Data Collection & Disaster Data Recovery

Technology Software
By Technology
104 23

    Risk Analysis and Business Impact Analysis

    • Risk analysis is comprised primarily of data collection and data analysis. The process involves the identification of potential threats to a business, determining the likelihood of each threat materializing and assigning a value to the impact of a materialized threat. Some risks are inherent in the geographical location of a company. Some are inherent in the employees that a company hires. Still other risks are a part of an organization’s particular function. For instance, a company that makes explosives carries some definite risks every day just as a function of what it does. The process of assigning dollar value to the impact of a given risk is called business impact analysis.

    Collecting Data

    • For an organization to determine where to invest its risk mitigation resources, it must determine the impact of losing a particular business function for a given amount of time. The BIA process typically uses questionnaires to collect this data. Each department must answer a series of questions about its function and the impact of losing the capability to perform that function. Some of the typical questions are as follows:

      How long can this department function with no equipment or information technology access?

      List the most critical tasks this department performs, both automated and manual.

      Identify the frequency of the tasks listed.

      Does this department use documentation that should be stored offsite?

      Could this department function without the primary application/data servers? For how long?

      Do you back up the department computers?

      Is departmental computer backup media stored offsite?

      Has a restore of the backups been tested?

      What critical interdepartmental dependencies exist?

      What compliance issues would arise from an inability to perform business functions?

      What staffing is required to perform the critical business functions of this department?

      Are job descriptions for these positions maintained?

      Is there a cross-training plan in place for this department?

      What supplies would this department need in the event of a disaster?

      What equipment is required to perform the critical business functions of this department?

      Does this department maintain a vendor contact list?

      Are the department’s contingency plans documented?

      Of course, this list is not all inclusive, and a questionnaire should be tailored to a particular organization’s needs and circumstances. The list of questions should be as complete as possible to gather the required information.

    Data Collection Methods

    • Often the questions are distributed to the various departments (including IT) on paper, and face-to-face interviews are occasionally required. In addition, an organization may use an electronic survey to collect the data. Users are best qualified to answer the questions that pertain to their particular department and are therefore the best source of information. The goal is to ensure that the process is not so much of a burden on the business unit that the questionnaire is given low priority, or worse, is hastily and inaccurately answered to remove it from the list of tasks.

    Assembling and Analyzing the Data

    • After the answers to these questions are collected, the real risk analysis can begin. The risk analysis team can proceed to sort out the data and get a handle on what the real impact of a disaster would have on the various departments and the business as a whole. The team accomplishes this by classifying the data that has been collected, assigning values and measuring the reported impact. This can be translated to a dollar affect on the business, which gives the business direction on where to spend risk mitigation dollars. The caveat is that the results are only as accurate as the information given in response to the questionnaire. Thus, it is of extreme importance that the various business units of an organization think carefully and respond honestly and accurately. Although the temptation is real to say that any downtime at all is unacceptable, this is hardly the case for most business functions.

    Planning for Disaster Recovery

    • As the business uses the data collected to invest in risk mitigation strategies, such as backups, offsite storage, recovery site agreements and training, the plan for recovery from a disaster develops. This plan should be documented well, and the data collected from the BIA is of utmost importance in the plan. That information identifies the most critical business functions that become the priority for recovery in the event of a catastrophe. It is also imperative that the company develop a good training program to communicate the plan and that the company tests the plan periodically and makes improvements.

    Successful Recovery

    • If accurate data has been gathered, the analysis has been thorough and a solid plan has been developed, tested and refined, an organization is in a much better position in the event of some disaster. The plans developed from the data collected can be activated, critical functions can be recovered with appropriate priority and the business can stay in business.

Source...
Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time
You might also like on "Technology"

Leave A Reply

Your email address will not be published.