A Report for

Sample Company
Business Impact Analysis (BIA)
16 December 2002 Engagement: XXXXXXXXX

Sample Company Business Impact Analysis (BIA)

Table of Contents
Introduction/Executive Overview.............................................................1
Objectives .................................................................................................................... 1 Scope........................................................................................................................... 1 Approach ..................................................................................................................... 2 Document Organization ............................................................................................... 2

Corporate Communications .....................................................................3 Engineering ...............................................................................................5 Facility Services ........................................................................................8 Finance ....................................................................................................11 Human Resources...................................................................................17
Safety and Risk.......................................................................................................... 21

Marketing.................................................................................................24
Customer Care .......................................................................................................... 27 Sales..........................................................................................................................29

Materials Management............................................................................33 Network Operations Center (NOC).........................................................36 Operations ...............................................................................................39 Plant Assignment and Dispatch (Provisioning)....................................45 Purchasing ..............................................................................................48 Regulatory Affairs ...................................................................................51 Executive Summary/Business Impact Analysis for SAMPLE ..............54
Cumulative Reported Financial Impacts .................................................................... 54 Cumulative Financial Impact (2001 Gross Revenue)................................................. 55 Cumulative Reported Financial Impacts .................................................................... 56 Operational Impact Summary .................................................................................... 56 Recovery Personnel Requirements ........................................................................... 57 Recovery Time Frames Summary ............................................................................. 58 Recovery Priority Recommendations......................................................................... 59 Work Backlog Processing .......................................................................................... 59 Critical Business Records .......................................................................................... 60 Regulatory Reporting ................................................................................................. 62

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page i

Sample Company Business Impact Analysis (BIA)

Recovery Complexity for Business Units ................................................................... 64 Special Requirements................................................................................................ 66 Reliance on Communications .................................................................................... 67 Unique Standalone Workstations............................................................................... 68

Conclusion ..............................................................................................69 Appendix .................................................................................................70
Appendix A—BIA Questions ...................................................................................... 71

List of Figures Figure 1.Financial Impact for Finance ........................................................................... 11 Figure 2.Financial Impact for Customer Care................................................................ 27 Figure 3.Financial Impact for Corporate Sales .............................................................. 30 Figure 4.Financial Impact for Operations ...................................................................... 39 Figure 5.Reported Financial Impacts for SAMPLE ........................................................ 54 Figure 6.Reported Impacts and 2001 Revenue for SAMPLE ........................................ 55 Figure 7.Reported Financial Impacts for SAMPLE ........................................................ 56 Figure 8.Average Operational Impacts for SAMPLE ..................................................... 57 Figure 9.Time to Complete Backlog Processing for SAMPLE ....................................... 59 Figure 10. Time Frame and Number of Processes for SAMPLE................................... 60 Figure 11. Recovery Complexity for SAMPLE............................................................... 64 Figure 12. Monthly Impact Profile for SAMPLE ............................................................. 66 Figure 13. Degree of Reliance Upon Communications Services................................... 67 List of Tables Table 1. Business Processes Identified by Communications .......................................... 3 Table 2. Critical Business Records Identified by Communications.................................. 3 Table 3. Regulatory Reporting Requirements for Communications ................................ 3 Table 4. Operational Impacts Identified by Communications .......................................... 4 Table 5. Number of Recovery Personnel by Day for Communications ........................... 4 Table 6. Business Processes Identified by Engineering.................................................. 5 Table 7. Critical Business Records Identified by Engineering ......................................... 5 Table 8. Regulatory Reporting Requirements for Engineering........................................ 5 Table 9. Operational Impacts Identified by Engineering.................................................. 6 Table 10. Number of Recovery Personnel by Day for Engineering................................ 6 Table 11. Business Processes Identified by SAMPLE Facility Services ........................ 8 Table 12. Critical Business Records Identified by Facility Services (Central District Only) .............................................................................................................. 8 Table 13. Regulatory Reporting Requirements for Facility Services .............................. 8 Table 14. Operational Impacts Identified by Facility Services ........................................ 9 Table 15. Number of Recovery Personnel by Day for Facility Services ......................... 9

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page ii

................... Table 20........................................... 29 Business Processes Identified by Sales... Table 31.. Table 26.... Table 24. Table 46................... and/or Gartner Holdings Ireland.............................. Table 41..................... 15 Business Processes Identified by SAMPLE Human Resources ..... Table 51...... Table 49.... 28 Number of Recovery Personnel by Day for Customer Care..... Table 43.... 41 Regulatory Reporting Requirements for Operations .. Table 44.............................................................. Table 23....................... Table 53....... 16 December 2002—Page iii ............ 33 Regulatory Reporting Requirements for Materials Management .... Table 40...... Table 57......................... All Rights Reserved........................... 30 Regulatory Reporting Requirements for Sales................................................................ 25 Operational Impacts Identified by Marketing ..... Table 25.......... 38 Business Processes Identified by Operations . Table 54.... Table 32......... Table 34...... 37 Operational Impacts Identified by the NOC. Table 59... 34 Business Processes Identified by the NOC................. Table 52..................................................... 25 Regulatory Reporting Requirements for Marketing ........ 14 Regulatory Reporting Requirements for Finance .... 28 Critical Business Records Identified by Customer Care................................ Table 22............................. Table 27............... Table 58.............. 36 Critical Business Records Identified by the NOC ..... 41 Operational Impacts Identified by Operations . Table 45................. Table 56.................................... Table 42... Table 39........... 19 Operational Impacts Identified by SAMPLE Human Resources............................................. 42 For internal use of Sample Company only............... 15 Number of Recovery Personnel by Day for Finance ...... © 2002 Gartner. Table 38.............. 21 Operational Impacts Identified by Safety and Risk. Table 19............. 14 Operational Impacts Identified by Finance . Table 21....................... 31 Business Processes Identified by Materials Management ...................... 12 Critical Business Records Identified by Finance ....... 20 Number of Recovery Personnel by Day for SAMPLE Human Resources.......................................... Table 33....... 28 Operational Impacts Identified by Customer Care.................... 33 Operational Impacts Identified by Materials Management .... 21 Regulatory Reporting Requirements for Safety and Risk.................. Business Processes Identified by Finance............ 41 Total Number of Recovery Personnel by Day for SAMPLE Operations .... Table 37......................... 30 Operational Impacts Identified by Sales. 24 Critical Business Records Identified by Marketing ............ Table 17....... 40 Critical Business Records Identified by Operations................................. Table 47..................... 25 Number of Recovery Personnel by Day for Marketing ...... Table 48........................................................ Table 28................Sample Company Business Impact Analysis (BIA) Table 16........................................................... 30 Critical Business Records Identified by Sales ......................................... 28 Regulatory Reporting Requirements for Customer Care................. 37 Number of Recovery Personnel by Day for the NOC ..... 20 Business Processes Identified by SAMPLE Safety and Risk .............. Table 60.............. Table 36............. 22 Business Processes Identified by SAMPLE Marketing . Table 55............. 21 Critical Business Records Identified by Safety and Risk .................... Table 35.............................. 37 Regulatory Reporting Requirements for the NOC .......... Inc............. 22 Number of Recovery Personnel by Day for Safety and Risk.. 17 Critical Business Records Identified by SAMPLE Human Resources ............................. 18 Regulatory Reporting Requirements for SAMPLE Human Resources.... Table 50.. 26 Business Processes identified by Customer Care.................... 31 Number of Recovery Personnel by Day for Sales .......................................... Table 30.. 34 Number of Recovery Personnel by Day for Materials Management... 33 Critical Business Records Identified by Materials Management.................................. Table 18............................................................. Table 29...

.............................. 51 Critical Business Records Identified by Regulatory Affairs.. Table 72........... All Rights Reserved.......................... 42 Number of Recovery Personnel by Day for Operations at Tucson....................... Table 65................. Table 78............................................ 62 Recovery Complexity for SAMPLE........................................................... 49 Business Processes Identified by SAMPLE Regulatory Affairs............ Table 83............................ 66 Standalone Workstation Requirements for SAMPLE ...................... Table 64....... Table 85. Table 63... 48 Regulatory Reporting Requirements for Purchasing ...Sample Company Business Impact Analysis (BIA) Table 61.. 42 Number of Recovery Personnel by Day for Operations at Phoenix..... Table 77..... 42 Business Processes Identified by Provisioning ... 64 Special Resource Requirements for SAMPLE .................................................. Table 73.................. 51 Regulatory Reporting Requirements for Regulatory Affairs ......................................................... and/or Gartner Holdings Ireland.................. 16 December 2002—Page iv ....... 52 Number of Recovery Personnel by Day for Regulatory Affairs ................. Table 68.. Table 84............................................... 42 Number of Recovery Personnel by Day for Operations at Melvin .......... Table 67............................ Table 71............. 57 Recommended Recovery Priorities for SAMPLE .................... 60 Regulatory Reports for SAMPLE.............. 45 Critical Business Records Identified by Provisioning........ Table 82........ 45 Operational Impacts Identified by Provisioning ................... Table 62................. 48 Critical Business Records Identified by Purchasing .................... Table 75......... 46 Number of Recovery Personnel by Day for Provisioning ... Table 76.... Number of Recovery Personnel by Day for Operations at Pokipsie ......................... Table 69.... Table 66................................................... 49 Operational Impacts Identified by Purchasing.............. 52 Operational Impacts Identified by Regulatory Affairs ...... © 2002 Gartner....................... 52 Overall Personnel Requirements for SAMPLE......... Table 70.................. 49 Number of Recovery Personnel by Day for Purchasing ......... 59 Critical Business Records for SAMPLE......... Table 81..... Inc. 46 Business Processes Identified by Purchasing........ Table 74............................................... Table 80........ Table 86............. 68 For internal use of Sample Company only. Table 79... 45 Regulatory Reporting Requirements for Provisioning .....

but are being provided in a separate Gartner “best practices” document. are not accessible within 30 days. The objectives of the business impact analysis (BIA) are as follows: Estimate the financial impacts for each major SAMPLE business unit. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Introduction/Executive Overview Objectives The purpose of the business impact analysis (BIA) was to help Sample Systems (SAMPLE) identify which business units. Scope The scope for the SAMPLE BIA includes the following business units and shared services: Corporate Communications Engineering Facility Services Finance (Including AP and Payroll) For internal use of Sample Company only. All Rights Reserved. 16 December 2002—Page 1 . new threats. The BIA will facilitate the identification of how quickly essential business units and/or processes have to return to full operation following a disaster situation. Issues such as recovery concerns. Please note that this report does not address recovery assumptions. operations and processes are essential to the survival of the business. or emerging trends in disaster recovery or business continuity. assuming a worst-case scenario Estimate the intangible (operational) impacts for each major business unit. Business impacts are identified based on a worst-case scenario that assumes that the physical infrastructure supporting each respective business unit has been destroyed and all records. such as the availability of experienced personnel for recovery. etc. The BIA will also facilitate the identification of the resources required to resume business operations to a survival level. and/or Gartner Holdings Ireland. It will delineate the business impact of disaster impact scenarios on the ability to deliver product or to support mission-critical services. are outside the scope of the BIA. Inc. because this type of assumption is typically included in a business continuity plan (BCP). equipment. assuming a worst-case scenario Define the estimated number of personnel required for recovery operations Identify the organization’s business unit processes and the estimated recovery time frame for each major business unit.

The objective of these interviews and surveys was to identify processes. All BIA interviews were conducted by Gary Drake and Jason Sausser. Employee Training. Business Impact Analysis Summary. includes information that is most appropriately considered in the overall SAMPLE perspective to assist in the development of an appropriate recovery strategy. Safety/Risk Management) Marketing (Including Customer Care. Document Organization Specific information provided by each of the business units in alphabetical order is documented in the following sections of this document. 15 SAMPLE business unit representatives were surveyed using an electronic BIA tool. For internal use of Sample Company only. Sales) Materials Management Network Operations Center (NOC) Operations (Including Pokipsie. The interview process utilized a series of standard questions developed for SAMPLE (see Appendix A). estimated financial impacts. All Rights Reserved. The last section. Some statements made by SAMPLE employees have been re-worded for clarity. and/or Gartner Holdings Ireland. operational impacts and estimated personnel required for recovery operations. Melvin. Inc. Tucson. and Phoenix) Plant Assignment and Dispatch Purchasing Regulatory Affairs Approach Gartner conducted interviews with more than 50 key SAMPLE business personnel during August 2002. Note: Many of the findings reported in this report are recorded exactly as they were captured from surveys and interviews. In addition.Sample Company Business Impact Analysis (BIA) Human Resources (Including Benefits. © 2002 Gartner. along with associated estimated recovery time frames. such as the recovery personnel requirements to help size an alternate recovery location. 16 December 2002—Page 2 .

Sample Company Business Impact Analysis (BIA) Corporate Communications The following person was surveyed for Communications: Tom Johnson. regulatory commissions and the State legislature about SAMPLE. customers. Business Processes Table 1. © 2002 Gartner. Projects and assignments come up on an as-needed basis and vary according to scope and requirements Table 2. All Rights Reserved. Inc. Regulatory Reporting Requirements for Communications Business Unit Communications Report None identified Frequency Recipients For internal use of Sample Company only. Communications responds as required. Business Processes Identified by Communications Business Process Communications Description Provide effective communications to employees. 16 December 2002—Page 3 . Critical Business Records Identified by Communications Business Unit Communications Record Name None identified Table 3. and/or Gartner Holdings Ireland.

Communications reported that it would be extremely difficult to recover from a prolonged outage or disruption. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 2 4 0 4 4 4 2 3 0 1 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Day 1 2 Number of Recovery Personnel by Day for Communications Day 2 2 Day 3 2 Day 4 2 Day 5 4 Day 6 4 Day 7 4 Day 14 7 Day 21 7 Day 28 7 Findings Communications stated that it would be less than a day before an outage had a significant impact on SAMPLE business units. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Table 4. Operational Impacts Identified by Communications Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. For internal use of Sample Company only. Communications reported that they are extremely vulnerable to a prolonged outage or disruption. 16 December 2002—Page 4 . Inc. and/or Gartner Holdings Ireland. Table 5. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. All Rights Reserved.

etc. Bill Freehan. and Al Kaline. disconnects. Plans. Drawings. Taking orders for service. Business Processes Identified by Engineering Description Service changes. Critical Business Records Identified by Engineering Becomes Critical < 1 Day < 1 Day Alternate Source Paper Paper Other Other Media Type Business Process New order processing Design MARKS TFAX Jordash Visio AutoCAD TCS Remedy ACMP Table 7. All Rights Reserved. Denny McLain. Inc. layouts and specifications for new installs. Jim Nortthrup.Sample Company Business Impact Analysis (BIA) Engineering The following people were either interviewed or surveyed for Engineering: Mickey Lolich. Timekeeping. drawings. Business Processes Table 6. Mickey Stanley. Maintain cable records for all companies (except Pokipsie). Orders for operations. Record Name ACMPs Cut Sheets Table 8. Norm Cash. © 2002 Gartner. and/or Gartner Holdings Ireland. Regulatory Reporting Requirements for Engineering Report Frequency On Demand Other On Demand FCC FCC SAMPLE Management Recipient Type of Penalty Unknown Unknown Unknown Number of calls blocked during period of time Antenna Registrations Quarterly Event Reports For internal use of Sample Company only. Ordering services. Trouble tickets. Plans. 16 December 2002—Page 5 .

Engineering reported that it would take at least one day to complete the backlog of work for each day of outage. Number of Recovery Personnel by Day for Engineering Day 1 120 Day 2 120 Day 3 120 Day 4 120 Day 5 120 Day 6 120 Day 7 120 Day 14 120 Day 21 120 Day 28 120 Findings Engineering reported that it would be extremely difficult to recover from a significant disruption or outage if AutoCAD data were lost. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Operational Impacts Identified by Engineering Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Table 10. Engineering reported that there is a significant amount of critical data stored on individual computer hard drives. 16 December 2002—Page 6 . All Rights Reserved. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 2 2 0 2 3 4 0 3 1 0 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Engineering reported that if the 31N6 system is down. Engineering reported that they were instrumental in recovering the Central Data Center recently.Sample Company Business Impact Analysis (BIA) Table 9. Engineering reported that they are only somewhat vulnerable to a prolonged disruption or outage. and/or Gartner Holdings Ireland. Work could continue until the queue was empty. For internal use of Sample Company only. there is no paper backup. © 2002 Gartner. because there is no available space on the common (shared server) drives. Inc.

Engineering reported that services revenues are $78M annually. For internal use of Sample Company only. Inc. Engineering reported that SAMPLE experiences many cable cuts during the construction season and that it could take up to three days to restore a 400-pair cable. © 2002 Gartner. 16 December 2002—Page 7 . Engineering reported that it costs $600 per hour for each voice channel out of service and that there are currently 2. it would be less than one day before a significant impact on SAMPLE occurred.Sample Company Business Impact Analysis (BIA) Engineering reported that if their services were unavailable.600 channels throughout the Sample enterprise. All Rights Reserved. and/or Gartner Holdings Ireland.

Business Processes Identified by SAMPLE Facility Services Business Process Facility maintenance Description To maintain the structural. electrical. To provide computerized card reader/proximity access system and evening manned security guard services. Business Processes Table 11. 16 December 2002—Page 8 . All Rights Reserved. and other related building components and finishes in a professional and workmanlike manner. Inc. To add/delete and process utility service payments Enterprisewide. and/or Gartner Holdings Ireland. To control and manage space utilization for office layouts. To develop and manage service and construction contracts.Sample Company Business Impact Analysis (BIA) Facility Services The following person was surveyed for Facility Services: Dick McCauliff. mechanical. Contract administration Utility services and payments Real property lease administration Space planning and management Security (Central District Only) Table 12. Regulatory Reporting Requirements for Facility Services Business Unit Facility Services Report None identified Frequency Recipients For internal use of Sample Company only. To manage all real property acquisitions/sales and leases Enterprise-wide. © 2002 Gartner. Critical Business Records Identified by Facility Services (Central District Only) Business Unit Facility Services Facility Services Facility Services Facility Services Record Name PCSC Security System Software Database Hard Copies of Security User Form Records Facility Drawings—both Mylar and Bluelines Facility Construction and Maintenance Project Records Table 13.

For internal use of Sample Company only. where 0 = no impact and 4 = severe impact. Facility Services reported that they are vulnerable to a prolonged disruption or outage. © 2002 Gartner. Table 15.Sample Company Business Impact Analysis (BIA) Table 14. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 3 1 3 2 4 4 0 0 0 4 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. which maintains a callout list of all facilities team members. Facility Services reported it will take from 12 to more than 16 hours to process backlog for each day of downtime. Facility Services performs periodic fire alarm detection and suppression system testing. All Rights Reserved. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Inc. Number of Recovery Personnel by Day for Facility Services Day 1 7 Day 2 7 Day 3 8 Day 4 10 Day 5 10 Day 6 11 Day 7 12 Day 14 12 Day 21 12 Day 28 12 Findings Facility Services reported that ATU had an emergency plan that has been updated by Willie Horton of Safety and Risk Management. Facility Services reported that it is somewhat easy to recover. Operational Impacts Identified by Facility Services Operational impacts are rated on a scale of 0-4. 16 December 2002—Page 9 . all emergency related issues are routed through the Pokipsie NOC. Facility Services reported that while SAMPLE does not really have a Disaster Recovery plan. and/or Gartner Holdings Ireland.

© 2002 Gartner. Facility Services reported that severe impact would occur during the months of December. A key item cited was the lack of structural bracing that would allow the building to withstand earthquake loads. The Central Data Center was originally constructed in the 1940s and had additions constructed in 1963 and 1969. A seismic survey conducted in July of 2001 cited several items of concern regarding the Data Center located near the corner of 17th and G Streets in Pokipsie. The loss of the Central Data Center would be catastrophic to SAMPLE and its customers. Impacts would be least severe during the months of June through October. and/or Gartner Holdings Ireland. For internal use of Sample Company only. January. Facility Services reported that it has extreme reliance on a standalone workstation.Sample Company Business Impact Analysis (BIA) Facility Services stated that four days is the maximum outage before a significant impact on SAMPLE as a whole occurred. “Major cracking” in the 1969 addition was mentioned in the report. 16 December 2002—Page 10 . Inc. All Rights Reserved. The conclusion of the seismic report was that the Central Data Center is probably well below current earthquake standards. The report also stated that many cable trays and hung equipment did not have diagonal braces. because colder months affect facility operations during power or utility outages. and February.

Financial Impact for Finance $30.Sample Company Business Impact Analysis (BIA) Finance For the purpose of this report. Michael D. Laurie B. For internal use of Sample Company only.000 $0 1 2 3 4 5 Day Finance Reported Finance 2001 AR Source: Gartner.000. 2002 6 7 14 21 28 Findings Finance reported estimated total SAMPLE losses of $1M per day if all services were lost. 16 December 2002—Page 11 . and/or Gartner Holdings Ireland.526 per day. The following people were either interviewed or surveyed for Finance: Kevin A. the Controller’s Office. Inc.000 $20. based on 2001 Financials. © 2002 Gartner. Deborah C. Financial Planning.000. Nancy V.000. Figure 1. Cash Management. Accounts Payable and Payroll were all considered part of the Finance function. Jenny S and Joe T. Total SAMPLE receivable days were estimated at $128. All Rights Reserved.000 $10. Disbursements. Billing and Collections.

etc. Assist Managing Director. For internal use of Sample Company only. cleaned and uploaded into the SAP system. cleaned and uploaded into the SAP system. Provide financial / accounting services. 16 December 2002—Page 12 . Inc. Jane Doe—Supervisor. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Business Processes Table 16. Reports are provided from the NIBS system and manual journal entries are prepared to record revenue.). Reports are provided from the PSA system and manual journal entries are prepared to record revenue. Business Development as required Provide support/assistance to the organization (training. Information from SAP is downloaded into PRS for project reporting purposes. June A—Processing pay records and distributing earnings statements. Load files are received from IT. Reports are provided from the R system and manual journal entries are prepared to record revenue. cleaned and uploaded into the SAP system. and/or Gartner Holdings Ireland. IRS year-end reports—1099s. Business Processes Identified by Finance Business Process Corporate budget Financial analysis Support business development process Support SAMPLE information system (business analysis software application) IRS reporting Finance/accounting Load Deville/CBP files to SAP Load Payroll files to SAP Record month-end journal entries in SAP Load Intranet revenue Load Apprise sales data Enter PSA data to SAP Enter NIBS data to SAP Enter R data to SAP Enter Erie data to SAP Load project information in PRS Enter STS data to SAP Load and reconcile PCC data in SAP TCS (time entry system) Description Management of process. All Rights Reserved. Load files are received from ADP. Download and reconciliation of bank data from the Internet Poindexter system. Minnie C—Processing pay records. Account analysis and verifications are performed on SAP data as the basis of information for monthly journal entries. ADP—third-party payroll processor—calculates and prints paychecks and processes all direct deposits. Load files are received from IT. Load files are received from IT. Reports are provided from the STS system and manual journal entries are prepared to record revenue. maintenance. Assist managers with financial analysis of business cases. cleaned and uploaded into the SAP system. Reports are provided from the Erie system and manual journal entries are prepared to record revenue. analysis of variances between planned and actual results. etc.

Download trial balance from SAP. and/or Gartner Holdings Ireland. Report federal excise tax Report sales tax Report E911 Report property tax Income tax returns For internal use of Sample Company only. All Rights Reserved. Collect general ledger and CBP data and report to the IRS. Inc. Susan S—AP clerk. Paula P—AP clerk. 16 December 2002—Page 13 . Collect data from CBP and report to various cities and boroughs. Collect data from CBP and report to various cities and boroughs. Frank M— AP clerk. prepare depreciation and other analysis to prepare returns.Sample Company Business Impact Analysis (BIA) Business Process Pay vendors Description Bob T—Supervisor. Tim AAP clerk and acting supervisor in Bob’s absence. Collect data from SAP asset files and report to various cities and boroughs. © 2002 Gartner. Prints checks. quality control.

Sample Company Business Impact Analysis (BIA) Table 17. Critical Business Records Identified by Finance Business Unit Finance Finance Finance Finance Finance Finance Finance Finance Finance/AP & Payroll Finance AIS Finance Finance Finance/AP & Payroll Finance Finance Finance Finance/AP & Payroll Finance Report federal excise tax Report sales tax Report E911 Report property tax Income tax returns Finance Record Name SAP data (F/S. and/or Gartner Holdings Ireland. All Rights Reserved. Regulatory Reporting Requirements for Finance Report SEC quarterly and annual reporting Form M annual reports USF/ RCC reports Cost Allocation Manual Bank Debt Compliance Frequency Quarter end Year end Month end Year end Month end SEC RCA FCC/ AK Dept Rev. 16 December 2002—Page 14 . © 2002 Gartner. FCC—RCA Financial Institutions Recipient Type of Penalty Financial Financial Financial Financial Financial For internal use of Sample Company only. Inc. CPR) Deville/ CBP Payroll files Month-end JEs PSA NIBS STS Historical financial information Time records (TMS) System information Intranet Apprise sales Employee records Rodolphi PRS PCC Vendor Invoices Great Lakes Excise Tax Sales Tax E911 Property Tax Income Tax Project Records Becomes Critical < Day 1 Day 7 Day 14 Day 7 Over Day 28 Over Day 28 Over Day 28 Day 14 Day 6 Day 14 Over Day 28 Over Day 28 Day 6 Over Day 28 Over Day 28 Over Day 28 Day 14 Over Day 28 Day 10 Day 30 Day 60 Over day 28 Over day 28 Day 14 Alternate Source Other Excel Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Excel/paper reports Paper None Paper Excel Paper Accrued estimate Paper Accrued estimate Other ADP—third-party processor Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper vendor reprint Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Accrued estimate Paper Excel Table 18.

and/or Gartner Holdings Ireland. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 2 2 4 2 4 2 4 4 3 4 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Finance reported that they are somewhat vulnerable to an outage. Number of Recovery Personnel by Day for Finance Day 1 13 Day 2 13 Day 3 18 Day 4 18 Day 5 22 Day 6 22 Day 7 22 Day 14 22 Day 21 28 Day 28 28 Findings Finance reported that it is difficult to recover. Finance reported that it would take six to 12 hours to complete the backlog of work for each day of outage. Finance stated that SAMPLE must transmit payroll information to ADP (thirdparty processor) by Tuesday to avoid penalties that would be paid to a small For internal use of Sample Company only. Inc. © 2002 Gartner. July and October due to quarter-end and January and February for year-end. All Rights Reserved. Finance reported that one week is the maximum length of outage before a significant impact SAMPLE as a whole occurred. Table 20. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. 16 December 2002—Page 15 . Impacts are also significant during April. Finance reported that severe operational impacts would occur during the month of December because of year-end payroll processing. Operational Impacts Identified by Finance Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact.Sample Company Business Impact Analysis (BIA) Table 19.

most payments are received in the form of checks. Retention policies are followed and records are stored both on. The financial impact of these penalties was reported to be negligible. Finance stated that while some payments (such as from some federal agencies) are made electronically and via credit card. All Rights Reserved. 16 December 2002—Page 16 .Sample Company Business Impact Analysis (BIA) group of temporary employees falling under a NAFTA Agreement. Finance stated that a loss of communications would have a significant impact on business operations.and off-site. Inc. and/or Gartner Holdings Ireland. © 2002 Gartner. For internal use of Sample Company only.

discipline and discharge. contract with vendors or develop and deliver training. Ensure that employees are properly removed from our active employment files when employees terminate. and annual basis. Plan training regimens. record training completion. Design benefits. Manage quality control Select. Select and manage vendors. advise on the liability to the company in the HR arena. Develop and deploy compensation-related communications. © 2002 Gartner. advise on performance management. provided candidates to managers. Process grievances and arbitration. Business Processes Identified by SAMPLE Human Resources Business Process Hiring new employees Separating employees Training employees Benefits administration Description Advertise open positions. bi-weekly.Sample Company Business Impact Analysis (BIA) Human Resources The following people were either surveyed or interviewed for Human Resources: Pierce Brosnan. quarterly. Various internal reports and external reports (state and federal regulatory) are required on a daily. Roger Moore. Sean Connery. install. Select and manage vendors. and maintain manual and automated human resources information systems. Deliver benefits directly or through vendors. Advise in interpretation and administration of corporate compliance program and company policies and procedures. and/or Gartner Holdings Ireland. Maintain electronic and hardcopy of personnel files. Compensating employees HR system administration Personnel records maintenance Benefit data preparation for payroll transmission Internal and external reporting Labor relations Employee relations For internal use of Sample Company only. Business Processes Table 21. 16 December 2002—Page 17 . Coordinate compensation delivery through Payroll or vendors. Manage FMLA. Before each payroll data can be transmitted. Manage quality control directly or through vendors. Negotiate/maintain/administer Collective Bargaining Agreement (CBA) (Master Agreement/LOAs/MOAs). Design compensation plans. Timothy Dalton and James Coburn. ensure qualified candidates are hired and entered into payroll. Conduct EEO investigations and represent company position in external Agency complaints. Inc. monthly. Develop and deploy benefits-related communications. and other leaves. All Rights Reserved. two processes must be executed by HR to ensure all benefits are correct. weekly.

brokers Vendors. 16 December 2002—Page 18 . HRIS Employee Relations Employee Relations Employee Relations Employment Services Employment Services Employment Services Employment Services Human Resources Human Resources Human Resources Human Resources Human Resources HRIS After Day 28 Day 2 Over Day 28 Over Day 28 Day 3 After Day 28 Day 14 Day 1 Day 1 Day 5 Day 14 Day 1 Day 1 Day 2 Day 5 Day 14 Day 1 For internal use of Sample Company only. and/or Gartner Holdings Ireland. Ben. Ben. Critical Business Records Identified by SAMPLE Human Resources Business Unit Comp. Ben Comp. Inc. brokers None Online directory Repurchase Recreate None Vendors IBEW None None Paper files None N/ A N/ A None None Online Directory None Comp. Ben Comp. consultants. Ben Record Name HRIS Data HRIS Personnel Files Plan Documentation Vendor Service Agreements Historical Records Vendor Contacts Compensation Surveys Analysis Tools Employee Relations Files ER Vendor Contracts Historical Records Job/Recruitment File Requisition Log Relocation Log Class Specifications Job Description Requisition Desktop Procedures Policies and Procedures Training Vendor Contacts Personnel Records When Required Day 5 Day 7 Day 7 Media Type Fixed disk Paper Fixed disk and paper Fixed disk and paper Fixed disk and paper Fixed disk Fixed disk Fixed disk Fixed disk and paper Fixed disk and paper Fixed disk and paper Paper Fixed disk Fixed disk Fixed disk and paper Fixed disk Paper Fixed disk and Paper Fixed disk and Paper Fixed Disk Fixed Disk and Paper Alternate Source Personnel files HRIS data Vendors. Ben Comp. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Table 22. HRIS Comp. Ben Day 7 Comp. All Rights Reserved. Ben. HRIS Comp. consultants.

Sample Company Business Impact Analysis (BIA) Business Unit HRIS and Employee Relations Record Name Collective Bargaining Agreement. EEOC. and/or Gartner Holdings Ireland. SOA DOL Recipient Type of Penalty Product/ Service Disruption Product/ Service Disruption Financial Financial Financial Financial Financial Financial Financial Financial Financial Financial For internal use of Sample Company only. Regulatory Reporting Requirements for SAMPLE Human Resources Report EEO1 Affirmative Actions Report 5500 Filing EEO reporting Plan and amendment filing IRS Data Confirmation Surveys Summary Annual Reports Relocation Expense Report FCC-395 Report VETS-100 PBGC filing Agency Complaint Response Frequency Year end Year end Year end On demand On demand On demand September Year end Annual Annual Year end On demand US DOL US DOL IRS DOL DOL IRS Employees IRS FCC DOL PBGC NABSCO. All Rights Reserved. NOAA. © 2002 Gartner. Inc. All Sub-Agreements and Letters of Understanding Salary Step/Job Code listing Pension/Job Code listing Listing of what reports are due when When Required Day 1 Media Type Fixed disk and paper Alternate Source IBEW HRIS HRIS HRIS Day 5 Day 5 Day 5 Paper Paper Fixed disk Recreate Recreate Paper Table 23. 16 December 2002—Page 19 . US DOL.

For internal use of Sample Company only. Human Resources stated that a loss of communications would have a significant impact on business operations. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other (Technical Training) Value 2 2 2 4 3 4 4 3 2 3 4 3 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. HR reported it is difficult to recover from a significant disruption or outage. Number of Recovery Personnel by Day for SAMPLE Human Resources Day 1 15 Day 2 15 Day 3 15 Day 4 15 Day 5 15 Day 6 15 Day 7 15 Day 14 15 Day 21 15 Day 28 15 Findings Human Resources reported it will take four to eight hours to process backlog for each day of downtime. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Table 25. All Rights Reserved. Operational Impacts Identified by SAMPLE Human Resources Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact.Sample Company Business Impact Analysis (BIA) Table 24. and/or Gartner Holdings Ireland. Human Resources stated that one week would be the maximum outage before a significant impact on SAMPLE as a whole occurred. © 2002 Gartner. Human Resources reported it is somewhat vulnerable to a prolonged disruption or outage. Human Resources has no special standalone workstation requirement. 16 December 2002—Page 20 . Inc.

set safety training objectives for insurance carrier and monitor results. Safety and Risk The following person was surveyed for Safety and Risk: Ed Brinkman.Sample Company Business Impact Analysis (BIA) Human Resources reported that a total disruption in services would have a significant impact on ability to provide necessary staffing and training to the remainder of the organization. Inc. chemical inventory and compliance procedures. Critical Business Records Identified by Safety and Risk Business Unit Safety and Risk Record Name Damage Report Claims When Required Day 7 Media Type Paper Alternate Source Field Departments Table 28. Establish safety training standards and frequency. Business Processes Identified by SAMPLE Safety and Risk Business Process Insurance Requirements Safety Standards Safety Practices Safety Training Administer Worker’s Compensation Program Accident Investigation Environmental Compliance Damage Claim Administration Description Identify insurance needs. Regulatory Reporting Requirements for Safety and Risk Report OSHA 300 SARA Title III Frequency Year End Annual OSHA State/Local Environmental Recipients Type of Penalty Financial Financial For internal use of Sample Company only. Table 27. resolve and approve claim settlements. Report property. 16 December 2002—Page 21 . Business Processes Table 26. Maintain inventory data on fuel tank location/capacities. © 2002 Gartner. All Rights Reserved. collect results distribute as required and necessary. alternative risk financing. Evaluate need for changing safety practices. auto and general liability damage claims. place coverage. Manage Workers’ Compensation claims Establish investigation process. update as necessary. Establish and monitor safety performance at the department level. and/or Gartner Holdings Ireland.

Safety and Risk reported that it is somewhat vulnerable to a prolonged disruption or outage. For internal use of Sample Company only. 16 December 2002—Page 22 .Sample Company Business Impact Analysis (BIA) Table 29. Operational Impacts Identified by Safety and Risk Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Table 30. Inc. Safety and Risk reported that it is somewhat difficult to recover following a significant disruption or outage. Safety and Risk stated that the maximum outage before a significant impact on SAMPLE business units occurred is three days. © 2002 Gartner. Safety and Risk reported that it would take from two to four hours to complete the backlog of Safety-related activity for each day of downtime. Number of Recovery Personnel by Day for Safety and Risk Day 1 1 Day 2 1 Day 3 1 Day 4 1 Day 5 1 Day 6 1 Day 7 1 Day 14 1 Day 21 1 Day 28 1 Findings Safety and Risk reported that it would take one to two hours to complete the backlog of insurance-related activity for each day of downtime. and/or Gartner Holdings Ireland. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 1 0 2 0 3 3 2 2 0 3 4 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Safety and Risk reported that it would take more than two hours to complete the backlog of Claim Administration-related activity for each day of downtime. All Rights Reserved.

Inc. For internal use of Sample Company only. 16 December 2002—Page 23 . up to $25 million.Sample Company Business Impact Analysis (BIA) Safety and Risk reported that there are minimal monthly operational impacts. Safety and Risk stated that SAMPLE maintains basic business interruption insurance coverage. Safety and Risk stated they have back up insurance records in Finance. © 2002 Gartner. Safety and Risk stated that it has no special standalone workstation requirement. $25 million excess is available but excludes earthquake and flood. All Rights Reserved. insurance carriers and outside reporting agencies. the broker and carriers. and/or Gartner Holdings Ireland. Safety and Risk noted that there are special requirements to include communications with departments. including earthquake and flood.

analysis and research needed to roll out product and customer plans. Analyze data and track sales campaigns. Ability to generate reports comparing data from several customer databases. Business Processes Identified by SAMPLE Marketing Business Process Product development Description Identify customers and develop products to meet customers’ needs.Sample Company Business Impact Analysis (BIA) Marketing The following people were either surveyed or interviewed for Marketing: Brenda. Perform analysis of financial results for marketing division. Maintain database of customer directory listing to facilitate publication of eight Enterprise-wide white. © 2002 Gartner. Support direct mail advertising and telemarketing with customer lists targeted at specific segments. 16 December 2002—Page 24 . and Barbara. All Rights Reserved.and yellow-page directories and source data for Directory Assistance 411 database. Administer database. Define process and forms. and/or Gartner Holdings Ireland. Inc. Product deployment Publish SAMPLE directories and maintain 411 database Sales compensation reporting Financial reporting Market research Manage product development process Coordinate development of marketing plan Customer and product analysis For internal use of Sample Company only. both expense and revenue. Business Processes Table 31. Coordinate market research needs and maintain repository of information. Define process and structure. Support product managers as needed with data. coordinate input and maintain on current basis. develop processes and generate reports used for compensation of internal sales organization.

and/or Gartner Holdings Ireland. © 2002 Gartner. Directory Listings. For internal use of Sample Company only. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Table 32. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Record of current billed services by customer. Directory Subsystem and link to CBP (Deville) Sales Collateral (work with Deutchland Agency) All service order and billing systems Directory subsystem and linkage to CBP (Deville) AIS Sales Compensation Datamart Table 33. Market Research and Infosource Infosource Product Development Marketing Marketing Marketing Marketing Record Name Historical customer billing records from all billing systems. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 4 3 2 2 3 4 1 3 1 1 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. 16 December 2002—Page 25 . Critical Business Records Identified by Marketing Business Unit Product Development. Inc. Operational Impacts Identified by Marketing Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Regulatory Reporting Requirements for Marketing Business Unit Marketing None Report Frequency Recipients Table 34.

AIS. it would take a week to recreate a monthly report. product development. which requires billing system records along with manual reports provided by sales personnel. Monthly performance reporting would be impacted without billing records. Marketing is highly reliant on all billing systems. The development of customer retention and win-back plans significantly impacts cash flow and customer retention. This is reported to be the only record of SAMPLE customers and their services. Marketing reported that it suffered power loss. Although the initial role of marketing would be to identify key customers to ensure priority service restoration. Marketing assumes that the billing systems are backed up nightly and the storage of these records is other than at 937 Quadrangle Ave. Sales Compensation Datamart and the Directory Subsystem. lost/corrupted data. The work that marketing does is almost totally reliant on computer systems and applications. Marketing is highly reliant on all billing systems. if it were idled. products. AIS. revenue and sales compensation reports. Number of Recovery Personnel by Day for Marketing Day 1 4 Day 2 4 Day 3 4 Day 4 22 Day 5 22 Day 6 22 Day 7 22 Day 14 22 Day 21 22 Day 28 22 Findings Marketing reported that there would be significant impact to the company as a whole. addresses and services in the first 24 hours. Marketing reported that there would be monthly operational impacts for sales compensation reporting. © 2002 Gartner. Once records are obtained. employees have been unable to work. this includes customer. The workplace is significantly impacted during power outages and network failures. and research) are highly reliant on e-mail and the company intranet for communication. loss of centralized computers. For internal use of Sample Company only. Marketing requires a list of customers. Sales Compensation Datamart and the Directory Sub-system.Sample Company Business Impact Analysis (BIA) Table 35. Marketing reported that it is very vulnerable to a prolonged disruption or outage. All marketing processes (marketing plan. These are needed so that resources can support critical customer needs. they would need to quickly return to product development functions. 16 December 2002—Page 26 . Market research is highly dependent on customer billing information along with access to the Internet for research sites. and/or Gartner Holdings Ireland. During the infrequent times that marketing has experienced power outages or network failures. Inc. Marketing reported that it is somewhat difficult to recover from a prolonged disruption or outage for information that is not backed up for individual PC’s and mainframe applications. and the loss of local LAN servers during 2001. All Rights Reserved.

based on 300 customer service representatives earning $22 per hour.000. Randy J and Rico Pi. 16 December 2002—Page 27 . Customer Care The following people were either interviewed or surveyed for Customer Care: Bob J. 2002 6 7 14 21 28 Findings Customer Care reported estimated financial losses of $52. All Rights Reserved. they should be functional within a couple weeks. and/or Gartner Holdings Ireland. average daily gross revenue for 2001 was $0.800 per day. For internal use of Sample Company only. Marketing suggested that if a disaster should occur. Financial Impact for Customer Care $1. the company should consider a plan to utilize use non-customer facing employees to assist operational areas.Sample Company Business Impact Analysis (BIA) Customer and product analysis are highly reliant upon company proprietary data networks. © 2002 Gartner. Marketing estimated that once they have access to computers and the network applications.000 $500. they should be functional within two weeks. Inc.000 $1. Figure 2. Marketing estimated that once they have access to computers and the network applications.000 $0 1 2 3 4 5 Day Customer Care Reported Customer Care 2001 Gross Revenue Source: Gartner. Marketing reported that keeping phone lines working in SampleTown and maintaining customer service have to be the highest priorities.500.

Table 37. CBP billing system.Sample Company Business Impact Analysis (BIA) Business Processes Table 36. © 2002 Gartner. Frequency Recipients Table 39. 16 December 2002—Page 28 . long distance and/or Internet service. All Rights Reserved. and/or Gartner Holdings Ireland. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 0 0 0 0 0 4 0 0 0 0 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Operational Impacts Identified by Customer Care Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. account inquiries and Directory Assistance listings. Inc. For internal use of Sample Company only. JORDASH system. DA listings/records system. Regulatory Reporting Requirements for Customer Care Business Unit Customer Care Report None reported. Critical Business Records Identified by Customer Care Record Name Cornbell Service order system. Alternate Source Paper Printouts When Required Day 1 Relative Importance Extreme Table 38. Business Processes identified by Customer Care Business Process SAMPLE customer call center operations Description Provide ACD agents to respond to customer calls/requests for local.

and retention periods for records have been formally defined. Customer Care estimated that only 10. Inc. Customer Care stated that it is extremely reliant upon communications services for business operations.000 of these would seek an alternate source after day five of a prolonged disruption or outage. All Rights Reserved. Number of Recovery Personnel by Day for Customer Care Day 1 0 Day 2 0 Day 3 0 Day 4 0 Day 5 0 Day 6 0 Day 7 0 Day 14 0 Day 21 0 Day 28 0 Findings Customer Care estimated financial losses of $52. Customer Care reported that they currently have 200. records are stored off site (at a facility in Pokipsie). Customer Care reported it would take eight to 12 hours to process backlog for each day of downtime. Customer Care reported that it is somewhat difficult to recover after a significant disruption or outage. 16 December 2002—Page 29 . Customer Care reported that severe operational impacts would occur during the months of June and September. Customer Care reported current records management activity as follows: duplicate records are maintained.000 customers and that 50. Sales The following people were interviewed for Sales: Bobby Kennedy. Customer Care stated that four days is the maximum outage before a significant impact on SAMPLE occurred. For internal use of Sample Company only.Sample Company Business Impact Analysis (BIA) Table 40. and/or Gartner Holdings Ireland. average gross revenue for 2001 was $0. Customer Care reported that it is not vulnerable to a prolonged disruption or outage.800 per day. John Hoover and Gordon Liddy.000 of the 50. © 2002 Gartner.000 customers who sought an alternate source of service would return after service was restored to normal. because these represent the busiest/peak service months.

Critical Business Records Identified by Sales Business Unit Sales Record Name Customer Database When Required Over Day 28 Media Type Fixed Disk Alternate Source Sales personal PCs Table 43. Inc.000.000 $3. Description Table 42. and/or Gartner Holdings Ireland. Sales maintains 911 Database. Business Processes Table 41. 16 December 2002—Page 30 .315. Log orders for new service.000.616 per day.000.000 $0 1 2 3 4 5 6 Day Sales Reported Estimated based on % of ACS 2001 Gross Revenue Source: Gartner. Support sales agents and existing customers. Regulatory Reporting Requirements for Sales Business Unit Sales Report None required.000. Business Processes Identified by Sales Business Process Billing Order tracking Customer service 911 Database Issue invoices to customers. Frequency Recipients For internal use of Sample Company only. estimated daily loss as a percentage of gross revenue for 2001 was $136. Financial Impact for Corporate Sales $4. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Figure 3. © 2002 Gartner.000 $2.000 $1. 2002 7 14 21 28 Findings Sales averaged estimated financial losses of $35.

Table 45. Number of Recovery Personnel by Day for Sales Day 1 5 Day 2 9 Day 3 11 Day 4 15 Day 5 20 Day 6 20 Day 7 20 Day 14 30 Day 21 45 Day 28 50 Findings Sales estimated financial losses of $35. 16 December 2002—Page 31 . Sales reported that data loss or corruption occurred during 2001. but that it had little impact on operations. Sales reported that it is somewhat vulnerable to a prolonged disruption or outage. All Rights Reserved. average daily loss estimated as a percentage of gross revenue for 2001 was $136.616 per day.Sample Company Business Impact Analysis (BIA) Table 44. Sales reported it will take eight to 12 hours to process backlog for each day of downtime. Sales reported that it is easy to recover. beginning on day five following a severe disruption. For internal use of Sample Company only. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 2 4 2 2 2 4 3 1 1 0 0 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Operational Impacts Identified by Sales Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. © 2002 Gartner. Inc. and/or Gartner Holdings Ireland.315 per day (15 percent of gross daily revenue).

16 December 2002—Page 32 .Sample Company Business Impact Analysis (BIA) Sales stated that four weeks is the maximum outage before a significant impact on SAMPLE as a whole occurred. and/or Gartner Holdings Ireland. Sales reported that there are no months where operational impacts would be more severe than for other months. All Rights Reserved. © 2002 Gartner. it could have a severe impact. Inc. Sales personnel can work from home. For internal use of Sample Company only. but if an outage occurred at or near month end. if necessary.

assignments are rotated weekly. Warehouse Lead clerk oversees daily operations. Warehouse Lead clerk oversees daily operations. 16 December 2002—Page 33 . Warehouse Foreman oversees daily operations. Critical Business Records Identified by Materials Management Record Name Warehouse Transactions Becomes Critical Day 4 Alternate Source Would keep paper records in interim Other Media Type Table 48. Inc. Warehouse Lead clerk oversees daily operations. assignments are rotated weekly. Warehouse Lead clerk oversees daily operations. Business Processes Identified by Materials Management Business Process Distribution—Distributing mail Distribution—Large copy jobs such as training manuals Distribution—Insertion operation to process billing Warehouse—Receiving stock and non-stock material Warehouse—Issuing stock warehouse Warehouse—Restocking shelves warehouse Warehouse—Shipping to field locations warehouse Warehouse Office—Stock ordering Warehouse Office—Cost coding freight invoices Warehouse Office—Processing repairs and returns Warehouse Office—Expediting orders Warehouse Office—SAP computer system maintenance Description The Distribution Lead oversees the daily operation. Regulatory Reporting Requirements for Materials Management Report None Reported Frequency Recipient Type of Penalty For internal use of Sample Company only. The Distribution Lead oversees the daily operation.Sample Company Business Impact Analysis (BIA) Materials Management The following person was surveyed for Materials Management: Sophia Loren. and/or Gartner Holdings Ireland. The Distribution Lead oversees the daily operation. assignments are rotated weekly. Foreman oversees daily operations. © 2002 Gartner. Table 47. All Rights Reserved. Warehouse Lead clerk oversees daily operations. Foreman oversees daily operations. Foreman oversees daily operations. Business Processes Table 46.

Table 50. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 0 0 0 4 0 4 0 0 0 0 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. and/or Gartner Holdings Ireland. Inc. Materials Management reported that the Distribution-Insertion operation to process billing would be severely impacted by a prolonged disruption or outage and that there is no alternate provider of the service. Number of Recovery Personnel by Day for Materials Management Day 1 0 Day 2 0 Day 3 0 Day 4 0 Day 5 0 Day 6 0 Day 7 0 Day 14 0 Day 21 0 Day 28 0 Findings Materials Management reported that they are vulnerable to a prolonged disruption or outage. Materials Management reported that it would be somewhat difficult to recover from a significant disruption or outage. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. 16 December 2002—Page 34 . there would be a significant impact after three days. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Table 49. Materials Management reported that if they were unable to access SAP. All Rights Reserved. however. For internal use of Sample Company only. Operational Impacts Identified by Materials Management Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Materials Management did not report how long it would take to complete the backlog of work for each day of outage. the warehouse would be impacted immediately.

All Rights Reserved. 16 December 2002—Page 35 . Materials Management reported the main thing that needs to be addressed for recovery purposes is that SAMPLE processes billing (printing and inserting) backwards from everyone else in Pokipsie.Sample Company Business Impact Analysis (BIA) Materials Management reported that data for the Warehouse-Issuing stock process is maintained on a Windows-based. Inc. desktop PC using SAP and is backed up. © 2002 Gartner. For internal use of Sample Company only. If SAMPLE loses either the printers or insertion machines. and/or Gartner Holdings Ireland. no one else can process SAMPLE billing and significant revenue loss will occur.

© 2002 Gartner. Provides monitoring for SAMPLE Wireless network. Provides E911 procedures and re-routes. 16 December 2002—Page 36 . Business Processes Table 51. Provides monitoring of State of SampleTown television feeds. Maintain test procedures (currently under development). Provides monitoring for SAMPLE sites outside Pokipsie. Maintain records used to rebuild circuits to an alternate location. reviews training needs. Define calling tree for problem response. Provides dial tone for all Pokipsie area customers. Internal group. Provides information on Oryx and Octel voice mail systems. For internal use of Sample Company only. Provides information for Sensaphones Enterprise-wide. Maintain organization charts and keep current. Maintain common operating procedures. MARKS records Enterprise-wide 911 reroute procedures Training committee IP test procedures Description Provides callout/contact information for all SAMPLE entities in the company. Maintain procedures used to reroute 911 services. Provides access to 1 Meg Modem equipment Enterprisewide. Maintain SAMPLE and other information about other IXCs and LECs. All Rights Reserved. Business Processes Identified by the NOC Business Process Duty supervisor NOC special procedures BBSTP E911 Critter Sensaphones Voicemail ASM One Meg Modem EMS Pokipsie DMS Switches Scanner State of SampleTown Video Escalation procedure Skills worksheet Duty Supervisor book Network Operations Procedures (NOP) Org chart Maintain TFSAMPLE. Provides monitoring of State of SampleTown SATS. Special procedures for NOC. Update current skill level of SAMPLE technicians for each piece of equipment). Broadband STP information. Inc. key personal list. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Network Operations Center (NOC) The following people were either interviewed or surveyed for the NOC: Rusty Staub and Randy Johnson.

and/or Gartner Holdings Ireland. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 2 4 2 0 4 3 3 0 0 2 3 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Table 52. Regulatory Reporting Requirements for the NOC Report Site/equipment failures FAA Site Isolation Status Report BVR Other Other Month End Month End Frequency Recipient Management FAA & SAMPLE Reg Affairs SAMPLE Management SAMPLE Management Type of Penalty Product/Service Disruption Financial Product/Service Disruption Product/Service Disruption Table 54. © 2002 Gartner. Critical Business Records Identified by the NOC Record Name DMS Images NOC Logs Backup files for various systems Becomes Critical < 1 Day < 1 Day < 1 Day Alternate Source None None None Tape Other Tape Media Type Table 53. 16 December 2002—Page 37 . Operational Impacts Identified by the NOC Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Inc. For internal use of Sample Company only.

The NOC reported that severe operational impacts would occur during the months of November through April. © 2002 Gartner. The NOC reported that they have approximately 170. and the loss of local LAN servers. loss of voice communications.Sample Company Business Impact Analysis (BIA) Table 55. Sensaphones. a retention period is defined. and/or Gartner Holdings Ireland. The NOC reported that the loss of Critter. lost or corrupted data. severe weather. loss of data communications. The NOC reported that it was not sure how long it would take to complete the backlog of work for each day of outage. The NOC reported that during 2002. it experienced power loss. Number of Recovery Personnel by Day for the NOC Day 1 71 Day 2 71 Day 3 71 Day 4 71 Day 5 71 Day 6 71 Day 7 71 Day 14 71 Day 21 71 Day 28 71 Findings The NOC reported that it is extremely difficult to recover from a significant disruption or outage. The NOC reported that if their services were unavailable. because of severe winter weather conditions. they do have critical records identified. The NOC reported that while there is no formal records management procedure in place. would cause significant impact during all but the summer months. The NOC reported that they are extremely vulnerable to a prolonged disruption or outage. and records are duplicated and stored offsite. Scanner.000 customers and that all of them would seek an alternative source of service if an outage went beyond 28 days in length. it would be less than one day before a significant impact on SAMPLE occurred. All Rights Reserved. They also have a rotation cycle to off-site storage that is adequate for recovery. Impacts are also somewhat significant during September and October for the same reason. For internal use of Sample Company only. and SampleTown Video. 16 December 2002—Page 38 . Inc.

Smallville. Ron Smith. 2002 Findings Operations reported estimated financial losses of $1M per day. © 2002 Gartner. Operations at Melvin also included Melvin/Soldotna. and Joe Jackson.000 $0 1 2 3 4 5 Day 6 7 14 21 28 Operations Reported Fiscal 2001 Gross Revenues Source: Gartner. Financial Impact for Operations $30. Wartville and Pinhead. Sam Montini. Doc Holiday. Veronica Hammil. and Phoenix.7M. 2001 Annual Gross Revenue was $331. Pete Rose. Inc. Figure 4. For internal use of Sample Company only. 16 December 2002—Page 39 .000 $10.000. The following people were either interviewed or surveyed for Operations: Duane Mays. Steve Howe. Rich Floweree. Jesse James. and/or Gartner Holdings Ireland.000.Sample Company Business Impact Analysis (BIA) Operations The scope of our review of SAMPLE Operations included Pokipsie. Irvine and Pomona. Frank James. Jim Green. Ike Clanton. Stevie Nicks. Mike Snell. Melvin. All Rights Reserved. Tucson. Emerson Boozer.000. Harry Houdini.000 $20. Steve Fouts.

Provide directory assistance. Inc. splicing. Physically making connection for customer. Customer phones in with problem. Work order activity performed using Jordash. moves and changes Provisioning (ISP) Repair TCS Testing Trouble ticketing Warehousing Wireless service orders Work order processing Description Customer requests service. new equipment installation. Design work for providing ISP services. Perform construction necessary to perform new installs or repairs. Respond to Dial “0” calls. Residence address terminal numbers and associated information. 411 information. billing for fleet (using ARI). Dispatch installers and repairmen. may include construction. Provisioning ISP services. Monitoring. © 2002 Gartner. trouble tickets. node management. For internal use of Sample Company only. maintain dial tone for outside plant. Enter trouble ticket information using Remedy. Business Processes Identified by Operations Business Process Assignment Centrex orders Circuit order processing Construction Directory Assistance Dispatch Engineering (ISP) Fleet management (vehicles) Installation Inventory control IP operations Maintain circuit layout records (CLRs) Maintain customer database Maintenance (both hardware and software) Maintenance (ISP) Network management (NOC) Operator services Process adds. Supporting and maintaining ISP services. Most done internally. CSR performs initial diagnosis. traps and swears in code. Responding to trouble calls. Enter using Jordash system. Data network operations. Jordash used to keep track of inventory. to find bugs. Record time spent on work orders. All Rights Reserved. trenching. response to alarms. Maintain stock of parts for installations and maintenance. Performed using MARKS. dispatcher determines central office out of which the service will be run. Process orders for Centrex services. Diagrams maintained using VISIO. 16 December 2002—Page 40 . etc.Sample Company Business Impact Analysis (BIA) Business Processes Table 56. Purchase and maintain company cars (manual process). Process orders for wireless services. and/or Gartner Holdings Ireland.

and/or Gartner Holdings Ireland. Regulatory Reporting Requirements for Operations Report Outage over 500 customers for 15 minutes LEC side Dispatch within 72 hours. Critical Business Records Identified by Operations Record Name Customer Information ACMPs (Cable Records) Alternate Source Paper Paper When Required Day 1 Day 1 Relative Importance High Medium Table 58. All Rights Reserved. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 3 4 4 3 4 4 4 3 4 4 4 4 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Operational Impacts Identified by Operations Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Inc. For internal use of Sample Company only. 16 December 2002—Page 41 . if connected by road system Competition—Rural Rule Frequency On Demand Recipient RCA Regulatory Commission Customers Type of Penalty Financial On Demand Financial On Demand RCA Financial Table 59.Sample Company Business Impact Analysis (BIA) Table 57. © 2002 Gartner.

Impacts would also be significant during June through August. 2001 Annual Gross Revenue was $331. Operations reported that they are not vulnerable to a prolonged disruption or outage. Number of Recovery Personnel by Day for Operations at Pokipsie Day 1 90 Day 2 90 Day 3 90 Day 4 90 Day 5 90 Day 6 90 Day 7 90 Day 14 90 Day 21 90 Day 28 90 Table 62. Operations reported that it would take more than 16 hours to complete the backlog of work for each day of outage. Operations reported that it is relatively easy to recover from a significant disruption or outage. Payroll processing is critical and employees must be paid on each Tuesday following the two-week payroll cycle. 16 December 2002—Page 42 . All Rights Reserved. For internal use of Sample Company only. Number of Recovery Personnel by Day for Operations at Tucson Day 1 59 Day 2 59 Day 3 59 Day 4 59 Day 5 59 Day 6 59 Day 7 59 Day 14 59 Day 21 59 Day 28 59 Table 63. Number of Recovery Personnel by Day for Operations at Phoenix Day 1 39 Day 2 39 Day 3 39 Day 4 39 Day 5 39 Day 6 39 Day 7 39 Day 14 39 Day 21 39 Day 28 39 Table 64. Inc. Operations reported that it would be less than one day before a significant impact on SAMPLE occurred as a result of Operations being unavailable. due to the tourist season. Operations reported that severe operational impacts would occur during the winter months due to extreme weather. Total Number of Recovery Personnel by Day for SAMPLE Operations Day 1 311 Day 2 311 Day 3 311 Day 4 311 Day 5 311 Day 6 311 Day 7 311 Day 14 311 Day 21 311 Day 28 311 Table 61. Number of Recovery Personnel by Day for Operations at Melvin Day 1 52 Day 2 52 Day 3 52 Day 4 52 Day 5 52 Day 6 52 Day 7 52 Day 14 52 Day 21 52 Day 28 52 Findings Operations estimated financial losses of $1M per day.7M. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Table 60. and/or Gartner Holdings Ireland.

as well as emergency services. Smallville Operations reported that they have a high risk of experiencing a prolonged disruption or outage.400 pair cable cut were restored to service within six to seven hours. but SAMPLE wisely provides priority service to the FAA and Police (911) applications. Operations groups maintain hardcopies of records. Tucson Operations reported that they experienced a major fiber cut on Van Horn Road that resulted in a significant outage.200 customers. Within four years. Inc. Tariffs call for same level of service for everyone. Tucson reported that it costs $1. 16 December 2002—Page 43 . every member of the Operations staff at Tucson will hit retirement age. Wartville Operations reported they experienced a two-week power outage due to dead trees blowing over. UPS batteries are tested every three months.800 and five hours (plus two hours lag time) to respond to a trouble call in the bush. Tucson also reported 10 power outages in the past year. All Rights Reserved. Tucson reported that they have a two-hour response time on the switch that supports the hospital. and/or Gartner Holdings Ireland. Tucson tests backup generators once a week (every Thursday in the main exchanges). They also reported that lightning strikes affect remote connections at times. it could take 30-60 days to recover. A cable in Atka was cut by a jack hammer by surveyors installing a monument marker. It could take $3-5M to rebuild a main CO. Tucson reported that they conduct safety meetings once a month to review potential disaster recovery scenarios. which can be used in the event that computer systems are unavailable. Operations has an aging work force and is expecting several employees to retire within the next five years. Clients who experienced an outage caused by a 2. A power engineer at Tucson maintains the batter records for the entire state. Tucson reported that they could lose up to 640 customers if one of the “huts” went away.000 customers. the largest one could affect up to 1. For internal use of Sample Company only. Operations estimated that if a switch in one of the COs was destroyed. Tucson maintains 54. © 2002 Gartner. The bulk of affected customers were restored to service within three days. including cable and circuit maps. creating a risk of critical knowledge loss.Sample Company Business Impact Analysis (BIA) Operations stated that a loss of communications would have a significant impact on business operations.000 access lines. but service was maintained via UPS in all cases. The main Tucson switch supports 44. Tucson reported that the top two most likely disasters that would result in a prolonged disruption or outage are fire and earthquakes.

causing significant service disruption. Inc. Pomona Island would not be able to operate if they lost communications. on average. Melvin has also experienced flooding due to glacial melting. Melvin/Sherman maintains a Diesel generator with 250 gallons of fuel. Melvin sits on a fault line and experiences minor earthquakes every day. All staff are being trained to be Cisco Certified Network Planners (CCNPs). Pomona experiences few power outages. their largest risk would come from earthquakes and tidal waves. For internal use of Sample Company only. Phoenix has a portable generator that can be transported where needed.000 subscribers and 10. There are 14. Melvin has experienced ferrous ash-induced shorts of electrical circuits resulting from volcanic activity. Phoenix sees increased activity/telephone usage during the summer months. Pomona has the largest Coast Guard base in the United States. 16 December 2002—Page 44 . There are 7700 subscribers in the Wartville and Pinhead regions. and/or Gartner Holdings Ireland. however. In an emergency. in preparation for the conversion to IP telephony. due to the cruise ship business (tourism). A voltage spike tripped the 100-amp breakers. Phoenix experienced an outage caused by rockslide. Melvin and North Melvin maintain natural gas fueled generators. but service was restored in four hours. Phoenix had a CO go down for two hours due to aging/deterioration of the UPS batteries. The COs are located above the high tide marks for the 100-foot level. Switches are fully redundant and in secure facilities. Their weak link is a satellite link. Coast Guard radio links would be used if both LD links were down.000 access lines.Sample Company Business Impact Analysis (BIA) Wartville Operations believes that a volcano on Augustine Island may blow. Melvin Operations experienced a windstorm that knocked primary power out for three or four weeks. Phoenix Operations is highly focused on customer service. All Rights Reserved. © 2002 Gartner. and it took two hours to restore service. Phoenix has battery plants on preventative maintenance now. Melvin experiences three primary power outages per winter.

and/or Gartner Holdings Ireland. MARKS. 16 December 2002—Page 45 . Business Processes Identified by Provisioning Business Process Order entry Address research LMP provisioning Residential provisioning Centrex circuits Field or CO activity PBX Description Created in Cornbell. or PBX service requests. Table 66. Business Processes Table 65. Johnny Bench. Provisioning of Centrex service and local or interstate circuits. Clicksoft. Key. © 2002 Gartner. AHD. Switchaccess Table 67. Business.Sample Company Business Impact Analysis (BIA) Plant Assignment and Dispatch (Provisioning) The following people were interviewed for Provisioning: Sparky Anderson. Interfaces with Clicksoft calendar. Inc. Critical Business Records Identified by Provisioning Business Unit Provisioning Record Name Jordash. MARKS (interstate circuits). Cornbell. Regulatory Reporting Requirements for Provisioning Business Unit Provisioning Report None Frequency Recipients For internal use of Sample Company only. Pete Rose. Assess NPAC. Residential provisioning. All Rights Reserved. Establish legal address for customer working with the municipality or city boroughs.

For internal use of Sample Company only. Operational Impacts Identified by Provisioning Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Provisioning reported that severe operational impacts would occur to customer service and there would be increased liability if they were unable to update E911 information to PSAP. 16 December 2002—Page 46 .Sample Company Business Impact Analysis (BIA) Table 68. © 2002 Gartner. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 0 0 0 0 0 4 0 0 0 4 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Provisioning stated that one day would be the maximum outage before a significant impact on SAMPLE occurred. and/or Gartner Holdings Ireland. Inc. All Rights Reserved. Provisioning reported that it is vulnerable to a prolonged disruption or outage. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function. Table 69. Provisioning reported that it would be extremely difficult to recover from a significant disruption or outage. Number of Recovery Personnel by Day for Provisioning Day 1 0 Day 2 0 Day 3 0 Day 4 0 Day 5 0 Day 6 0 Day 7 0 Day 14 0 Day 21 0 Day 28 0 Findings Provisioning reported it will take more than 16 hours to process backlog for each day of downtime.

disparate systems that are in use today. © 2002 Gartner. Provisioning reported that there is a need to consolidate the multiple. 16 December 2002—Page 47 . For internal use of Sample Company only. and/or Gartner Holdings Ireland. Inc.Sample Company Business Impact Analysis (BIA) Provisioning reported that it has need for large screen (21-inch) monitors. Provisioning reported that a loss of communications would have a significant impact on business operations.000 cost to upgrade. but cannot afford the estimated $80. All Rights Reserved.

. Critical Business Records Identified by Purchasing Business Unit Purchasing Purchasing Department Purchasing Department Purchasing Department Purchasing Department Purchasing Department Record Name Vendor contact names and numbers Purchase Order Purchase Requisition Contract Vendor/ Contractor Master List Request for Quotation When Required Day 1 Day 2 Day 2 Day 2 Over Day 28 Day 2 Media Type Other Paper Paper Paper Tape Paper Alternate Source Search the Internet for vendors Seven years of archived paper records Seven years of archived paper records Archived records None Seven years of archived paper records For internal use of Sample Company only. goods and services each can provide. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Purchasing The following people were surveyed for Purchasing: Carlton Fisk and Mike Socia. All Rights Reserved. Input manual data to the computerized system when computerized materials system(s) become available. and/or contract numbers and associated data assigned by individual buyers. purchase order. and/or contract numbers to each buyer. Buyers and administrative personnel will be responsible for input of manual data to a computerized system. points of contact. purchase order. date(s). Maintain a master log of purchase requisition. 16 December 2002—Page 48 . Responsibility for maintenance and update of this type data needs to be determined. Establish and maintain a list of vendors and contractors. Business Processes Identified by Purchasing Business Process Negotiate and purchase goods and services Maintain the contract system and records Assigned block(s) of manual purchase requisition. file contracts. vendor/contractor names. etc. goods or services requested or purchased. Maintain and update vendor and contractor listing on an ongoing basis. Inc. Update the Contract Manager system. Table 71. Purchasing’s administrative assistant will maintain the master log data. Description Negotiate with vendors and place orders for goods and services. i. Buyer(s) will maintain a log of numbers assigned and the associated data.e. © 2002 Gartner. cost. Purchasing and technical personnel will be responsible for providing the data about vendors and contractors. Business Processes Table 70.

Table 74. Purchasing reported it is somewhat difficult to recover following a significant disruption. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 4 4 2 4 2 2 4 2 4 4 4 3 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. Purchasing stated that one week is the maximum length of outage before a significant impact on SAMPLE business units occurred. 16 December 2002—Page 49 . © 2002 Gartner. Purchasing reported that operational impacts would be no more severe for any single month over any other. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function.Sample Company Business Impact Analysis (BIA) Table 72. All Rights Reserved. For internal use of Sample Company only. Regulatory Reporting Requirements for Purchasing Business Unit Purchasing Report None Frequency Recipients Table 73. and/or Gartner Holdings Ireland. Operational Impacts Identified by Purchasing Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Inc. Number of Recovery Personnel by Day for Purchasing Day 1 12 Day 2 12 Day 3 12 Day 4 12 Day 5 12 Day 6 12 Day 7 12 Day 14 12 Day 21 12 Day 28 12 Findings Purchasing reported it will take one day to process backlog for each day of downtime.

Purchasing reported they were somewhat vulnerable to an outage. Purchasing reported that data loss or corruption was experienced in April of 2002. © 2002 Gartner. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Purchasing noted there is currently no recovery strategy in place for the list of vendors and contractors and their respective points of contact. Purchasing reported that standard replacement office equipment would cost $28. which caused a 10-percent impairment to operations and took eight hours to recover.060 for each day following a significant disruption. For internal use of Sample Company only. In a “worst case” scenario. Inc. Purchasing could be idled for up to a week before significant impact to SAMPLE would occur. and/or Gartner Holdings Ireland. 16 December 2002—Page 50 .

Coordinate filings to the RCA and FCC on behalf of SAMPLE. Provide interpretation of tariffs. Maintain copies of special contracts filed with the RCA. cellular. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Regulatory Affairs The following person was surveyed for Regulatory Affairs: Sandy Kofax. Monitor state and federal regulatory activity. Federal Communications Commission FCC Regulatory Affairs License and antenna structure registrations for microwave. Draft tariffs for submission to appropriate agency. television and PCS licenses Over day 28 Other For internal use of Sample Company only. Table 76. Maintain competitive tariffs. state and federal regulations to company. Report network outages to both FCC and RCA. © 2002 Gartner. Maintain regulatory and tariff files. Business Processes Identified by SAMPLE Regulatory Affairs Business Process License administration Monitoring Regulatory response Legal support Tariff administration Regulatory interpretation Records maintenance Records maintenance Records maintenance Coordination of filings Outage reporting Outage reporting Description Maintain and administer FCC license files. Support Legal Department as needed. Business Processes Table 75. All Rights Reserved. Critical Business Records Identified by Regulatory Affairs Business Unit Regulatory Affairs Record Name Local exchange tariffs When Required Over day 28 Media Type Other Alternate Source Electronic version on SAMPLE Intranet. Report tower outage to the FAA/FCC within 30 minutes. filed versions with the Regulatory Commission of SampleTown. 16 December 2002—Page 51 . Provide response to FCC and RCA customer complaints. Inc.

16 December 2002—Page 52 . All Rights Reserved. Operational Impact Cash Flow Competitive Advantage Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other Value 0 0 0 0 0 0 0 0 0 2 2 0 The number of recovery personnel by day represents the number of internal personnel resources that the business unit may require to support minimal essential operations following a major disruption. © 2002 Gartner. Inc. Regulatory Reporting Requirements for Regulatory Affairs Report FAA tower outage reporting Outage reports— network notification Outage reports Other Frequency FAA Recipient Type of Penalty Financial—could also include license revocation Product/service disruption Product/service disruption On Demand On Demand FCC RCA Table 78. and/or Gartner Holdings Ireland. Number of Recovery Personnel by Day for Regulatory Affairs Day 1 1 Day 2 1 Day 3 1 Day 4 1 Day 5 1 Day 6 1 Day 7 1 Day 14 2 Day 21 3 Day 28 5 For internal use of Sample Company only. Operational Impacts Identified by Regulatory Affairs Operational impacts are rated on a scale of 0-4 where 0 = no impact and 4 = severe impact. Table 79. The impact value is an indication of the severity of the impact to the company that would result if the business unit were unable to function.Sample Company Business Impact Analysis (BIA) Table 77.

Regulatory Affairs reported no standalone workstation requirement. All Rights Reserved. © 2002 Gartner. Regulatory Affairs reported that there are no monthly operational impacts.Sample Company Business Impact Analysis (BIA) Findings Regulatory Affairs reported that they have files dating back to the beginning of the SAMPLE company(ies). 16 December 2002—Page 53 . A catastrophic event could destroy both copies. and/or Gartner Holdings Ireland. Inc. Many of these historical documents are available only in hard copy form and at the Regulatory Commission of SampleTown or Federal Communications Commission archives. For internal use of Sample Company only.

000 $25.000 $10.000. Reported Financial Impacts for SAMPLE $30.000.000 $15. 16 December 2002—Page 54 . Cumulative Reported Financial Impacts The following figure shows the cumulative financial impact reported by all the SAMPLE business units. © 2002 Gartner.000 $5. it is important that management have a very clear vision and commitment of resources to accomplish the job.249.Sample Company Business Impact Analysis (BIA) Executive Summary/Business Impact Analysis for SAMPLE The BIA is designed to provide management with a report of the potential overall effects for each major SAMPLE business unit.000.616 for the first week) to approximately $28.000 $20.000. Figure 5. if their services are not available for 30 days or more. 2002 6 7 14 21 28 Findings The reported cumulative financial impact ranges from $1M on the first day ($5. Since the cost of providing redundancy and fault tolerance in the infrastructure can be quite high.000. Inc. The intent of the following section is to provide a cumulative report of impact across all of the SAMPLE business units.000 $0 1 2 3 4 5 Day Source: Gartner. All Rights Reserved. and/or Gartner Holdings Ireland.312 on Day 28.000. For internal use of Sample Company only.035. This cumulative impact information can be applied toward justification and prioritization of infrastructure-related resources that would be required.

000.000. Figure 6.000.445. the company’s major financial exposures would begin to increase dramatically within four to seven days following a major disaster.479 on Day 28.000 $5.000 $25. Reported Impacts and 2001 Revenue for SAMPLE $30. © 2002 Gartner. with a range of $908. For internal use of Sample Company only. Inc.767 on the first day to approximately $25.000 $20.000 $0 1 2 3 4 5 6 7 14 21 28 Day Reported Totals 2001 Revenue Source: Gartner 2002 Based on survey results.000 $15.000.000. and/or Gartner Holdings Ireland. All Rights Reserved.Sample Company Business Impact Analysis (BIA) Cumulative Financial Impact (2001 Gross Revenue) Figure 6 shows the reported impacts (see previous page) and 2001 gross revenue. 16 December 2002—Page 55 . Financial impact for the corporation is estimated using a percentage of 2001 reported revenue and applied to this projected escalation.000.000 $10.

50 0.60 0.70 Avg of Answers 0. and/or Gartner Holdings Ireland. Operational Impact Summary Operational impacts are intangible and cannot be directly quantified.40 0. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Cumulative Reported Financial Impacts The following figure shows how the major financial exposures escalate over time for the business units.80 0. Figure 7.” For internal use of Sample Company only. however. Financial impact for the corporation is estimated using a percentage of 2001 reported revenue and applied to this projected escalation. Inc. All Rights Reserved. where 0 indicates “no impact” and 4 indicates “severe impact. 16 December 2002—Page 56 . the company’s major financial exposures would begin to increase dramatically within four to seven days following a major disaster.30 0.10 0.00 Day 1 Day 2 Day 3 Day 4 Day 5 Day 6 Day 7 Day 14 Day 21 Day 28 Over Day 28 Time Series and Exposure Type Availability of Funds Contractual Penalties/Fines Penalties for Late Payment to Vendors Cancelled Orders Due to Late Delivery Lost Sales Source: SAMPLE 2002 Based on survey results. Reported Financial Impacts for SAMPLE Average Severity Over Time 0.20 0. all business units were asked to rate 12 operational factors (shown below) on a scale from 0-4.

financial reporting. employee resignations. © 2002 Gartner. Inc.4 1.2 1. regulatory reporting and shareholder confidence were also important concerns. as reported by the business units.Sample Company Business Impact Analysis (BIA) Figure 8.8 3 Source: Gartner 2002 Findings Customer service is clearly a priority for SAMPLE as shown above.4 2.6 2. Overall Personnel Requirements for SAMPLE Day 1 Day 2 Day 3 Day 4 Day 5 Day 6 Day 7 Day 14 Day 21 Day 28 Personnel 560 564 572 596 605 606 607 618 640 647 Source: Gartner 2002 For internal use of Sample Company only. Table 80. and all of the business units were concerned about customer service impact during a disaster situation.6 1.8 2 2.2 2. A disaster’s effects on employee morale. Average Operational Impacts for SAMPLE Cash Flow Competitive Advantages Shareholder Confidence Financial Reporting Industry Image Employee Morale Customer Service Employee Resignations Vendor Relations Regulatory Increases in Liability Other 1. 16 December 2002—Page 57 . Recovery Personnel Requirements Table 80 summarizes the overall recovery personnel requirements for SAMPLE. and/or Gartner Holdings Ireland. All Rights Reserved.

Most employees that we interviewed indicated that they have their own tools and could locate spare parts at various locations. Based on our experience. as previously shown by the operational impact summary. For internal use of Sample Company only. © 2002 Gartner. All Rights Reserved. if needed. Physical security is essential during a disaster to assist in securing the site. Inc.168. and/or Gartner Holdings Ireland.Sample Company Business Impact Analysis (BIA) Findings According to survey respondents and interviewees. because of SAMPLE’ emphasis on customer service. for the various SAMPLE service locations. as long as they are able to get to where the work is needed. just to maintain service. needs to be available quickly to provide technology support to the other business units. 16 December 2002—Page 58 . Based on information obtained in the interviews. Recovery Time Frames Summary In general. Facilities and Marketing are also critical to potentially find alternate office space and communicate with the media during a disaster. This number will typically grow to 40 percent by the end of the first week to support critical business operations after systems and workspace are operational. SAMPLE would need roughly 780 persons during the recovery period in the 30 days following a significant disruption or outage. we believe that reasonable recovery time frames are generally shorter for all business units and services. The total number of SAMPLE employees is approximately 1. FAA installations and hospitals. especially the information systems/technology and infrastructure recovery. especially customer support for telephone re-routing and alternate/replacement computer systems. most emergency operations for communications services providers require a minimum of 25 percent of total personnel to implement a timely recovery from a major disaster on the first day. we believe that many SAMPLE employees are capable of functioning out of their homes or personal vehicles. Availability of emergency services such as Police 911. SAMPLE IT Operations. there are service recovery time frames specified by Tariff. Based on the interviews. so Facilities and Safety/Risk Management must be available on short notice for that reason. is a critical first priority for all SAMPLE business units.

dispatch functions Engineering Provisioning Monitor/assess network/circuit/service health Procure temporary resources. their safety must be the first priority. assuming that workspace and computer systems are available. Figure 9.) Infrastructure to support customer service telephones Repair. Time to Complete Backlog Processing for SAMPLE 0–2 Hours 3% Over 16 Hours 20% 2–4 Hours 3% 4–8 Hours 12% 8–12 Hours 14% Not Sure 20% 12–16 Hours 4% Didn't Answer 24% Total =100% Source: Gartner 2002 For internal use of Sample Company only. Recommended Recovery Priorities for SAMPLE Priority 1 Process Employee issues. All Rights Reserved. testing. physical safety. facilities. or nothing else will matter. equipment. temporary shelter. © 2002 Gartner. benefits administration. we recommend the following recovery priorities. assignment. and/or Gartner Holdings Ireland. emergency services. (SAMPLE cannot operate without its employees. Table 81.Sample Company Business Impact Analysis (BIA) Recovery Priority Recommendations Based on the interviews. etc. 16 December 2002—Page 59 . Business Unit Human Resources 2 3 4 5 6 7 Customer Care Operations Engineering Plant Assignment and Dispatch NOC Purchasing Work Backlog Processing Figure 9 shows the length of time to complete backlog processing for all of the reported business processes for each affiliate company and shared service. Inc. etc.

and/or Gartner Holdings Ireland. It is important to understand how transaction backlogs will be handled by the business units. Critical Business Records for SAMPLE Business Unit Comp. Ben. Critical Business Records The following is a list of the critical business records reported by the business units and shared services. Time Frame and Number of Processes for SAMPLE 30 25 20 15 10 5 0 Hours to Complete Backlog Number of Business Processes in Time Frame 0–2 Hours 4 2–4 Hours 3 4–6 Hours 14 8–12 Hours 6 12–16 Hours 5 Over 16 Hours 23 Not Sure 23 Others 27 Source: Gartner 2002 Findings Backlog processing is used to define how long it will take to update computer systems and documentation to current status. Ben. can complete backlog processing within three days. A slower recovery capability may require a reduction in the Recovery Time Objective (RTO). Ben. HRIS Comp. All Rights Reserved. Table 82. HRIS Comp. HRIS Comp.Sample Company Business Impact Analysis (BIA) Figure 10. Ben. © 2002 Gartner. HRIS Personnel Files HRIS data Compensation surveys Analysis tools Vendor contacts Critical Records For internal use of Sample Company only. with exception of “Others” shown above. HRIS Comp. computer systems and infrastructure are available. assuming that workspace. Inc. 16 December 2002—Page 60 . Ben. All business processes.

and/or Gartner Holdings Ireland. © 2002 Gartner.Sample Company Business Impact Analysis (BIA) Business Unit Comp. None PCSC Security System Software Database Hard copies of Security User Form records Facility drawings. CBP billing system. 16 December 2002—Page 61 . Inc. both Mylar and Bluelines Facility Construction and Maintenance Project records SAP data Deville/ CBP Payroll files Month-end JEs Infranet Apprise sales PSA NIBS Rodolphi Great Lakes PRS STS PCC Historical financial information AIS system information Time records Vendor Invoices Employee Records Job Description Requisition Training Vendor Contacts None Distribution—None Warehouse transactions DMS Images NOC logs For internal use of Sample Company only. Ben. JORDASH system. DA Listings/ records system. HRIS Corporate Communications Customer Care Customer Care Customer Care Customer Care Facility Services Facility Services Facility Services Facility Services Facility Services Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance Finance/ AP & Payroll Finance/ AP & Payroll Finance/ AP & Payroll Human Resources Human Resources Human Resources Marketing Materials/Operations Materials/Operations Network Operations Center (NOC)—110/ 642 Network Operations Center (NOC)—110/ 642 None Critical Records Benefits and leave files Cornbell Service order system. All Rights Reserved.

Ben. HRIS Comp. Ben. Regulatory Reporting The following is a list of the regulatory reports by the business units and shared services. HRIS Corporate Comm Customer Care Facility Services Finance Report 5500 Filing EEO reporting Plan and amendment filing PBGC filing None reported None reported None reported SEC quarterly and annual SEC Quarter end IRS DOL DOL PBGC Recipient When Required Year end On demand On demand Year end For internal use of Sample Company only. Regulatory Reports for SAMPLE Business Unit Comp.Sample Company Business Impact Analysis (BIA) Business Unit Network Operations Center (NOC)—110/ 642 Operations Plant Assignment and Dispatch Purchasing Purchasing Purchasing Purchasing Purchasing Purchasing Regulatory Affairs Safety/ Risk Mgt Sales None None Critical Records Backup files for various systems Vendor contact names and numbers Purchase order Request for quotation Purchase requisition Contract Vendor/Contractor master list Local exchange tariffs None Customer database Findings Critical business record requirements should be reviewed to ensure that all business units could successfully implement a Business Continuity Plan (BCP). © 2002 Gartner. such as customer address information. Table 83. Ben. All Rights Reserved. Each business unit should determine whether their critical records should be copied (or imaged) and available at off-site storage or obtained from the public record facility. and/or Gartner Holdings Ireland. HRIS Comp. Ben. Inc. can be recovered from the switch. 16 December 2002—Page 62 . Some critical business records. HRIS Comp. Each affected business unit should document all critical business records in its BCP. Note that this procedure should be documented in each business unit’s BCP.

the FCC and the RCA must be advised of the problem.Sample Company Business Impact Analysis (BIA) Business Unit reporting Finance Finance Finance Human Resources Human Resources Marketing Materials Management NOC NOC NOC NOC Operations Report Form M annual reports USF/ RCC reports CAM EEO1 Affirmative Actions Report None reported. if connected by road system None reported None reported FAA tower outage reporting Outage reports—network notification Outage reports—network notification OSHA 300 None reported FAA FCC RCA OSHA RCA Recipient When Required Year end Month end Year end Year end Year end FCC/ AK Dept Rev. 16 December 2002—Page 63 . it is a best practice for each affected business unit to include a notification procedure as part of its BCP. All Rights Reserved. FCC—RCA US DOL US DOL Management FAA & SAMPLE Reg Affairs SAMPLE Management SAMPLE Management RCA Regulatory Commission Customers Other Other Month end Month end On demand Operations On demand Plant Assignment and Dispatch Purchasing Regulatory Affairs Regulatory Affairs Regulatory Affairs Safety/ Risk Mgt Sales Other On demand On demand Year end Findings In the event of a disaster. Although it may not be strictly required by a regulatory agency. and the notification procedure should be part of SAMPLE’s BCP. © 2002 Gartner. Inc. None reported Site/ equipment failures FAA Site Isolation Status Report BVR Outage over 500 customers for 15 minutes LEC side Dispatch within 72 hours. and/or Gartner Holdings Ireland. For internal use of Sample Company only.

2002 Total =100% Table 84. Customer Care reported that it is somewhat difficult to recover after a significant disruption or outage. All Rights Reserved. Recovery Complexity for SAMPLE Business Units With Extreme Complexity Difficult to Recover 19% Somewhat Recoverable 48% Easily Recoverable 14% Extremely Difficult to Recover 19% Source: Gartner. Recovery Complexity for SAMPLE Easily Recoverable Sales Facilities Somewhat Difficult to Recover Customer Care Marketing Materials Management Operations Purchasing Safety and Risk Difficult to Recover AP and Payroll Finance Human Resources Regulatory Affairs Extremely Difficult to Recover Corporate Communications Engineering NOC Provisioning Findings Communications reported that it would be extremely difficult to recover from a prolonged outage or disruption. Inc. For internal use of Sample Company only. 16 December 2002—Page 64 .Sample Company Business Impact Analysis (BIA) Recovery Complexity for Business Units The following graph shows the recovery complexity reported by the business units and shared services. Figure 11. and/or Gartner Holdings Ireland. © 2002 Gartner.

Sales reported that it is easy to recover.Sample Company Business Impact Analysis (BIA) Engineering reported that it would be extremely difficult to recover from a significant disruption or outage if AutoCAD data was lost. it could take 30 to 60 days to recover. Finance reported that it is difficult to recover. Materials Management reported that it would be somewhat difficult to recover from a significant disruption or outage. Customer Care reported that it is somewhat difficult to recover after a significant disruption or outage. Provisioning reported that it is extremely difficult to recover from a significant disruption or outage. For internal use of Sample Company only. © 2002 Gartner. It could take $3-5M to rebuild a main CO. All Rights Reserved. Marketing reported that it is somewhat difficult to recover from a prolonged disruption or outage for information that is not backed up for individual PCs and mainframe applications. and/or Gartner Holdings Ireland. Operations reported that it is relatively easy to recover from a significant disruption or outage. Facility Services reported that it is somewhat easy to recover. 16 December 2002—Page 65 . Operations estimated that if a switch in one of the CO’s was destroyed. Purchasing reported that it is somewhat difficult to recover following a significant disruption. Inc. AP and Payroll reported that it is difficult to recover. The NOC reported that it is extremely difficult to recover from a significant disruption or outage. Human Resources reported that it is difficult to recover from a significant disruption or outage. Safety and Risk reported that it is somewhat difficult to recover following a significant disruption or outage. Sales reported that it is easy to recover.

Findings Each business unit should review all special requirements. supplies should either be documented as available off-site (such as check stock for Payroll). or a procedure for an emergency purchase should be included in the BCP. For internal use of Sample Company only. $5000 ea. 2002 Findings November. March and April processes are higher than average because SAMPLE reported that an outage during these months would have higher impact due to extreme weather. Figure 12. If appropriate. January. 16 December 2002—Page 66 . All Rights Reserved.Sample Company Business Impact Analysis (BIA) The following figure shows the monthly impact profile reported by the business units. and/or Gartner Holdings Ireland. Special Requirements The table below lists the special or one-of-a-kind recovery supply requirements reported by the business units and shared services. Monthly Impact Profile for SAMPLE Number of Processes with High Severity 16 Count of Processes 14 12 10 8 6 4 2 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Time Series Source: Gartner. December. Table 85. Special Resource Requirements for SAMPLE Business Unit AP Resource Description MICR Printers Comment Est. Based on Gartner’s experience. February. © 2002 Gartner. the company’s BCPs must support the monthly impact profile. Inc.

which is directly supported by communications.” Several business units reported a “Severe impact” on the loss of communications. which is especially important for business units that provide customer service. For internal use of Sample Company only. Figure 13. © 2002 Gartner. with a rating of 0-4 where 0 indicated “No impact” and 4 indicated “Severe impact. It was also reported that the SAMPLE NOC does not have a backup for voice communications. question 12) was the reliance on communications by each business unit. etc. 16 December 2002—Page 67 . It is a best practice to have a communications team defined as one of the “support” teams (like HR. they were not included in the sale of ATU to SAMPLE. 2002 Findings More than 70 percent of SAMPLE business units reported a high reliance upon communications systems. Safety. Degree of Reliance Upon Communications Services 80% 70% 60% 50% 40% 30% 20% 10% 0% High Reliance Low Reliance Didn't Answer Source: Gartner. There was a consistent high-level emphasis by all business units on customer service. All Rights Reserved. It was reported that while radios were once installed in telephone company trucks belonging to the Municipality of Pokipsie.) to ensure that communications arrangements have been implemented as part of the BCP. and/or Gartner Holdings Ireland. The use of radios as a possible backup means of communicating in an emergency should be evaluated. Inc.Sample Company Business Impact Analysis (BIA) Reliance on Communications One of the factors reviewed during the interview process (see Appendix A. especially the telephones in Customer Care.

Sample Company Business Impact Analysis (BIA)

Unique Standalone Workstations
Table 86 lists the unique standalone workstation requirements reported by the SAMPLE business units.
Table 86. Standalone Workstation Requirements for SAMPLE Business Unit Facility Services Description of Critical Information Structural, mechanical, electrical Processes Facility maintenance

Findings Each business unit should review all unique standalone workstation requirements. If appropriate, a procedure for an emergency purchase should be included in the BCP.

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page 68

Sample Company Business Impact Analysis (BIA)

Conclusion
Gartner found that all SAMPLE business units are heavily dependent on the existing infrastructure, including communications resources. The telephone systems, the network, and critical applications that depend on the network should be considered by all SAMPLE business units during future disaster recovery and business continuity planning efforts. Given that the various SAMPLE operations groups are relatively diverse, geographically dispersed and somewhat independent in the way they operate, it will be necessary for SAMPLE management to provide clear vision, leadership, and a commitment of resources to ensure recovery and continuity of operations for each business unit. Successful future recovery efforts will depend on planning and coordination activities that must take place well in advance of actual disaster situations.

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page 69

Sample Company Business Impact Analysis (BIA)

Appendix

For internal use of Sample Company only.

© 2002 Gartner, Inc. and/or Gartner Holdings Ireland. All Rights Reserved. 16 December 2002—Page 70

5. 4 = severe impact. Cash flow.Sample Company Business Impact Analysis (BIA) Appendix A—BIA Questions 1. if any). how long (hours or days) could your business unit be completely idled before it would have a significant impact on SAMPLE as a whole. Monthly impact profile—For each month. alternate source (when required). Regulatory reporting—Does business unit have any regulatory reporting requirements? List report name. competitive advantage. other. difficult to recover. recipient. regulatory compliance? 7. Critical record management—Identify critical business records by record name. 9. 6. Business processes—What are the business processes for your business unit? Recovery time frames for business unit or process? 2. Operational impact factors—For the following operational impacts. customer service. business partners. Cumulative estimated financial impacts by day—Estimate the financial impact on your business unit under the worst-cast scenario by days/weeks as follows: Day 1 2 3 4 5 6 7 14 21 28 10. All Rights Reserved. how long will it take (in hours) to handle the backlog for each day of downtime? Concurrent or sequential backlog processing? 3. Outage tolerance—Under the worst-case scenario. increases in liability. industry image. 4 = severe impact. supplier. variance. employee morale. Special requirements—Identify any special or one-of-a-kind supply requirements with name of resource (forms. etc. Day 1 2 3 4 5 6 7 14 21 28 For internal use of Sample Company only. Number of people required by day—Identify the number of people required by day for entire business unit recovery. financial reporting. vendor relations. 16 December 2002—Page 71 . shareholder confidence. 11. Inc. Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec What type of impact for each of the above: financial. define the severity of outage where 0 = no impact. Work backlog—For each process above. Restoration complexity—Define restoration complexity as easily recoverable. regulatory. type of penalty (amount. and/or Gartner Holdings Ireland. operational and other? 8. business units. quantity. somewhat recoverable. © 2002 Gartner. employee resignations. media type. frequency.). 4. extremely difficult to recover. days to acquire. define the severity of impact where 0 = no impact.

.). description of critical process. Other issues and concerns—Identify any other issues or concerns about recovering your business unit that have not been discussed.Sample Company Business Impact Analysis (BIA) 12. 13. such as telephones. etc. wire transfer. and/or Gartner Holdings Ireland. © 2002 Gartner. For internal use of Sample Company only.g. where 0 = no impact. Unique standalone workstations—Identify unique standalone workstations or similar requirements (e. 14. Inc. All Rights Reserved. etc. 4 = severe impact. Define name/type of workstation. e-mail. Reliance on communications—Identify reliance on loss of communications.. 16 December 2002—Page 72 . quantity.

Sign up to vote on this title
UsefulNot useful