A Report for

Sample Company
Business Impact Analysis (BIA)
16 December 2002 Engagement: XXXXXXXXX

Sample Company Business Impact Analysis (BIA)

Table of Contents
Introduction/Executive Overview.............................................................1
Objectives .................................................................................................................... 1 Scope........................................................................................................................... 1 Approach ..................................................................................................................... 2 Document Organization ............................................................................................... 2

Corporate Communications .....................................................................3 Engineering ...............................................................................................5 Facility Services ........................................................................................8 Finance ....................................................................................................11 Human Resources...................................................................................17
Safety and Risk.......................................................................................................... 21

Marketing.................................................................................................24
Customer Care .......................................................................................................... 27 Sales..........................................................................................................................29

Materials Management............................................................................33 Network Operations Center (NOC).........................................................36 Operations ...............................................................................................39 Plant Assignment and Dispatch (Provisioning)....................................45 Purchasing ..............................................................................................48 Regulatory Affairs ...................................................................................51 Executive Summary/Business Impact Analysis for SAMPLE ..............54
Cumulative Reported Financial Impacts .................................................................... 54 Cumulative Financial Impact (2001 Gross Revenue)................................................. 55 Cumulative Reported Financial Impacts .................................................................... 56 Operational Impact Summary .................................................................................... 56 Recovery Personnel Requirements ........................................................................... 57 Recovery Time Frames Summary ............................................................................. 58 Recovery Priority Recommendations......................................................................... 59 Work Backlog Processing .......................................................................................... 59 Critical Business Records .......................................................................................... 60 Regulatory Reporting ................................................................................................. 62

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page i

Sample Company Business Impact Analysis (BIA)

Recovery Complexity for Business Units ................................................................... 64 Special Requirements................................................................................................ 66 Reliance on Communications .................................................................................... 67 Unique Standalone Workstations............................................................................... 68

Conclusion ..............................................................................................69 Appendix .................................................................................................70
Appendix A—BIA Questions ...................................................................................... 71

List of Figures Figure 1.Financial Impact for Finance ........................................................................... 11 Figure 2.Financial Impact for Customer Care................................................................ 27 Figure 3.Financial Impact for Corporate Sales .............................................................. 30 Figure 4.Financial Impact for Operations ...................................................................... 39 Figure 5.Reported Financial Impacts for SAMPLE ........................................................ 54 Figure 6.Reported Impacts and 2001 Revenue for SAMPLE ........................................ 55 Figure 7.Reported Financial Impacts for SAMPLE ........................................................ 56 Figure 8.Average Operational Impacts for SAMPLE ..................................................... 57 Figure 9.Time to Complete Backlog Processing for SAMPLE ....................................... 59 Figure 10. Time Frame and Number of Processes for SAMPLE................................... 60 Figure 11. Recovery Complexity for SAMPLE............................................................... 64 Figure 12. Monthly Impact Profile for SAMPLE ............................................................. 66 Figure 13. Degree of Reliance Upon Communications Services................................... 67 List of Tables Table 1. Business Processes Identified by Communications .......................................... 3 Table 2. Critical Business Records Identified by Communications.................................. 3 Table 3. Regulatory Reporting Requirements for Communications ................................ 3 Table 4. Operational Impacts Identified by Communications .......................................... 4 Table 5. Number of Recovery Personnel by Day for Communications ........................... 4 Table 6. Business Processes Identified by Engineering.................................................. 5 Table 7. Critical Business Records Identified by Engineering ......................................... 5 Table 8. Regulatory Reporting Requirements for Engineering........................................ 5 Table 9. Operational Impacts Identified by Engineering.................................................. 6 Table 10. Number of Recovery Personnel by Day for Engineering................................ 6 Table 11. Business Processes Identified by SAMPLE Facility Services ........................ 8 Table 12. Critical Business Records Identified by Facility Services (Central District Only) .............................................................................................................. 8 Table 13. Regulatory Reporting Requirements for Facility Services .............................. 8 Table 14. Operational Impacts Identified by Facility Services ........................................ 9 Table 15. Number of Recovery Personnel by Day for Facility Services ......................... 9

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page ii

.......................... © 2002 Gartner.................. Table 36............................ 26 Business Processes identified by Customer Care... Table 39................... Table 29................... 33 Critical Business Records Identified by Materials Management...................................... 30 Operational Impacts Identified by Sales...................... 21 Regulatory Reporting Requirements for Safety and Risk......... Table 51... Table 53..................... Table 32... Table 56.. 31 Business Processes Identified by Materials Management ............. 12 Critical Business Records Identified by Finance ................................ Table 58................................ Table 48.......................... Table 55....... 28 Number of Recovery Personnel by Day for Customer Care............................................ 14 Regulatory Reporting Requirements for Finance ........ Table 57........ 22 Number of Recovery Personnel by Day for Safety and Risk.............. Table 50.. Business Processes Identified by Finance........... Table 30......................... 28 Operational Impacts Identified by Customer Care.................. 40 Critical Business Records Identified by Operations. 33 Operational Impacts Identified by Materials Management ...... 34 Number of Recovery Personnel by Day for Materials Management.......................Sample Company Business Impact Analysis (BIA) Table 16................. Table 24.............. Table 17.............. 36 Critical Business Records Identified by the NOC ....................... Table 40.... 15 Number of Recovery Personnel by Day for Finance ..... 41 Regulatory Reporting Requirements for Operations ............. Table 21........................................... Table 54...................... Table 47..... Table 33........... Table 45.. 33 Regulatory Reporting Requirements for Materials Management ................................... Table 37....... Table 35. 28 Regulatory Reporting Requirements for Customer Care...................................... 31 Number of Recovery Personnel by Day for Sales .... Table 23..... 20 Number of Recovery Personnel by Day for SAMPLE Human Resources...... 29 Business Processes Identified by Sales......... 42 For internal use of Sample Company only............. 21 Critical Business Records Identified by Safety and Risk ................... 21 Operational Impacts Identified by Safety and Risk....... 15 Business Processes Identified by SAMPLE Human Resources ............. Table 44. 37 Number of Recovery Personnel by Day for the NOC ... 38 Business Processes Identified by Operations ....... Table 27....... Table 25.............................. 37 Regulatory Reporting Requirements for the NOC ........ Table 20...... 22 Business Processes Identified by SAMPLE Marketing ............................... Table 22.... 28 Critical Business Records Identified by Customer Care...... 17 Critical Business Records Identified by SAMPLE Human Resources ................................ All Rights Reserved... 37 Operational Impacts Identified by the NOC......... Table 41.......................................................................... 18 Regulatory Reporting Requirements for SAMPLE Human Resources..................... Table 18..... Table 59...................................... 25 Regulatory Reporting Requirements for Marketing .... 20 Business Processes Identified by SAMPLE Safety and Risk ...... 19 Operational Impacts Identified by SAMPLE Human Resources.................................................................. Inc............................ Table 52..... Table 28..................... Table 38....................... 25 Number of Recovery Personnel by Day for Marketing ... 30 Critical Business Records Identified by Sales ..... 34 Business Processes Identified by the NOC..... 16 December 2002—Page iii ...................... 41 Operational Impacts Identified by Operations .. Table 60............................ Table 34.................. Table 42............................. Table 43.. Table 31... Table 19. 41 Total Number of Recovery Personnel by Day for SAMPLE Operations .................. 30 Regulatory Reporting Requirements for Sales............ and/or Gartner Holdings Ireland......... Table 46................................................. 24 Critical Business Records Identified by Marketing ....................... 14 Operational Impacts Identified by Finance ............................................. Table 26.......................... 25 Operational Impacts Identified by Marketing ................ Table 49.

............. 51 Critical Business Records Identified by Regulatory Affairs... 16 December 2002—Page iv ... 51 Regulatory Reporting Requirements for Regulatory Affairs ............... Table 71. Table 74.......................................... Number of Recovery Personnel by Day for Operations at Pokipsie ....................................................................................... Table 70.............. Table 78........ 52 Number of Recovery Personnel by Day for Regulatory Affairs . 57 Recommended Recovery Priorities for SAMPLE .......................... 48 Critical Business Records Identified by Purchasing ............. 45 Operational Impacts Identified by Provisioning ..................... Table 62..... 49 Operational Impacts Identified by Purchasing................... Inc........ 42 Number of Recovery Personnel by Day for Operations at Phoenix.................... 45 Critical Business Records Identified by Provisioning.. 46 Number of Recovery Personnel by Day for Provisioning . Table 77..................................... 49 Number of Recovery Personnel by Day for Purchasing .... 49 Business Processes Identified by SAMPLE Regulatory Affairs..................................... Table 64.......................... Table 82.... Table 66....................... Table 81........ Table 65................................. 59 Critical Business Records for SAMPLE.............................. Table 75...Sample Company Business Impact Analysis (BIA) Table 61......................................................... 52 Operational Impacts Identified by Regulatory Affairs ......................... Table 79.................. and/or Gartner Holdings Ireland........................... Table 76. Table 84............... Table 67............ 60 Regulatory Reports for SAMPLE..... Table 80... Table 83....... 46 Business Processes Identified by Purchasing. All Rights Reserved................. 68 For internal use of Sample Company only........ 42 Business Processes Identified by Provisioning ........................... Table 63................... 66 Standalone Workstation Requirements for SAMPLE . Table 73.. 64 Special Resource Requirements for SAMPLE ...................................... 48 Regulatory Reporting Requirements for Purchasing .... © 2002 Gartner.......................................... 45 Regulatory Reporting Requirements for Provisioning ........... 52 Overall Personnel Requirements for SAMPLE. Table 85. Table 68...................... 62 Recovery Complexity for SAMPLE.................. Table 86. 42 Number of Recovery Personnel by Day for Operations at Tucson. Table 72................ 42 Number of Recovery Personnel by Day for Operations at Melvin ....................................... Table 69.....

Sample Company Business Impact Analysis (BIA) Introduction/Executive Overview Objectives The purpose of the business impact analysis (BIA) was to help Sample Systems (SAMPLE) identify which business units. are outside the scope of the BIA. 16 December 2002—Page 1 . © 2002 Gartner. assuming a worst-case scenario Define the estimated number of personnel required for recovery operations Identify the organization’s business unit processes and the estimated recovery time frame for each major business unit. equipment. new threats. Please note that this report does not address recovery assumptions. etc. Business impacts are identified based on a worst-case scenario that assumes that the physical infrastructure supporting each respective business unit has been destroyed and all records. The BIA will also facilitate the identification of the resources required to resume business operations to a survival level. or emerging trends in disaster recovery or business continuity. Scope The scope for the SAMPLE BIA includes the following business units and shared services: Corporate Communications Engineering Facility Services Finance (Including AP and Payroll) For internal use of Sample Company only. Issues such as recovery concerns. operations and processes are essential to the survival of the business. such as the availability of experienced personnel for recovery. assuming a worst-case scenario Estimate the intangible (operational) impacts for each major business unit. and/or Gartner Holdings Ireland. because this type of assumption is typically included in a business continuity plan (BCP). The objectives of the business impact analysis (BIA) are as follows: Estimate the financial impacts for each major SAMPLE business unit. are not accessible within 30 days. All Rights Reserved. but are being provided in a separate Gartner “best practices” document. It will delineate the business impact of disaster impact scenarios on the ability to deliver product or to support mission-critical services. The BIA will facilitate the identification of how quickly essential business units and/or processes have to return to full operation following a disaster situation. Inc.

In addition. Sales) Materials Management Network Operations Center (NOC) Operations (Including Pokipsie. operational impacts and estimated personnel required for recovery operations. Safety/Risk Management) Marketing (Including Customer Care. 16 December 2002—Page 2 . For internal use of Sample Company only. and Phoenix) Plant Assignment and Dispatch Purchasing Regulatory Affairs Approach Gartner conducted interviews with more than 50 key SAMPLE business personnel during August 2002. Tucson. Inc. Employee Training. Some statements made by SAMPLE employees have been re-worded for clarity. along with associated estimated recovery time frames. The objective of these interviews and surveys was to identify processes. Melvin. © 2002 Gartner. All Rights Reserved. All BIA interviews were conducted by Gary Drake and Jason Sausser. Business Impact Analysis Summary. such as the recovery personnel requirements to help size an alternate recovery location. The interview process utilized a series of standard questions developed for SAMPLE (see Appendix A). estimated financial impacts. Document Organization Specific information provided by each of the business units in alphabetical order is documented in the following sections of this document. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Human Resources (Including Benefits. The last section. includes information that is most appropriately considered in the overall SAMPLE perspective to assist in the development of an appropriate recovery strategy. Note: Many of the findings reported in this report are recorded exactly as they were captured from surveys and interviews. 15 SAMPLE business unit representatives were surveyed using an electronic BIA tool.

Business Processes Identified by Communications Business Process Communications Description Provide effective communications to employees. Projects and assignments come up on an as-needed basis and vary according to scope and requirements Table 2. Critical Business Records Identified by Communications Business Unit Communications Record Name None identified Table 3. Inc.Sample Company Business Impact Analysis (BIA) Corporate Communications The following person was surveyed for Communications: Tom Johnson. and/or Gartner Holdings Ireland. Regulatory Reporting Requirements for Communications Business Unit Communications Report None identified Frequency Recipients For internal use of Sample Company only. customers. All Rights Reserved. © 2002 Gartner. Business Processes Table 1. 16 December 2002—Page 3 . Communications responds as required. regulatory commissions and the State legislature about SAMPLE.

Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 2 4 0 4 4 4 2 3 0 1 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. All Rights Reserved. Day 1 2 Number of Recovery Personnel by Day for Communications Day 2 2 Day 3 2 Day 4 2 Day 5 4 Day 6 4 Day 7 4 Day 14 7 Day 21 7 Day 28 7 Findings Communications stated that it would be less than a day before an outage had a significant impact on SAMPLE business units. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Inc. For internal use of Sample Company only. Communications reported that it would be extremely difficult to recover from a prolonged outage or disruption. © 2002 Gartner. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Table 4. Communications reported that they are extremely vulnerable to a prolonged outage or disruption. Table 5. Operational Impacts Identified by Communications Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. 16 December 2002—Page 4 .

Sample Company Business Impact Analysis (BIA) Engineering The following people were either interviewed or surveyed for Engineering: Mickey Lolich. Mickey Stanley. disconnects. Ordering services. 16 December 2002—Page 5 . etc. layouts and specifications for new installs. Maintain cable records for all companies (except Pokipsie). Critical Business Records Identified by Engineering Becomes Critical < 1 Day < 1 Day Alternate Source Paper Paper Other Other Media Type Business Process New order processing Design MARKS TFAX Jordash Visio AutoCAD TCS Remedy ACMP Table 7. Norm Cash. Business Processes Table 6. Timekeeping. and Al Kaline. Plans. drawings. Inc. Jim Nortthrup. All Rights Reserved. and/or Gartner Holdings Ireland. Bill Freehan. Plans. Denny McLain. Record Name ACMPs Cut Sheets Table 8. Business Processes Identified by Engineering Description Service changes. Drawings. © 2002 Gartner. Taking orders for service. Regulatory Reporting Requirements for Engineering Report Frequency On Demand Other On Demand FCC FCC SAMPLE Management Recipient Type of Penalty Unknown Unknown Unknown Number of calls blocked during period of time Antenna Registrations Quarterly Event Reports For internal use of Sample Company only. Trouble tickets. Orders for operations.

For internal use of Sample Company only. © 2002 Gartner. Engineering reported that there is a significant amount of critical data stored on individual computer hard drives. because there is no available space on the common (shared server) drives. Work could continue until the queue was empty. Engineering reported that if the 31N6 system is down. 16 December 2002—Page 6 . Engineering reported that they were instrumental in recovering the Central Data Center recently. Table 10. Number of Recovery Personnel by Day for Engineering Day 1 120 Day 2 120 Day 3 120 Day 4 120 Day 5 120 Day 6 120 Day 7 120 Day 14 120 Day 21 120 Day 28 120 Findings Engineering reported that it would be extremely difficult to recover from a significant disruption or outage if AutoCAD data were lost. Operational Impacts Identified by Engineering Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. All Rights Reserved. there is no paper backup. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 2 2 0 2 3 4 0 3 1 0 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Inc. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Table 9. Engineering reported that they are only somewhat vulnerable to a prolonged disruption or outage. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Engineering reported that it would take at least one day to complete the backlog of work for each day of outage.

For internal use of Sample Company only. 16 December 2002—Page 7 . Inc. it would be less than one day before a significant impact on SAMPLE occurred.600 channels throughout the Sample enterprise.Sample Company Business Impact Analysis (BIA) Engineering reported that if their services were unavailable. Engineering reported that services revenues are $78M annually. and/or Gartner Holdings Ireland. © 2002 Gartner. Engineering reported that it costs $600 per hour for each voice channel out of service and that there are currently 2. All Rights Reserved. Engineering reported that SAMPLE experiences many cable cuts during the construction season and that it could take up to three days to restore a 400-pair cable.

Inc. Business Processes Table 11. All Rights Reserved. and/or Gartner Holdings Ireland. To provide computerized card reader/proximity access system and evening manned security guard services. Regulatory Reporting Requirements for Facility Services Business Unit Facility Services Report None identified Frequency Recipients For internal use of Sample Company only. To control and manage space utilization for office layouts. To add/delete and process utility service payments Enterprisewide. Business Processes Identified by SAMPLE Facility Services Business Process Facility maintenance Description To maintain the structural. electrical. Contract administration Utility services and payments Real property lease administration Space planning and management Security (Central District Only) Table 12. mechanical.Sample Company Business Impact Analysis (BIA) Facility Services The following person was surveyed for Facility Services: Dick McCauliff. 16 December 2002—Page 8 . To develop and manage service and construction contracts. © 2002 Gartner. To manage all real property acquisitions/sales and leases Enterprise-wide. Critical Business Records Identified by Facility Services (Central District Only) Business Unit Facility Services Facility Services Facility Services Facility Services Record Name PCSC Security System Software Database Hard Copies of Security User Form Records Facility Drawings—both Mylar and Bluelines Facility Construction and Maintenance Project Records Table 13. and other related building components and finishes in a professional and workmanlike manner.

all emergency related issues are routed through the Pokipsie NOC. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 3 1 3 2 4 4 0 0 0 4 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Facility Services reported that while SAMPLE does not really have a Disaster Recovery plan. Facility Services reported it will take from 12 to more than 16 hours to process backlog for each day of downtime. Facility Services reported that they are vulnerable to a prolonged disruption or outage. © 2002 Gartner. Table 15. Facility Services reported that it is somewhat easy to recover.Sample Company Business Impact Analysis (BIA) Table 14. For internal use of Sample Company only. Number of Recovery Personnel by Day for Facility Services Day 1 7 Day 2 7 Day 3 8 Day 4 10 Day 5 10 Day 6 11 Day 7 12 Day 14 12 Day 21 12 Day 28 12 Findings Facility Services reported that ATU had an emergency plan that has been updated by Willie Horton of Safety and Risk Management. All Rights Reserved. Inc. where 0 = no impact and 4 = severe impact. which maintains a callout list of all facilities team members. Facility Services performs periodic fire alarm detection and suppression system testing. 16 December 2002—Page 9 . and/or Gartner Holdings Ireland. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Operational Impacts Identified by Facility Services Operational impacts are rated on a scale of 0-4.

Facility Services reported that severe impact would occur during the months of December. A key item cited was the lack of structural bracing that would allow the building to withstand earthquake loads. For internal use of Sample Company only. The conclusion of the seismic report was that the Central Data Center is probably well below current earthquake standards. Facility Services reported that it has extreme reliance on a standalone workstation.Sample Company Business Impact Analysis (BIA) Facility Services stated that four days is the maximum outage before a significant impact on SAMPLE as a whole occurred. The Central Data Center was originally constructed in the 1940s and had additions constructed in 1963 and 1969. Impacts would be least severe during the months of June through October. “Major cracking” in the 1969 addition was mentioned in the report. The report also stated that many cable trays and hung equipment did not have diagonal braces. © 2002 Gartner. January. because colder months affect facility operations during power or utility outages. and February. 16 December 2002—Page 10 . All Rights Reserved. The loss of the Central Data Center would be catastrophic to SAMPLE and its customers. A seismic survey conducted in July of 2001 cited several items of concern regarding the Data Center located near the corner of 17th and G Streets in Pokipsie. and/or Gartner Holdings Ireland. Inc.

The following people were either interviewed or surveyed for Finance: Kevin A. © 2002 Gartner. Jenny S and Joe T. Accounts Payable and Payroll were all considered part of the Finance function. Laurie B. Billing and Collections. Disbursements. 2002 6 7 14 21 28 Findings Finance reported estimated total SAMPLE losses of $1M per day if all services were lost.000. Figure 1. Inc. Michael D. All Rights Reserved.526 per day.000 $0 1 2 3 4 5 Day Finance Reported Finance 2001 AR Source: Gartner. Nancy V. the Controller’s Office.Sample Company Business Impact Analysis (BIA) Finance For the purpose of this report.000 $10. and/or Gartner Holdings Ireland. based on 2001 Financials. Cash Management. Financial Impact for Finance $30. For internal use of Sample Company only.000 $20. Total SAMPLE receivable days were estimated at $128. Deborah C. 16 December 2002—Page 11 .000. Financial Planning.000.

). © 2002 Gartner. cleaned and uploaded into the SAP system. Minnie C—Processing pay records. Account analysis and verifications are performed on SAP data as the basis of information for monthly journal entries. IRS year-end reports—1099s. Reports are provided from the NIBS system and manual journal entries are prepared to record revenue. Information from SAP is downloaded into PRS for project reporting purposes. June A—Processing pay records and distributing earnings statements. Provide financial / accounting services. For internal use of Sample Company only. Load files are received from IT. cleaned and uploaded into the SAP system. 16 December 2002—Page 12 . etc. Load files are received from IT. All Rights Reserved. Reports are provided from the STS system and manual journal entries are prepared to record revenue. maintenance. Business Development as required Provide support/assistance to the organization (training. and/or Gartner Holdings Ireland. cleaned and uploaded into the SAP system. Jane Doe—Supervisor. Inc. Business Processes Identified by Finance Business Process Corporate budget Financial analysis Support business development process Support SAMPLE information system (business analysis software application) IRS reporting Finance/accounting Load Deville/CBP files to SAP Load Payroll files to SAP Record month-end journal entries in SAP Load Intranet revenue Load Apprise sales data Enter PSA data to SAP Enter NIBS data to SAP Enter R data to SAP Enter Erie data to SAP Load project information in PRS Enter STS data to SAP Load and reconcile PCC data in SAP TCS (time entry system) Description Management of process. Load files are received from ADP. etc.Sample Company Business Impact Analysis (BIA) Business Processes Table 16. Reports are provided from the Erie system and manual journal entries are prepared to record revenue. Assist Managing Director. analysis of variances between planned and actual results. Reports are provided from the R system and manual journal entries are prepared to record revenue. Download and reconciliation of bank data from the Internet Poindexter system. Load files are received from IT. Reports are provided from the PSA system and manual journal entries are prepared to record revenue. cleaned and uploaded into the SAP system. Assist managers with financial analysis of business cases. ADP—third-party payroll processor—calculates and prints paychecks and processes all direct deposits.

Frank M— AP clerk. Susan S—AP clerk. Inc. Collect general ledger and CBP data and report to the IRS. Collect data from SAP asset files and report to various cities and boroughs. 16 December 2002—Page 13 . prepare depreciation and other analysis to prepare returns. and/or Gartner Holdings Ireland. Prints checks. Download trial balance from SAP. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Business Process Pay vendors Description Bob T—Supervisor. Tim AAP clerk and acting supervisor in Bob’s absence. Collect data from CBP and report to various cities and boroughs. quality control. Report federal excise tax Report sales tax Report E911 Report property tax Income tax returns For internal use of Sample Company only. Collect data from CBP and report to various cities and boroughs. Paula P—AP clerk. © 2002 Gartner.

Inc. © 2002 Gartner. FCC—RCA Financial Institutions Recipient Type of Penalty Financial Financial Financial Financial Financial For internal use of Sample Company only. CPR) Deville/ CBP Payroll files Month-end JEs PSA NIBS STS Historical financial information Time records (TMS) System information Intranet Apprise sales Employee records Rodolphi PRS PCC Vendor Invoices Great Lakes Excise Tax Sales Tax E911 Property Tax Income Tax Project Records Becomes Critical < Day 1 Day 7 Day 14 Day 7 Over Day 28 Over Day 28 Over Day 28 Day 14 Day 6 Day 14 Over Day 28 Over Day 28 Day 6 Over Day 28 Over Day 28 Over Day 28 Day 14 Over Day 28 Day 10 Day 30 Day 60 Over day 28 Over day 28 Day 14 Alternate Source Other Excel Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Excel/paper reports Paper None Paper Excel Paper Accrued estimate Paper Accrued estimate Other ADP—third-party processor Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper vendor reprint Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Excel Table 18. 16 December 2002—Page 14 .Sample Company Business Impact Analysis (BIA) Table 17. Critical Business Records Identified by Finance Business Unit Finance Finance Finance Finance Finance Finance Finance Finance Finance/AP & Payroll Finance AIS Finance Finance Finance/AP & Payroll Finance Finance Finance Finance/AP & Payroll Finance Report federal excise tax Report sales tax Report E911 Report property tax Income tax returns Finance Record Name SAP data (F/S. Regulatory Reporting Requirements for Finance Report SEC quarterly and annual reporting Form M annual reports USF/ RCC reports Cost Allocation Manual Bank Debt Compliance Frequency Quarter end Year end Month end Year end Month end SEC RCA FCC/ AK Dept Rev. and/or Gartner Holdings Ireland. All Rights Reserved.

Finance reported that they are somewhat vulnerable to an outage. Finance reported that it would take six to 12 hours to complete the backlog of work for each day of outage. Finance reported that one week is the maximum length of outage before a significant impact SAMPLE as a whole occurred. Finance reported that severe operational impacts would occur during the month of December because of year-end payroll processing. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 2 2 4 2 4 2 4 4 3 4 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. © 2002 Gartner. and/or Gartner Holdings Ireland. Finance stated that SAMPLE must transmit payroll information to ADP (thirdparty processor) by Tuesday to avoid penalties that would be paid to a small For internal use of Sample Company only. Impacts are also significant during April. 16 December 2002—Page 15 . Operational Impacts Identified by Finance Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact.Sample Company Business Impact Analysis (BIA) Table 19. Inc. Number of Recovery Personnel by Day for Finance Day 1 13 Day 2 13 Day 3 18 Day 4 18 Day 5 22 Day 6 22 Day 7 22 Day 14 22 Day 21 28 Day 28 28 Findings Finance reported that it is difficult to recover. July and October due to quarter-end and January and February for year-end. Table 20. All Rights Reserved.

Inc. The financial impact of these penalties was reported to be negligible. Retention policies are followed and records are stored both on.Sample Company Business Impact Analysis (BIA) group of temporary employees falling under a NAFTA Agreement. most payments are received in the form of checks. Finance stated that while some payments (such as from some federal agencies) are made electronically and via credit card. Finance stated that a loss of communications would have a significant impact on business operations.and off-site. 16 December 2002—Page 16 . For internal use of Sample Company only. © 2002 Gartner. and/or Gartner Holdings Ireland. All Rights Reserved.

Manage FMLA. Sean Connery. Process grievances and arbitration. Compensating employees HR system administration Personnel records maintenance Benefit data preparation for payroll transmission Internal and external reporting Labor relations Employee relations For internal use of Sample Company only. Business Processes Table 21. Business Processes Identified by SAMPLE Human Resources Business Process Hiring new employees Separating employees Training employees Benefits administration Description Advertise open positions. Design benefits. Deliver benefits directly or through vendors. two processes must be executed by HR to ensure all benefits are correct. ensure qualified candidates are hired and entered into payroll. and/or Gartner Holdings Ireland. © 2002 Gartner. provided candidates to managers. contract with vendors or develop and deliver training. and other leaves. Design compensation plans. Ensure that employees are properly removed from our active employment files when employees terminate. quarterly. Select and manage vendors. bi-weekly. Coordinate compensation delivery through Payroll or vendors. advise on the liability to the company in the HR arena. Manage quality control directly or through vendors. record training completion. and annual basis. Timothy Dalton and James Coburn. advise on performance management. Plan training regimens. Inc. 16 December 2002—Page 17 . Negotiate/maintain/administer Collective Bargaining Agreement (CBA) (Master Agreement/LOAs/MOAs). Develop and deploy compensation-related communications. Maintain electronic and hardcopy of personnel files. Develop and deploy benefits-related communications. All Rights Reserved. Select and manage vendors. weekly. Roger Moore. Manage quality control Select. Conduct EEO investigations and represent company position in external Agency complaints. discipline and discharge. install. monthly. Before each payroll data can be transmitted. Advise in interpretation and administration of corporate compliance program and company policies and procedures.Sample Company Business Impact Analysis (BIA) Human Resources The following people were either surveyed or interviewed for Human Resources: Pierce Brosnan. and maintain manual and automated human resources information systems. Various internal reports and external reports (state and federal regulatory) are required on a daily.

Ben Comp. HRIS Comp. brokers Vendors. Ben Comp. All Rights Reserved. 16 December 2002—Page 18 . Ben Day 7 Comp. consultants. HRIS Comp. © 2002 Gartner. Ben. and/or Gartner Holdings Ireland. Inc. Ben. HRIS Employee Relations Employee Relations Employee Relations Employment Services Employment Services Employment Services Employment Services Human Resources Human Resources Human Resources Human Resources Human Resources HRIS After Day 28 Day 2 Over Day 28 Over Day 28 Day 3 After Day 28 Day 14 Day 1 Day 1 Day 5 Day 14 Day 1 Day 1 Day 2 Day 5 Day 14 Day 1 For internal use of Sample Company only. Ben Record Name HRIS Data HRIS Personnel Files Plan Documentation Vendor Service Agreements Historical Records Vendor Contacts Compensation Surveys Analysis Tools Employee Relations Files ER Vendor Contracts Historical Records Job/Recruitment File Requisition Log Relocation Log Class Specifications Job Description Requisition Desktop Procedures Policies and Procedures Training Vendor Contacts Personnel Records When Required Day 5 Day 7 Day 7 Media Type Fixed disk Paper Fixed disk and paper Fixed disk and paper Fixed disk and paper Fixed disk Fixed disk Fixed disk Fixed disk and paper Fixed disk and paper Fixed disk and paper Paper Fixed disk Fixed disk Fixed disk and paper Fixed disk Paper Fixed disk and Paper Fixed disk and Paper Fixed Disk Fixed Disk and Paper Alternate Source Personnel files HRIS data Vendors.Sample Company Business Impact Analysis (BIA) Table 22. brokers None Online directory Repurchase Recreate None Vendors IBEW None None Paper files None N/ A N/ A None None Online Directory None Comp. Ben Comp. Critical Business Records Identified by SAMPLE Human Resources Business Unit Comp. Ben. consultants.

and/or Gartner Holdings Ireland. Inc.Sample Company Business Impact Analysis (BIA) Business Unit HRIS and Employee Relations Record Name Collective Bargaining Agreement. US DOL. EEOC. Regulatory Reporting Requirements for SAMPLE Human Resources Report EEO1 Affirmative Actions Report 5500 Filing EEO reporting Plan and amendment filing IRS Data Confirmation Surveys Summary Annual Reports Relocation Expense Report FCC-395 Report VETS-100 PBGC filing Agency Complaint Response Frequency Year end Year end Year end On demand On demand On demand September Year end Annual Annual Year end On demand US DOL US DOL IRS DOL DOL IRS Employees IRS FCC DOL PBGC NABSCO. All Rights Reserved. © 2002 Gartner. All Sub-Agreements and Letters of Understanding Salary Step/Job Code listing Pension/Job Code listing Listing of what reports are due when When Required Day 1 Media Type Fixed disk and paper Alternate Source IBEW HRIS HRIS HRIS Day 5 Day 5 Day 5 Paper Paper Fixed disk Recreate Recreate Paper Table 23. 16 December 2002—Page 19 . NOAA. SOA DOL Recipient Type of Penalty Product/ Service Disruption Product/ Service Disruption Financial Financial Financial Financial Financial Financial Financial Financial Financial Financial For internal use of Sample Company only.

Inc. Human Resources stated that a loss of communications would have a significant impact on business operations. For internal use of Sample Company only. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Operational Impacts Identified by SAMPLE Human Resources Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact.Sample Company Business Impact Analysis (BIA) Table 24. and/or Gartner Holdings Ireland. Human Resources stated that one week would be the maximum outage before a significant impact on SAMPLE as a whole occurred. © 2002 Gartner. Human Resources reported it is somewhat vulnerable to a prolonged disruption or outage. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other (Technical Training) Value 2 2 2 4 3 4 4 3 2 3 4 3 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. All Rights Reserved. 16 December 2002—Page 20 . Number of Recovery Personnel by Day for SAMPLE Human Resources Day 1 15 Day 2 15 Day 3 15 Day 4 15 Day 5 15 Day 6 15 Day 7 15 Day 14 15 Day 21 15 Day 28 15 Findings Human Resources reported it will take four to eight hours to process backlog for each day of downtime. Human Resources has no special standalone workstation requirement. Table 25. HR reported it is difficult to recover from a significant disruption or outage.

Business Processes Table 26. 16 December 2002—Page 21 . All Rights Reserved. Evaluate need for changing safety practices. Report property. Business Processes Identified by SAMPLE Safety and Risk Business Process Insurance Requirements Safety Standards Safety Practices Safety Training Administer Worker’s Compensation Program Accident Investigation Environmental Compliance Damage Claim Administration Description Identify insurance needs.Sample Company Business Impact Analysis (BIA) Human Resources reported that a total disruption in services would have a significant impact on ability to provide necessary staffing and training to the remainder of the organization. Establish safety training standards and frequency. auto and general liability damage claims. Manage Workers’ Compensation claims Establish investigation process. Establish and monitor safety performance at the department level. set safety training objectives for insurance carrier and monitor results. resolve and approve claim settlements. Table 27. Inc. place coverage. Maintain inventory data on fuel tank location/capacities. alternative risk financing. © 2002 Gartner. Critical Business Records Identified by Safety and Risk Business Unit Safety and Risk Record Name Damage Report Claims When Required Day 7 Media Type Paper Alternate Source Field Departments Table 28. and/or Gartner Holdings Ireland. collect results distribute as required and necessary. Regulatory Reporting Requirements for Safety and Risk Report OSHA 300 SARA Title III Frequency Year End Annual OSHA State/Local Environmental Recipients Type of Penalty Financial Financial For internal use of Sample Company only. Safety and Risk The following person was surveyed for Safety and Risk: Ed Brinkman. update as necessary. chemical inventory and compliance procedures.

Table 30.Sample Company Business Impact Analysis (BIA) Table 29. All Rights Reserved. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Operational Impacts Identified by Safety and Risk Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. For internal use of Sample Company only. Safety and Risk stated that the maximum outage before a significant impact on SAMPLE business units occurred is three days. and/or Gartner Holdings Ireland. Safety and Risk reported that it is somewhat vulnerable to a prolonged disruption or outage. Number of Recovery Personnel by Day for Safety and Risk Day 1 1 Day 2 1 Day 3 1 Day 4 1 Day 5 1 Day 6 1 Day 7 1 Day 14 1 Day 21 1 Day 28 1 Findings Safety and Risk reported that it would take one to two hours to complete the backlog of insurance-related activity for each day of downtime. 16 December 2002—Page 22 . Safety and Risk reported that it is somewhat difficult to recover following a significant disruption or outage. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 1 0 2 0 3 3 2 2 0 3 4 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Safety and Risk reported that it would take more than two hours to complete the backlog of Claim Administration-related activity for each day of downtime. Safety and Risk reported that it would take from two to four hours to complete the backlog of Safety-related activity for each day of downtime. © 2002 Gartner. Inc.

insurance carriers and outside reporting agencies. Safety and Risk stated they have back up insurance records in Finance. Safety and Risk noted that there are special requirements to include communications with departments. Safety and Risk stated that SAMPLE maintains basic business interruption insurance coverage.Sample Company Business Impact Analysis (BIA) Safety and Risk reported that there are minimal monthly operational impacts. Safety and Risk stated that it has no special standalone workstation requirement. the broker and carriers. 16 December 2002—Page 23 . including earthquake and flood. Inc. and/or Gartner Holdings Ireland. For internal use of Sample Company only. up to $25 million. All Rights Reserved. $25 million excess is available but excludes earthquake and flood. © 2002 Gartner.

both expense and revenue. Analyze data and track sales campaigns. Support product managers as needed with data. Administer database. Product deployment Publish SAMPLE directories and maintain 411 database Sales compensation reporting Financial reporting Market research Manage product development process Coordinate development of marketing plan Customer and product analysis For internal use of Sample Company only. Define process and forms. 16 December 2002—Page 24 . analysis and research needed to roll out product and customer plans. Define process and structure. Business Processes Identified by SAMPLE Marketing Business Process Product development Description Identify customers and develop products to meet customers’ needs. coordinate input and maintain on current basis. develop processes and generate reports used for compensation of internal sales organization. Business Processes Table 31. Perform analysis of financial results for marketing division. Maintain database of customer directory listing to facilitate publication of eight Enterprise-wide white.and yellow-page directories and source data for Directory Assistance 411 database. Inc. © 2002 Gartner. and Barbara. Coordinate market research needs and maintain repository of information. All Rights Reserved. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Marketing The following people were either surveyed or interviewed for Marketing: Brenda. Support direct mail advertising and telemarketing with customer lists targeted at specific segments. Ability to generate reports comparing data from several customer databases.

Operational Impacts Identified by Marketing Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Directory Subsystem and link to CBP (Deville) Sales Collateral (work with Deutchland Agency) All service order and billing systems Directory subsystem and linkage to CBP (Deville) AIS Sales Compensation Datamart Table 33. Inc. For internal use of Sample Company only. Directory Listings.Sample Company Business Impact Analysis (BIA) Table 32. 16 December 2002—Page 25 . Market Research and Infosource Infosource Product Development Marketing Marketing Marketing Marketing Record Name Historical customer billing records from all billing systems. Regulatory Reporting Requirements for Marketing Business Unit Marketing None Report Frequency Recipients Table 34. © 2002 Gartner. and/or Gartner Holdings Ireland. Critical Business Records Identified by Marketing Business Unit Product Development. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 4 3 2 2 3 4 1 3 1 1 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. All Rights Reserved. Record of current billed services by customer.

For internal use of Sample Company only. 16 December 2002—Page 26 . this includes customer. These are needed so that resources can support critical customer needs. which requires billing system records along with manual reports provided by sales personnel. they would need to quickly return to product development functions. it would take a week to recreate a monthly report. Marketing reported that it suffered power loss. Sales Compensation Datamart and the Directory Subsystem. Sales Compensation Datamart and the Directory Sub-system. Marketing assumes that the billing systems are backed up nightly and the storage of these records is other than at 937 Quadrangle Ave. loss of centralized computers. Inc. Number of Recovery Personnel by Day for Marketing Day 1 4 Day 2 4 Day 3 4 Day 4 22 Day 5 22 Day 6 22 Day 7 22 Day 14 22 Day 21 22 Day 28 22 Findings Marketing reported that there would be significant impact to the company as a whole. AIS. This is reported to be the only record of SAMPLE customers and their services. Marketing reported that it is very vulnerable to a prolonged disruption or outage. Once records are obtained. employees have been unable to work. The work that marketing does is almost totally reliant on computer systems and applications. © 2002 Gartner. revenue and sales compensation reports.Sample Company Business Impact Analysis (BIA) Table 35. Marketing is highly reliant on all billing systems. All marketing processes (marketing plan. Marketing is highly reliant on all billing systems. AIS. if it were idled. product development. and research) are highly reliant on e-mail and the company intranet for communication. Monthly performance reporting would be impacted without billing records. Marketing requires a list of customers. Although the initial role of marketing would be to identify key customers to ensure priority service restoration. and the loss of local LAN servers during 2001. The development of customer retention and win-back plans significantly impacts cash flow and customer retention. The workplace is significantly impacted during power outages and network failures. products. All Rights Reserved. Marketing reported that there would be monthly operational impacts for sales compensation reporting. addresses and services in the first 24 hours. and/or Gartner Holdings Ireland. lost/corrupted data. During the infrequent times that marketing has experienced power outages or network failures. Market research is highly dependent on customer billing information along with access to the Internet for research sites. Marketing reported that it is somewhat difficult to recover from a prolonged disruption or outage for information that is not backed up for individual PC’s and mainframe applications.

For internal use of Sample Company only.000.000 $1. Marketing reported that keeping phone lines working in SampleTown and maintaining customer service have to be the highest priorities.000 $0 1 2 3 4 5 Day Customer Care Reported Customer Care 2001 Gross Revenue Source: Gartner. Marketing estimated that once they have access to computers and the network applications.800 per day. they should be functional within two weeks. the company should consider a plan to utilize use non-customer facing employees to assist operational areas. average daily gross revenue for 2001 was $0. and/or Gartner Holdings Ireland. Marketing estimated that once they have access to computers and the network applications. Figure 2.000 $500. they should be functional within a couple weeks.Sample Company Business Impact Analysis (BIA) Customer and product analysis are highly reliant upon company proprietary data networks. 16 December 2002—Page 27 . © 2002 Gartner. Inc. based on 300 customer service representatives earning $22 per hour. Randy J and Rico Pi. 2002 6 7 14 21 28 Findings Customer Care reported estimated financial losses of $52.500. Customer Care The following people were either interviewed or surveyed for Customer Care: Bob J. All Rights Reserved. Financial Impact for Customer Care $1. Marketing suggested that if a disaster should occur.

and/or Gartner Holdings Ireland. Frequency Recipients Table 39. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. CBP billing system. Regulatory Reporting Requirements for Customer Care Business Unit Customer Care Report None reported. Alternate Source Paper Printouts When Required Day 1 Relative Importance Extreme Table 38. account inquiries and Directory Assistance listings. Table 37. All Rights Reserved. JORDASH system.Sample Company Business Impact Analysis (BIA) Business Processes Table 36. Critical Business Records Identified by Customer Care Record Name Cornbell Service order system. DA listings/records system. For internal use of Sample Company only. 16 December 2002—Page 28 . Inc. Operational Impacts Identified by Customer Care Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. long distance and/or Internet service. Business Processes identified by Customer Care Business Process SAMPLE customer call center operations Description Provide ACD agents to respond to customer calls/requests for local. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 0 0 0 0 0 4 0 0 0 0 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. © 2002 Gartner.

and retention periods for records have been formally defined. Customer Care reported that they currently have 200.000 customers who sought an alternate source of service would return after service was restored to normal. Customer Care estimated that only 10. Customer Care reported current records management activity as follows: duplicate records are maintained. Number of Recovery Personnel by Day for Customer Care Day 1 0 Day 2 0 Day 3 0 Day 4 0 Day 5 0 Day 6 0 Day 7 0 Day 14 0 Day 21 0 Day 28 0 Findings Customer Care estimated financial losses of $52. All Rights Reserved.000 customers and that 50. Customer Care reported that it is not vulnerable to a prolonged disruption or outage. average gross revenue for 2001 was $0. 16 December 2002—Page 29 . Sales The following people were interviewed for Sales: Bobby Kennedy. For internal use of Sample Company only. because these represent the busiest/peak service months. Customer Care stated that it is extremely reliant upon communications services for business operations.800 per day. Customer Care reported it would take eight to 12 hours to process backlog for each day of downtime. Customer Care reported that it is somewhat difficult to recover after a significant disruption or outage. Customer Care reported that severe operational impacts would occur during the months of June and September. records are stored off site (at a facility in Pokipsie). John Hoover and Gordon Liddy. © 2002 Gartner. Inc.000 of the 50.Sample Company Business Impact Analysis (BIA) Table 40.000 of these would seek an alternate source after day five of a prolonged disruption or outage. and/or Gartner Holdings Ireland. Customer Care stated that four days is the maximum outage before a significant impact on SAMPLE occurred.

estimated daily loss as a percentage of gross revenue for 2001 was $136. Frequency Recipients For internal use of Sample Company only.000 $1. Sales maintains 911 Database.315.616 per day. 16 December 2002—Page 30 .000 $0 1 2 3 4 5 6 Day Sales Reported Estimated based on % of ACS 2001 Gross Revenue Source: Gartner.000. Business Processes Identified by Sales Business Process Billing Order tracking Customer service 911 Database Issue invoices to customers. Description Table 42.000. Support sales agents and existing customers.000 $2.Sample Company Business Impact Analysis (BIA) Figure 3. All Rights Reserved. Log orders for new service.000. 2002 7 14 21 28 Findings Sales averaged estimated financial losses of $35. and/or Gartner Holdings Ireland. Inc.000 $3. Business Processes Table 41. Regulatory Reporting Requirements for Sales Business Unit Sales Report None required. Critical Business Records Identified by Sales Business Unit Sales Record Name Customer Database When Required Over Day 28 Media Type Fixed Disk Alternate Source Sales personal PCs Table 43. © 2002 Gartner.000. Financial Impact for Corporate Sales $4.

Sales reported that data loss or corruption occurred during 2001.Sample Company Business Impact Analysis (BIA) Table 44. Sales reported that it is easy to recover. © 2002 Gartner. Sales reported it will take eight to 12 hours to process backlog for each day of downtime. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. 16 December 2002—Page 31 . Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 2 4 2 2 2 4 3 1 1 0 0 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. and/or Gartner Holdings Ireland. average daily loss estimated as a percentage of gross revenue for 2001 was $136. but that it had little impact on operations. Operational Impacts Identified by Sales Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. All Rights Reserved.616 per day. For internal use of Sample Company only.315 per day (15 percent of gross daily revenue). Number of Recovery Personnel by Day for Sales Day 1 5 Day 2 9 Day 3 11 Day 4 15 Day 5 20 Day 6 20 Day 7 20 Day 14 30 Day 21 45 Day 28 50 Findings Sales estimated financial losses of $35. Sales reported that it is somewhat vulnerable to a prolonged disruption or outage. Inc. Table 45. beginning on day five following a severe disruption.

but if an outage occurred at or near month end. Inc. Sales personnel can work from home. For internal use of Sample Company only. 16 December 2002—Page 32 .Sample Company Business Impact Analysis (BIA) Sales stated that four weeks is the maximum outage before a significant impact on SAMPLE as a whole occurred. Sales reported that there are no months where operational impacts would be more severe than for other months. and/or Gartner Holdings Ireland. if necessary. it could have a severe impact. All Rights Reserved. © 2002 Gartner.

Sample Company Business Impact Analysis (BIA) Materials Management The following person was surveyed for Materials Management: Sophia Loren. Business Processes Identified by Materials Management Business Process Distribution—Distributing mail Distribution—Large copy jobs such as training manuals Distribution—Insertion operation to process billing Warehouse—Receiving stock and non-stock material Warehouse—Issuing stock warehouse Warehouse—Restocking shelves warehouse Warehouse—Shipping to field locations warehouse Warehouse Office—Stock ordering Warehouse Office—Cost coding freight invoices Warehouse Office—Processing repairs and returns Warehouse Office—Expediting orders Warehouse Office—SAP computer system maintenance Description The Distribution Lead oversees the daily operation. Table 47. assignments are rotated weekly. Foreman oversees daily operations. Warehouse Lead clerk oversees daily operations. 16 December 2002—Page 33 . Warehouse Lead clerk oversees daily operations. © 2002 Gartner. Warehouse Foreman oversees daily operations. Warehouse Lead clerk oversees daily operations. Inc. Foreman oversees daily operations. The Distribution Lead oversees the daily operation. The Distribution Lead oversees the daily operation. Foreman oversees daily operations. Warehouse Lead clerk oversees daily operations. All Rights Reserved. Regulatory Reporting Requirements for Materials Management Report None Reported Frequency Recipient Type of Penalty For internal use of Sample Company only. and/or Gartner Holdings Ireland. assignments are rotated weekly. Critical Business Records Identified by Materials Management Record Name Warehouse Transactions Becomes Critical Day 4 Alternate Source Would keep paper records in interim Other Media Type Table 48. Business Processes Table 46. assignments are rotated weekly. Warehouse Lead clerk oversees daily operations.

16 December 2002—Page 34 . the warehouse would be impacted immediately. Materials Management did not report how long it would take to complete the backlog of work for each day of outage. and/or Gartner Holdings Ireland. Materials Management reported that the Distribution-Insertion operation to process billing would be severely impacted by a prolonged disruption or outage and that there is no alternate provider of the service. Number of Recovery Personnel by Day for Materials Management Day 1 0 Day 2 0 Day 3 0 Day 4 0 Day 5 0 Day 6 0 Day 7 0 Day 14 0 Day 21 0 Day 28 0 Findings Materials Management reported that they are vulnerable to a prolonged disruption or outage. Table 50. there would be a significant impact after three days. Materials Management reported that if they were unable to access SAP. Operational Impacts Identified by Materials Management Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function.Sample Company Business Impact Analysis (BIA) Table 49. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 0 0 0 4 0 4 0 0 0 0 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. For internal use of Sample Company only. Inc. however. © 2002 Gartner. All Rights Reserved. Materials Management reported that it would be somewhat difficult to recover from a significant disruption or outage.

All Rights Reserved. Inc. desktop PC using SAP and is backed up. no one else can process SAMPLE billing and significant revenue loss will occur.Sample Company Business Impact Analysis (BIA) Materials Management reported that data for the Warehouse-Issuing stock process is maintained on a Windows-based. Materials Management reported the main thing that needs to be addressed for recovery purposes is that SAMPLE processes billing (printing and inserting) backwards from everyone else in Pokipsie. 16 December 2002—Page 35 . and/or Gartner Holdings Ireland. If SAMPLE loses either the printers or insertion machines. © 2002 Gartner. For internal use of Sample Company only.

16 December 2002—Page 36 . MARKS records Enterprise-wide 911 reroute procedures Training committee IP test procedures Description Provides callout/contact information for all SAMPLE entities in the company. For internal use of Sample Company only. key personal list. Inc. Provides dial tone for all Pokipsie area customers. Provides monitoring of State of SampleTown SATS. Maintain SAMPLE and other information about other IXCs and LECs. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Network Operations Center (NOC) The following people were either interviewed or surveyed for the NOC: Rusty Staub and Randy Johnson. Define calling tree for problem response. Maintain procedures used to reroute 911 services. Maintain organization charts and keep current. Broadband STP information. Provides monitoring for SAMPLE sites outside Pokipsie. Special procedures for NOC. Business Processes Identified by the NOC Business Process Duty supervisor NOC special procedures BBSTP E911 Critter Sensaphones Voicemail ASM One Meg Modem EMS Pokipsie DMS Switches Scanner State of SampleTown Video Escalation procedure Skills worksheet Duty Supervisor book Network Operations Procedures (NOP) Org chart Maintain TFSAMPLE. Provides access to 1 Meg Modem equipment Enterprisewide. reviews training needs. Update current skill level of SAMPLE technicians for each piece of equipment). Provides E911 procedures and re-routes. and/or Gartner Holdings Ireland. Provides information on Oryx and Octel voice mail systems. Maintain records used to rebuild circuits to an alternate location. Provides monitoring of State of SampleTown television feeds. Maintain test procedures (currently under development). Business Processes Table 51. Maintain common operating procedures. © 2002 Gartner. Provides monitoring for SAMPLE Wireless network. Provides information for Sensaphones Enterprise-wide. Internal group.

Regulatory Reporting Requirements for the NOC Report Site/equipment failures FAA Site Isolation Status Report BVR Other Other Month End Month End Frequency Recipient Management FAA & SAMPLE Reg Affairs SAMPLE Management SAMPLE Management Type of Penalty Product/Service Disruption Financial Product/Service Disruption Product/Service Disruption Table 54.Sample Company Business Impact Analysis (BIA) Table 52. For internal use of Sample Company only. 16 December 2002—Page 37 . Critical Business Records Identified by the NOC Record Name DMS Images NOC Logs Backup files for various systems Becomes Critical < 1 Day < 1 Day < 1 Day Alternate Source None None None Tape Other Tape Media Type Table 53. All Rights Reserved. and/or Gartner Holdings Ireland. Operational Impacts Identified by the NOC Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Inc. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 2 4 2 0 4 3 3 0 0 2 3 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. © 2002 Gartner. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function.

000 customers and that all of them would seek an alternative source of service if an outage went beyond 28 days in length. Scanner. and SampleTown Video. a retention period is defined. Sensaphones. 16 December 2002—Page 38 . The NOC reported that it was not sure how long it would take to complete the backlog of work for each day of outage. and/or Gartner Holdings Ireland. it experienced power loss. it would be less than one day before a significant impact on SAMPLE occurred. © 2002 Gartner. The NOC reported that if their services were unavailable. Inc. The NOC reported that they have approximately 170. Impacts are also somewhat significant during September and October for the same reason. The NOC reported that they are extremely vulnerable to a prolonged disruption or outage. would cause significant impact during all but the summer months. lost or corrupted data. For internal use of Sample Company only. and records are duplicated and stored offsite. severe weather. and the loss of local LAN servers.Sample Company Business Impact Analysis (BIA) Table 55. The NOC reported that during 2002. because of severe winter weather conditions. The NOC reported that severe operational impacts would occur during the months of November through April. Number of Recovery Personnel by Day for the NOC Day 1 71 Day 2 71 Day 3 71 Day 4 71 Day 5 71 Day 6 71 Day 7 71 Day 14 71 Day 21 71 Day 28 71 Findings The NOC reported that it is extremely difficult to recover from a significant disruption or outage. The NOC reported that while there is no formal records management procedure in place. loss of voice communications. loss of data communications. They also have a rotation cycle to off-site storage that is adequate for recovery. The NOC reported that the loss of Critter. they do have critical records identified. All Rights Reserved.

000 $0 1 2 3 4 5 Day 6 7 14 21 28 Operations Reported Fiscal 2001 Gross Revenues Source: Gartner. All Rights Reserved. Jesse James. 16 December 2002—Page 39 . Steve Howe. The following people were either interviewed or surveyed for Operations: Duane Mays.000. Steve Fouts. Operations at Melvin also included Melvin/Soldotna. Stevie Nicks. Inc. Ron Smith. 2001 Annual Gross Revenue was $331.000 $20. For internal use of Sample Company only. Melvin. Emerson Boozer. Tucson. Smallville. Figure 4.Sample Company Business Impact Analysis (BIA) Operations The scope of our review of SAMPLE Operations included Pokipsie.7M. Wartville and Pinhead.000 $10. Harry Houdini. Ike Clanton. Pete Rose. Veronica Hammil. Sam Montini. and Joe Jackson. 2002 Findings Operations reported estimated financial losses of $1M per day. Frank James. Mike Snell. Irvine and Pomona.000. Jim Green.000. Rich Floweree. and Phoenix. Financial Impact for Operations $30. and/or Gartner Holdings Ireland. © 2002 Gartner. Doc Holiday.

Most done internally. Respond to Dial “0” calls. Provisioning ISP services. Inc. may include construction. billing for fleet (using ARI). Monitoring. maintain dial tone for outside plant. Responding to trouble calls. Business Processes Identified by Operations Business Process Assignment Centrex orders Circuit order processing Construction Directory Assistance Dispatch Engineering (ISP) Fleet management (vehicles) Installation Inventory control IP operations Maintain circuit layout records (CLRs) Maintain customer database Maintenance (both hardware and software) Maintenance (ISP) Network management (NOC) Operator services Process adds. Provide directory assistance. new equipment installation. trenching. to find bugs. Customer phones in with problem. Process orders for wireless services. Work order activity performed using Jordash. traps and swears in code.Sample Company Business Impact Analysis (BIA) Business Processes Table 56. Process orders for Centrex services. dispatcher determines central office out of which the service will be run. Residence address terminal numbers and associated information. All Rights Reserved. Perform construction necessary to perform new installs or repairs. Maintain stock of parts for installations and maintenance. and/or Gartner Holdings Ireland. response to alarms. CSR performs initial diagnosis. splicing. Supporting and maintaining ISP services. node management. For internal use of Sample Company only. Physically making connection for customer. etc. Diagrams maintained using VISIO. Record time spent on work orders. moves and changes Provisioning (ISP) Repair TCS Testing Trouble ticketing Warehousing Wireless service orders Work order processing Description Customer requests service. Design work for providing ISP services. Jordash used to keep track of inventory. 411 information. Dispatch installers and repairmen. Data network operations. Performed using MARKS. Enter trouble ticket information using Remedy. 16 December 2002—Page 40 . Enter using Jordash system. Purchase and maintain company cars (manual process). trouble tickets. © 2002 Gartner.

The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. and/or Gartner Holdings Ireland. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 3 4 4 3 4 4 4 3 4 4 4 4 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. For internal use of Sample Company only. Regulatory Reporting Requirements for Operations Report Outage over 500 customers for 15 minutes LEC side Dispatch within 72 hours. Operational Impacts Identified by Operations Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Critical Business Records Identified by Operations Record Name Customer Information ACMPs (Cable Records) Alternate Source Paper Paper When Required Day 1 Day 1 Relative Importance High Medium Table 58. if connected by road system Competition—Rural Rule Frequency On Demand Recipient RCA Regulatory Commission Customers Type of Penalty Financial On Demand Financial On Demand RCA Financial Table 59. Inc.Sample Company Business Impact Analysis (BIA) Table 57. 16 December 2002—Page 41 . © 2002 Gartner. All Rights Reserved.

Number of Recovery Personnel by Day for Operations at Tucson Day 1 59 Day 2 59 Day 3 59 Day 4 59 Day 5 59 Day 6 59 Day 7 59 Day 14 59 Day 21 59 Day 28 59 Table 63. All Rights Reserved. Number of Recovery Personnel by Day for Operations at Pokipsie Day 1 90 Day 2 90 Day 3 90 Day 4 90 Day 5 90 Day 6 90 Day 7 90 Day 14 90 Day 21 90 Day 28 90 Table 62. For internal use of Sample Company only. Operations reported that it is relatively easy to recover from a significant disruption or outage. 16 December 2002—Page 42 . 2001 Annual Gross Revenue was $331. Inc. due to the tourist season. Number of Recovery Personnel by Day for Operations at Melvin Day 1 52 Day 2 52 Day 3 52 Day 4 52 Day 5 52 Day 6 52 Day 7 52 Day 14 52 Day 21 52 Day 28 52 Findings Operations estimated financial losses of $1M per day. © 2002 Gartner. Number of Recovery Personnel by Day for Operations at Phoenix Day 1 39 Day 2 39 Day 3 39 Day 4 39 Day 5 39 Day 6 39 Day 7 39 Day 14 39 Day 21 39 Day 28 39 Table 64. Operations reported that it would take more than 16 hours to complete the backlog of work for each day of outage. Total Number of Recovery Personnel by Day for SAMPLE Operations Day 1 311 Day 2 311 Day 3 311 Day 4 311 Day 5 311 Day 6 311 Day 7 311 Day 14 311 Day 21 311 Day 28 311 Table 61. Impacts would also be significant during June through August. Operations reported that severe operational impacts would occur during the winter months due to extreme weather.7M.Sample Company Business Impact Analysis (BIA) Table 60. and/or Gartner Holdings Ireland. Payroll processing is critical and employees must be paid on each Tuesday following the two-week payroll cycle. Operations reported that it would be less than one day before a significant impact on SAMPLE occurred as a result of Operations being unavailable. Operations reported that they are not vulnerable to a prolonged disruption or outage.

which can be used in the event that computer systems are unavailable. every member of the Operations staff at Tucson will hit retirement age. Inc. Tariffs call for same level of service for everyone. Smallville Operations reported that they have a high risk of experiencing a prolonged disruption or outage. Tucson maintains 54. For internal use of Sample Company only. It could take $3-5M to rebuild a main CO. the largest one could affect up to 1. Tucson Operations reported that they experienced a major fiber cut on Van Horn Road that resulted in a significant outage. Tucson reported that they conduct safety meetings once a month to review potential disaster recovery scenarios.Sample Company Business Impact Analysis (BIA) Operations stated that a loss of communications would have a significant impact on business operations. but SAMPLE wisely provides priority service to the FAA and Police (911) applications. Operations estimated that if a switch in one of the COs was destroyed. Wartville Operations reported they experienced a two-week power outage due to dead trees blowing over. They also reported that lightning strikes affect remote connections at times. and/or Gartner Holdings Ireland. creating a risk of critical knowledge loss.800 and five hours (plus two hours lag time) to respond to a trouble call in the bush. Within four years. The main Tucson switch supports 44. Tucson reported that it costs $1. as well as emergency services. A power engineer at Tucson maintains the batter records for the entire state. Clients who experienced an outage caused by a 2. Operations groups maintain hardcopies of records. Operations has an aging work force and is expecting several employees to retire within the next five years. Tucson reported that the top two most likely disasters that would result in a prolonged disruption or outage are fire and earthquakes. All Rights Reserved. Tucson tests backup generators once a week (every Thursday in the main exchanges).400 pair cable cut were restored to service within six to seven hours. but service was maintained via UPS in all cases. © 2002 Gartner. A cable in Atka was cut by a jack hammer by surveyors installing a monument marker.000 access lines. Tucson reported that they could lose up to 640 customers if one of the “huts” went away. 16 December 2002—Page 43 . Tucson also reported 10 power outages in the past year. Tucson reported that they have a two-hour response time on the switch that supports the hospital.000 customers. The bulk of affected customers were restored to service within three days. including cable and circuit maps.200 customers. it could take 30-60 days to recover. UPS batteries are tested every three months.

Melvin and North Melvin maintain natural gas fueled generators. Melvin has experienced ferrous ash-induced shorts of electrical circuits resulting from volcanic activity. Phoenix sees increased activity/telephone usage during the summer months. Coast Guard radio links would be used if both LD links were down. Pomona Island would not be able to operate if they lost communications. © 2002 Gartner. All Rights Reserved. There are 14. Melvin has also experienced flooding due to glacial melting. on average. due to the cruise ship business (tourism). Phoenix Operations is highly focused on customer service. and/or Gartner Holdings Ireland. Melvin sits on a fault line and experiences minor earthquakes every day. In an emergency. but service was restored in four hours. Melvin Operations experienced a windstorm that knocked primary power out for three or four weeks.000 subscribers and 10. Phoenix has a portable generator that can be transported where needed. Switches are fully redundant and in secure facilities. A voltage spike tripped the 100-amp breakers. The COs are located above the high tide marks for the 100-foot level. however.Sample Company Business Impact Analysis (BIA) Wartville Operations believes that a volcano on Augustine Island may blow. 16 December 2002—Page 44 . their largest risk would come from earthquakes and tidal waves. All staff are being trained to be Cisco Certified Network Planners (CCNPs). Pomona experiences few power outages. There are 7700 subscribers in the Wartville and Pinhead regions.000 access lines. Phoenix had a CO go down for two hours due to aging/deterioration of the UPS batteries. Pomona has the largest Coast Guard base in the United States. in preparation for the conversion to IP telephony. Melvin experiences three primary power outages per winter. Phoenix experienced an outage caused by rockslide. and it took two hours to restore service. Their weak link is a satellite link. Melvin/Sherman maintains a Diesel generator with 250 gallons of fuel. Inc. For internal use of Sample Company only. causing significant service disruption. Phoenix has battery plants on preventative maintenance now.

16 December 2002—Page 45 . © 2002 Gartner. and/or Gartner Holdings Ireland. Johnny Bench. Provisioning of Centrex service and local or interstate circuits. AHD. Business Processes Table 65. Switchaccess Table 67. Business Processes Identified by Provisioning Business Process Order entry Address research LMP provisioning Residential provisioning Centrex circuits Field or CO activity PBX Description Created in Cornbell. Assess NPAC. Residential provisioning. MARKS. or PBX service requests.Sample Company Business Impact Analysis (BIA) Plant Assignment and Dispatch (Provisioning) The following people were interviewed for Provisioning: Sparky Anderson. Key. Establish legal address for customer working with the municipality or city boroughs. Pete Rose. All Rights Reserved. Business. Inc. Interfaces with Clicksoft calendar. Table 66. Critical Business Records Identified by Provisioning Business Unit Provisioning Record Name Jordash. MARKS (interstate circuits). Clicksoft. Regulatory Reporting Requirements for Provisioning Business Unit Provisioning Report None Frequency Recipients For internal use of Sample Company only. Cornbell.

Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 0 0 0 0 0 4 0 0 0 4 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Table 69.Sample Company Business Impact Analysis (BIA) Table 68. Provisioning stated that one day would be the maximum outage before a significant impact on SAMPLE occurred. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Provisioning reported that it would be extremely difficult to recover from a significant disruption or outage. 16 December 2002—Page 46 . © 2002 Gartner. Number of Recovery Personnel by Day for Provisioning Day 1 0 Day 2 0 Day 3 0 Day 4 0 Day 5 0 Day 6 0 Day 7 0 Day 14 0 Day 21 0 Day 28 0 Findings Provisioning reported it will take more than 16 hours to process backlog for each day of downtime. For internal use of Sample Company only. Operational Impacts Identified by Provisioning Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. and/or Gartner Holdings Ireland. All Rights Reserved. Provisioning reported that severe operational impacts would occur to customer service and there would be increased liability if they were unable to update E911 information to PSAP. Inc. Provisioning reported that it is vulnerable to a prolonged disruption or outage.

000 cost to upgrade. and/or Gartner Holdings Ireland. Inc. Provisioning reported that there is a need to consolidate the multiple. 16 December 2002—Page 47 . All Rights Reserved. Provisioning reported that a loss of communications would have a significant impact on business operations. but cannot afford the estimated $80.Sample Company Business Impact Analysis (BIA) Provisioning reported that it has need for large screen (21-inch) monitors. © 2002 Gartner. disparate systems that are in use today. For internal use of Sample Company only.

Critical Business Records Identified by Purchasing Business Unit Purchasing Purchasing Department Purchasing Department Purchasing Department Purchasing Department Purchasing Department Record Name Vendor contact names and numbers Purchase Order Purchase Requisition Contract Vendor/ Contractor Master List Request for Quotation When Required Day 1 Day 2 Day 2 Day 2 Over Day 28 Day 2 Media Type Other Paper Paper Paper Tape Paper Alternate Source Search the Internet for vendors Seven years of archived paper records Seven years of archived paper records Archived records None Seven years of archived paper records For internal use of Sample Company only. goods or services requested or purchased. Update the Contract Manager system. Purchasing and technical personnel will be responsible for providing the data about vendors and contractors. i. purchase order. © 2002 Gartner. Purchasing’s administrative assistant will maintain the master log data. file contracts. vendor/contractor names. Inc. etc. Description Negotiate with vendors and place orders for goods and services. Maintain a master log of purchase requisition. Establish and maintain a list of vendors and contractors.. cost. Business Processes Identified by Purchasing Business Process Negotiate and purchase goods and services Maintain the contract system and records Assigned block(s) of manual purchase requisition. and/or Gartner Holdings Ireland. Business Processes Table 70. Buyer(s) will maintain a log of numbers assigned and the associated data. 16 December 2002—Page 48 . Input manual data to the computerized system when computerized materials system(s) become available. points of contact. Responsibility for maintenance and update of this type data needs to be determined.e. Table 71. and/or contract numbers and associated data assigned by individual buyers. and/or contract numbers to each buyer. purchase order. goods and services each can provide. All Rights Reserved. date(s). Maintain and update vendor and contractor listing on an ongoing basis. Buyers and administrative personnel will be responsible for input of manual data to a computerized system.Sample Company Business Impact Analysis (BIA) Purchasing The following people were surveyed for Purchasing: Carlton Fisk and Mike Socia.

Sample Company Business Impact Analysis (BIA) Table 72. © 2002 Gartner. Table 74. Operational Impacts Identified by Purchasing Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Purchasing stated that one week is the maximum length of outage before a significant impact on SAMPLE business units occurred. Inc. All Rights Reserved. Number of Recovery Personnel by Day for Purchasing Day 1 12 Day 2 12 Day 3 12 Day 4 12 Day 5 12 Day 6 12 Day 7 12 Day 14 12 Day 21 12 Day 28 12 Findings Purchasing reported it will take one day to process backlog for each day of downtime. 16 December 2002—Page 49 . The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Regulatory Reporting Requirements for Purchasing Business Unit Purchasing Report None Frequency Recipients Table 73. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 4 2 4 2 2 4 2 4 4 4 3 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Purchasing reported that operational impacts would be no more severe for any single month over any other. and/or Gartner Holdings Ireland. Purchasing reported it is somewhat difficult to recover following a significant disruption. For internal use of Sample Company only.

and/or Gartner Holdings Ireland. Purchasing could be idled for up to a week before significant impact to SAMPLE would occur. Purchasing reported that standard replacement office equipment would cost $28. which caused a 10-percent impairment to operations and took eight hours to recover. Inc.Sample Company Business Impact Analysis (BIA) Purchasing noted there is currently no recovery strategy in place for the list of vendors and contractors and their respective points of contact. Purchasing reported that data loss or corruption was experienced in April of 2002. © 2002 Gartner. For internal use of Sample Company only. 16 December 2002—Page 50 . All Rights Reserved. Purchasing reported they were somewhat vulnerable to an outage. In a “worst case” scenario.060 for each day following a significant disruption.

Provide interpretation of tariffs. Federal Communications Commission FCC Regulatory Affairs License and antenna structure registrations for microwave. Report tower outage to the FAA/FCC within 30 minutes. All Rights Reserved. Report network outages to both FCC and RCA. Maintain competitive tariffs. Coordinate filings to the RCA and FCC on behalf of SAMPLE. Business Processes Table 75. Critical Business Records Identified by Regulatory Affairs Business Unit Regulatory Affairs Record Name Local exchange tariffs When Required Over day 28 Media Type Other Alternate Source Electronic version on SAMPLE Intranet. © 2002 Gartner. Business Processes Identified by SAMPLE Regulatory Affairs Business Process License administration Monitoring Regulatory response Legal support Tariff administration Regulatory interpretation Records maintenance Records maintenance Records maintenance Coordination of filings Outage reporting Outage reporting Description Maintain and administer FCC license files. Draft tariffs for submission to appropriate agency. and/or Gartner Holdings Ireland. television and PCS licenses Over day 28 Other For internal use of Sample Company only. filed versions with the Regulatory Commission of SampleTown. 16 December 2002—Page 51 .Sample Company Business Impact Analysis (BIA) Regulatory Affairs The following person was surveyed for Regulatory Affairs: Sandy Kofax. state and federal regulations to company. Maintain copies of special contracts filed with the RCA. Provide response to FCC and RCA customer complaints. Monitor state and federal regulatory activity. Inc. cellular. Table 76. Maintain regulatory and tariff files. Support Legal Department as needed.

Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 0 0 0 0 0 0 0 0 2 2 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. 16 December 2002—Page 52 . Inc. Regulatory Reporting Requirements for Regulatory Affairs Report FAA tower outage reporting Outage reports— network notification Outage reports Other Frequency FAA Recipient Type of Penalty Financial—could also include license revocation Product/service disruption Product/service disruption On Demand On Demand FCC RCA Table 78. Operational Impacts Identified by Regulatory Affairs Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. © 2002 Gartner. Table 79. and/or Gartner Holdings Ireland. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Table 77. Number of Recovery Personnel by Day for Regulatory Affairs Day 1 1 Day 2 1 Day 3 1 Day 4 1 Day 5 1 Day 6 1 Day 7 1 Day 14 2 Day 21 3 Day 28 5 For internal use of Sample Company only.

Inc.Sample Company Business Impact Analysis (BIA) Findings Regulatory Affairs reported that they have files dating back to the beginning of the SAMPLE company(ies). For internal use of Sample Company only. Regulatory Affairs reported no standalone workstation requirement. and/or Gartner Holdings Ireland. Regulatory Affairs reported that there are no monthly operational impacts. 16 December 2002—Page 53 . © 2002 Gartner. A catastrophic event could destroy both copies. Many of these historical documents are available only in hard copy form and at the Regulatory Commission of SampleTown or Federal Communications Commission archives. All Rights Reserved.

000 $15.000. Cumulative Reported Financial Impacts The following figure shows the cumulative financial impact reported by all the SAMPLE business units. The intent of the following section is to provide a cumulative report of impact across all of the SAMPLE business units. 2002 6 7 14 21 28 Findings The reported cumulative financial impact ranges from $1M on the first day ($5.Sample Company Business Impact Analysis (BIA) Executive Summary/Business Impact Analysis for SAMPLE The BIA is designed to provide management with a report of the potential overall effects for each major SAMPLE business unit. For internal use of Sample Company only.000.312 on Day 28.000. Figure 5. Inc. 16 December 2002—Page 54 . This cumulative impact information can be applied toward justification and prioritization of infrastructure-related resources that would be required.000 $0 1 2 3 4 5 Day Source: Gartner.000. if their services are not available for 30 days or more. © 2002 Gartner. and/or Gartner Holdings Ireland.249. it is important that management have a very clear vision and commitment of resources to accomplish the job.035.000 $25.616 for the first week) to approximately $28. Since the cost of providing redundancy and fault tolerance in the infrastructure can be quite high. Reported Financial Impacts for SAMPLE $30.000 $5. All Rights Reserved.000 $10.000 $20.000.000.

with a range of $908.000 $20.000. Reported Impacts and 2001 Revenue for SAMPLE $30.767 on the first day to approximately $25.000 $0 1 2 3 4 5 6 7 14 21 28 Day Reported Totals 2001 Revenue Source: Gartner 2002 Based on survey results.000. All Rights Reserved. and/or Gartner Holdings Ireland.479 on Day 28. the company’s major financial exposures would begin to increase dramatically within four to seven days following a major disaster. 16 December 2002—Page 55 .000 $10.000 $5. For internal use of Sample Company only.Sample Company Business Impact Analysis (BIA) Cumulative Financial Impact (2001 Gross Revenue) Figure 6 shows the reported impacts (see previous page) and 2001 gross revenue.000.445.000. Financial impact for the corporation is estimated using a percentage of 2001 reported revenue and applied to this projected escalation.000.000. © 2002 Gartner.000 $25. Figure 6. Inc.000 $15.

Figure 7. all business units were asked to rate 12 operational factors (shown below) on a scale from 0-4.10 0.50 0. the company’s major financial exposures would begin to increase dramatically within four to seven days following a major disaster. however.20 0. All Rights Reserved. Financial impact for the corporation is estimated using a percentage of 2001 reported revenue and applied to this projected escalation. where 0 indicates “no impact” and 4 indicates “severe impact.70 Avg of Answers 0. Inc. Operational Impact Summary Operational impacts are intangible and cannot be directly quantified.00 Day 1 Day 2 Day 3 Day 4 Day 5 Day 6 Day 7 Day 14 Day 21 Day 28 Over Day 28 Time Series and Exposure Type Availability of Funds Contractual Penalties/Fines Penalties for Late Payment to Vendors Cancelled Orders Due to Late Delivery Lost Sales Source: SAMPLE 2002 Based on survey results. and/or Gartner Holdings Ireland. 16 December 2002—Page 56 .30 0. Reported Financial Impacts for SAMPLE Average Severity Over Time 0.60 0.40 0. © 2002 Gartner.” For internal use of Sample Company only.80 0.Sample Company Business Impact Analysis (BIA) Cumulative Reported Financial Impacts The following figure shows how the major financial exposures escalate over time for the business units.

8 2 2. All Rights Reserved. financial reporting.6 2. and all of the business units were concerned about customer service impact during a disaster situation. employee resignations. Average Operational Impacts for SAMPLE Cash Flow Competitive Advantages Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other 1. Recovery Personnel Requirements Table 80 summarizes the overall recovery personnel requirements for SAMPLE. Overall Personnel Requirements for SAMPLE Day 1 Day 2 Day 3 Day 4 Day 5 Day 6 Day 7 Day 14 Day 21 Day 28 Personnel 560 564 572 596 605 606 607 618 640 647 Source: Gartner 2002 For internal use of Sample Company only. as reported by the business units.Sample Company Business Impact Analysis (BIA) Figure 8. A disaster’s effects on employee morale.6 1.2 2. regulatory reporting and shareholder confidence were also important concerns. and/or Gartner Holdings Ireland. Table 80. 16 December 2002—Page 57 .4 1.2 1.4 2. Inc. © 2002 Gartner.8 3 Source: Gartner 2002 Findings Customer service is clearly a priority for SAMPLE as shown above.

Most employees that we interviewed indicated that they have their own tools and could locate spare parts at various locations. is a critical first priority for all SAMPLE business units. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Findings According to survey respondents and interviewees. Availability of emergency services such as Police 911. 16 December 2002—Page 58 . as previously shown by the operational impact summary. The total number of SAMPLE employees is approximately 1. This number will typically grow to 40 percent by the end of the first week to support critical business operations after systems and workspace are operational. © 2002 Gartner.168. we believe that reasonable recovery time frames are generally shorter for all business units and services. All Rights Reserved. because of SAMPLE’ emphasis on customer service. Based on the interviews. Recovery Time Frames Summary In general. just to maintain service. if needed. as long as they are able to get to where the work is needed. Facilities and Marketing are also critical to potentially find alternate office space and communicate with the media during a disaster. needs to be available quickly to provide technology support to the other business units. For internal use of Sample Company only. SAMPLE would need roughly 780 persons during the recovery period in the 30 days following a significant disruption or outage. Physical security is essential during a disaster to assist in securing the site. most emergency operations for communications services providers require a minimum of 25 percent of total personnel to implement a timely recovery from a major disaster on the first day. especially the information systems/technology and infrastructure recovery. FAA installations and hospitals. Inc. we believe that many SAMPLE employees are capable of functioning out of their homes or personal vehicles. SAMPLE IT Operations. so Facilities and Safety/Risk Management must be available on short notice for that reason. for the various SAMPLE service locations. Based on our experience. there are service recovery time frames specified by Tariff. especially customer support for telephone re-routing and alternate/replacement computer systems. Based on information obtained in the interviews.

facilities. testing. Inc. emergency services. Business Unit Human Resources 2 3 4 5 6 7 Customer Care Operations Engineering Plant Assignment and Dispatch NOC Purchasing Work Backlog Processing Figure 9 shows the length of time to complete backlog processing for all of the reported business processes for each affiliate company and shared service. etc. © 2002 Gartner. dispatch functions Engineering Provisioning Monitor/assess network/circuit/service health Procure temporary resources. 16 December 2002—Page 59 . assignment. we recommend the following recovery priorities.) Infrastructure to support customer service telephones Repair. temporary shelter. equipment. Time to Complete Backlog Processing for SAMPLE 0–2 Hours 3% Over 16 Hours 20% 2–4 Hours 3% 4–8 Hours 12% 8–12 Hours 14% Not Sure 20% 12–16 Hours 4% Didn't Answer 24% Total =100% Source: Gartner 2002 For internal use of Sample Company only. or nothing else will matter. their safety must be the first priority. All Rights Reserved. benefits administration. Figure 9.Sample Company Business Impact Analysis (BIA) Recovery Priority Recommendations Based on the interviews. physical safety. and/or Gartner Holdings Ireland. (SAMPLE cannot operate without its employees. Table 81. Recommended Recovery Priorities for SAMPLE Priority 1 Process Employee issues. etc. assuming that workspace and computer systems are available.

assuming that workspace. HRIS Comp. and/or Gartner Holdings Ireland. Ben. can complete backlog processing within three days. All Rights Reserved. HRIS Comp. Table 82. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Figure 10. Ben. A slower recovery capability may require a reduction in the Recovery Time Objective (RTO). 16 December 2002—Page 60 . All business processes. Time Frame and Number of Processes for SAMPLE 30 25 20 15 10 5 0 Hours to Complete Backlog Number of Business Processes in Time Frame 0–2 Hours 4 2–4 Hours 3 4–6 Hours 14 8–12 Hours 6 12–16 Hours 5 Over 16 Hours 23 Not Sure 23 Others 27 Source: Gartner 2002 Findings Backlog processing is used to define how long it will take to update computer systems and documentation to current status. Inc. Ben. Critical Business Records for SAMPLE Business Unit Comp. HRIS Comp. Critical Business Records The following is a list of the critical business records reported by the business units and shared services. Ben. It is important to understand how transaction backlogs will be handled by the business units. with exception of “Others” shown above. HRIS Personnel Files HRIS data Compensation surveys Analysis tools Vendor contacts Critical Records For internal use of Sample Company only. computer systems and infrastructure are available. HRIS Comp. Ben.

Sample Company Business Impact Analysis (BIA) Business Unit Comp. HRIS Corporate Communications Customer Care Customer Care Customer Care Customer Care Facility Services Facility Services Facility Services Facility Services Facility Services Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance/ AP & Payroll Finance/ AP & Payroll Finance/ AP & Payroll Human Resources Human Resources Human Resources Marketing Materials/Operations Materials/Operations Network Operations Center (NOC)—110/ 642 Network Operations Center (NOC)—110/ 642 None Critical Records Benefits and leave files Cornbell Service order system. JORDASH system. 16 December 2002—Page 61 . and/or Gartner Holdings Ireland. All Rights Reserved. DA Listings/ records system. Ben. Inc. None PCSC Security System Software Database Hard copies of Security User Form records Facility drawings. © 2002 Gartner. CBP billing system. both Mylar and Bluelines Facility Construction and Maintenance Project records SAP data Deville/ CBP Payroll files Month-end JEs Infranet Apprise sales PSA NIBS Rodolphi Great Lakes PRS STS PCC Historical financial information AIS system information Time records Vendor Invoices Employee Records Job Description Requisition Training Vendor Contacts None Distribution—None Warehouse transactions DMS Images NOC logs For internal use of Sample Company only.

can be recovered from the switch. Ben. Ben. Regulatory Reporting The following is a list of the regulatory reports by the business units and shared services. Some critical business records. HRIS Comp. Ben. Ben. 16 December 2002—Page 62 . © 2002 Gartner. Each affected business unit should document all critical business records in its BCP. Inc. HRIS Corporate Comm Customer Care Facility Services Finance Report 5500 Filing EEO reporting Plan and amendment filing PBGC filing None reported None reported None reported SEC quarterly and annual SEC Quarter end IRS DOL DOL PBGC Recipient When Required Year end On demand On demand Year end For internal use of Sample Company only. HRIS Comp. Table 83. and/or Gartner Holdings Ireland. All Rights Reserved. HRIS Comp. Each business unit should determine whether their critical records should be copied (or imaged) and available at off-site storage or obtained from the public record facility. such as customer address information. Regulatory Reports for SAMPLE Business Unit Comp.Sample Company Business Impact Analysis (BIA) Business Unit Network Operations Center (NOC)—110/ 642 Operations Plant Assignment and Dispatch Purchasing Purchasing Purchasing Purchasing Purchasing Purchasing Regulatory Affairs Safety/ Risk Mgt Sales None None Critical Records Backup files for various systems Vendor contact names and numbers Purchase order Request for quotation Purchase requisition Contract Vendor/Contractor master list Local exchange tariffs None Customer database Findings Critical business record requirements should be reviewed to ensure that all business units could successfully implement a Business Continuity Plan (BCP). Note that this procedure should be documented in each business unit’s BCP.

Inc. 16 December 2002—Page 63 . FCC—RCA US DOL US DOL Management FAA & SAMPLE Reg Affairs SAMPLE Management SAMPLE Management RCA Regulatory Commission Customers Other Other Month end Month end On demand Operations On demand Plant Assignment and Dispatch Purchasing Regulatory Affairs Regulatory Affairs Regulatory Affairs Safety/ Risk Mgt Sales Other On demand On demand Year end Findings In the event of a disaster. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Business Unit reporting Finance Finance Finance Human Resources Human Resources Marketing Materials Management NOC NOC NOC NOC Operations Report Form M annual reports USF/ RCC reports CAM EEO1 Affirmative Actions Report None reported. the FCC and the RCA must be advised of the problem. © 2002 Gartner. and the notification procedure should be part of SAMPLE’s BCP. and/or Gartner Holdings Ireland. Although it may not be strictly required by a regulatory agency. it is a best practice for each affected business unit to include a notification procedure as part of its BCP. if connected by road system None reported None reported FAA tower outage reporting Outage reports—network notification Outage reports—network notification OSHA 300 None reported FAA FCC RCA OSHA RCA Recipient When Required Year end Month end Year end Year end Year end FCC/ AK Dept Rev. For internal use of Sample Company only. None reported Site/ equipment failures FAA Site Isolation Status Report BVR Outage over 500 customers for 15 minutes LEC side Dispatch within 72 hours.

Customer Care reported that it is somewhat difficult to recover after a significant disruption or outage. For internal use of Sample Company only. © 2002 Gartner. and/or Gartner Holdings Ireland. Recovery Complexity for SAMPLE Business Units With Extreme Complexity Difficult to Recover 19% Somewhat Recoverable 48% Easily Recoverable 14% Extremely Difficult to Recover 19% Source: Gartner. Inc. 2002 Total =100% Table 84. 16 December 2002—Page 64 . Recovery Complexity for SAMPLE Easily Recoverable Sales Facilities Somewhat Difficult to Recover Customer Care Marketing Materials Management Operations Purchasing Safety and Risk Difficult to Recover AP and Payroll Finance Human Resources Regulatory Affairs Extremely Difficult to Recover Corporate Communications Engineering NOC Provisioning Findings Communications reported that it would be extremely difficult to recover from a prolonged outage or disruption. All Rights Reserved. Figure 11.Sample Company Business Impact Analysis (BIA) Recovery Complexity for Business Units The following graph shows the recovery complexity reported by the business units and shared services.

it could take 30 to 60 days to recover. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Engineering reported that it would be extremely difficult to recover from a significant disruption or outage if AutoCAD data was lost. Provisioning reported that it is extremely difficult to recover from a significant disruption or outage. 16 December 2002—Page 65 . Safety and Risk reported that it is somewhat difficult to recover following a significant disruption or outage. Finance reported that it is difficult to recover. AP and Payroll reported that it is difficult to recover. All Rights Reserved. Operations reported that it is relatively easy to recover from a significant disruption or outage. Marketing reported that it is somewhat difficult to recover from a prolonged disruption or outage for information that is not backed up for individual PCs and mainframe applications. Human Resources reported that it is difficult to recover from a significant disruption or outage. Materials Management reported that it would be somewhat difficult to recover from a significant disruption or outage. Inc. For internal use of Sample Company only. Sales reported that it is easy to recover. © 2002 Gartner. It could take $3-5M to rebuild a main CO. Facility Services reported that it is somewhat easy to recover. Purchasing reported that it is somewhat difficult to recover following a significant disruption. Sales reported that it is easy to recover. The NOC reported that it is extremely difficult to recover from a significant disruption or outage. Operations estimated that if a switch in one of the CO’s was destroyed. Customer Care reported that it is somewhat difficult to recover after a significant disruption or outage.

or a procedure for an emergency purchase should be included in the BCP. Monthly Impact Profile for SAMPLE Number of Processes with High Severity 16 Count of Processes 14 12 10 8 6 4 2 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Time Series Source: Gartner. and/or Gartner Holdings Ireland. January. March and April processes are higher than average because SAMPLE reported that an outage during these months would have higher impact due to extreme weather. Special Requirements The table below lists the special or one-of-a-kind recovery supply requirements reported by the business units and shared services. Special Resource Requirements for SAMPLE Business Unit AP Resource Description MICR Printers Comment Est. © 2002 Gartner. 16 December 2002—Page 66 . $5000 ea. Table 85. Based on Gartner’s experience. February.Sample Company Business Impact Analysis (BIA) The following figure shows the monthly impact profile reported by the business units. December. If appropriate. 2002 Findings November. supplies should either be documented as available off-site (such as check stock for Payroll). Findings Each business unit should review all special requirements. For internal use of Sample Company only. All Rights Reserved. the company’s BCPs must support the monthly impact profile. Inc. Figure 12.

Degree of Reliance Upon Communications Services 80% 70% 60% 50% 40% 30% 20% 10% 0% High Reliance Low Reliance Didn't Answer Source: Gartner. It is a best practice to have a communications team defined as one of the “support” teams (like HR.” Several business units reported a “Severe impact” on the loss of communications. etc. Inc. and/or Gartner Holdings Ireland. Figure 13. 2002 Findings More than 70 percent of SAMPLE business units reported a high reliance upon communications systems. Safety. they were not included in the sale of ATU to SAMPLE. which is especially important for business units that provide customer service.) to ensure that communications arrangements have been implemented as part of the BCP. There was a consistent high-level emphasis by all business units on customer service. © 2002 Gartner. which is directly supported by communications. It was also reported that the SAMPLE NOC does not have a backup for voice communications. For internal use of Sample Company only. The use of radios as a possible backup means of communicating in an emergency should be evaluated. with a rating of 0-4 where 0 indicated “No impact” and 4 indicated “Severe impact.Sample Company Business Impact Analysis (BIA) Reliance on Communications One of the factors reviewed during the interview process (see Appendix A. It was reported that while radios were once installed in telephone company trucks belonging to the Municipality of Pokipsie. especially the telephones in Customer Care. All Rights Reserved. question 12) was the reliance on communications by each business unit. 16 December 2002—Page 67 .

Sample Company Business Impact Analysis (BIA)

Unique Standalone Workstations
Table 86 lists the unique standalone workstation requirements reported by the SAMPLE business units.
Table 86. Standalone Workstation Requirements for SAMPLE Business Unit Facility Services Description of Critical Information Structural, mechanical, electrical Processes Facility maintenance

Findings Each business unit should review all unique standalone workstation requirements. If appropriate, a procedure for an emergency purchase should be included in the BCP.

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page 68

Sample Company Business Impact Analysis (BIA)

Conclusion
Gartner found that all SAMPLE business units are heavily dependent on the existing infrastructure, including communications resources. The telephone systems, the network, and critical applications that depend on the network should be considered by all SAMPLE business units during future disaster recovery and business continuity planning efforts. Given that the various SAMPLE operations groups are relatively diverse, geographically dispersed and somewhat independent in the way they operate, it will be necessary for SAMPLE management to provide clear vision, leadership, and a commitment of resources to ensure recovery and continuity of operations for each business unit. Successful future recovery efforts will depend on planning and coordination activities that must take place well in advance of actual disaster situations.

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page 69

Sample Company Business Impact Analysis (BIA)

Appendix

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page 70

Business processes—What are the business processes for your business unit? Recovery time frames for business unit or process? 2. 6. regulatory. business units. frequency. 9. regulatory compliance? 7. Special requirements—Identify any special or one-of-a-kind supply requirements with name of resource (forms. © 2002 Gartner. etc. increases in liability. days to acquire. how long will it take (in hours) to handle the backlog for each day of downtime? Concurrent or sequential backlog processing? 3. business partners. employee resignations. Operational impact factors—For the following operational impacts. how long (hours or days) could your business unit be completely idled before it would have a significant impact on SAMPLE as a whole. Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec What type of impact for each of the above: financial. alternate source (when required). somewhat recoverable. 16 December 2002—Page 71 . Critical record management—Identify critical business records by record name. 11. Regulatory reporting—Does business unit have any regulatory reporting requirements? List report name. shareholder confidence. media type. define the severity of impact where 0 = no impact. employee morale. Number of people required by day—Identify the number of people required by day for entire business unit recovery. vendor relations. if any). difficult to recover. financial reporting. industry image. type of penalty (amount. recipient. variance. Day 1 2 3 4 5 6 7 14 21 28 For internal use of Sample Company only. 4 = severe impact.Sample Company Business Impact Analysis (BIA) Appendix A—BIA Questions 1. Inc. Monthly impact profile—For each month. define the severity of outage where 0 = no impact. other. 5. competitive advantage. quantity. Cash flow. 4. supplier. 4 = severe impact.). Cumulative estimated financial impacts by day—Estimate the financial impact on your business unit under the worst-cast scenario by days/weeks as follows: Day 1 2 3 4 5 6 7 14 21 28 10. customer service. operational and other? 8. Work backlog—For each process above. extremely difficult to recover. All Rights Reserved. Restoration complexity—Define restoration complexity as easily recoverable. and/or Gartner Holdings Ireland. Outage tolerance—Under the worst-case scenario.

e-mail. and/or Gartner Holdings Ireland. quantity. Inc. Define name/type of workstation.. description of critical process. Unique standalone workstations—Identify unique standalone workstations or similar requirements (e. All Rights Reserved.).. where 0 = no impact.g. For internal use of Sample Company only. 4 = severe impact. 14. wire transfer. 13. Other issues and concerns—Identify any other issues or concerns about recovering your business unit that have not been discussed. © 2002 Gartner. 16 December 2002—Page 72 . such as telephones. etc. etc.Sample Company Business Impact Analysis (BIA) 12. Reliance on communications—Identify reliance on loss of communications.

Sign up to vote on this title
UsefulNot useful