tional effort. It will, however, greatly assist in the recovery effort—after all, not every task 
performed by the highest-priority business unit will be of the highest priority. You might 
find that it would be best to restore the highest-priority unit to 50 percent capacity and then 
move on to lower-priority units to achieve some minimum operating capacity across the 
organization before attempting a full recovery effort.
By the same token, the same exercise must be completed for critical business processes 
and functions. Not only can these things involve multiple business units and cross the 
lines between them, but they also define the operational elements that must be restored 
in the wake of a disaster or other business interruption. Here also, the final result should 
be a checklist of items in priority order, each with its own risk and cost assessment, and a 
corresponding set of mean time to recovery (MTTR) and related recovery objectives and 
milestones. These include a metric known as the maximum tolerable outage (MTO). This 
is the maximum amount of time that the business can withstand the unavailability of a 
service without experiencing significant disruption. Business continuity planners can com-
pare MTTR and MTO values to identify situations that require intervention and additional 
controls.

Download 19,3 Mb.

Do'stlaringiz bilan baham: