![Page 1: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/1.jpg)
Implementing business impact analysis according to
ISO 22301
Presenter: Dejan Kosutic
![Page 2: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/2.jpg)
©2017 27001Academy www.advisera.com/27001academy
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions – they will be addressed throughout the session
• Raise your hand
GoToWebinar Control Panel
2
![Page 3: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/3.jpg)
©2017 27001Academy www.advisera.com/27001academy 3
The implementation steps for business impact analysis (BIA) according to ISO 22301
If you’re planning to start the BIA…
… to succeed, you need to understand the significance of the BIA, and learn what is acceptable according to the standard
![Page 4: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/4.jpg)
©2017 27001Academy www.advisera.com/27001academy 4
Business impact analysis is the key step for your BCM – do it right and you‘ll solve 50% of your business
continuity
![Page 5: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/5.jpg)
©2017 27001Academy www.advisera.com/27001academy
Agenda
5
• Terminology
• BIA in the BCM process
• Steps in the BIA
• Determining MAO, RTO and RPO
• Biggest challenges with BIA implementation
![Page 6: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/6.jpg)
©2017 27001Academy www.advisera.com/27001academy
Terminology
6
• MTPD – Maximum Tolerable Period of Disruption
• MAO – Maximum Acceptable Outage
• RTO – Recovery Time Objective
• RPO – Recovery Point Objective
• Maximum Data Loss
![Page 7: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/7.jpg)
©2017 27001Academy www.advisera.com/27001academy
BIA in the BCM process
7
AnalysisBCM Policy
Business impact
analysis
BCM Strategy
BC Plans
Risk assess-
ment
![Page 8: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/8.jpg)
©2017 27001Academy www.advisera.com/27001academy
Steps in the BIA…
8
Your TextAnalyze and assess
Your TextMandatory procedures
Your TextDefining the BIA methodology
Your TextCollecting the data
Your TextCalculating MAO/RTO/RPO
![Page 9: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/9.jpg)
©2017 27001Academy www.advisera.com/27001academy
…Steps in the BIA
9
Your TextMandatory procedures
Your TextWriting the report (optional)
Your TextIncorporating the results in
BC strategy
![Page 10: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/10.jpg)
©2017 27001Academy www.advisera.com/27001academy
Determining the MAO and RTO
10
![Page 11: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/11.jpg)
©2017 27001Academy www.advisera.com/27001academy
Determining the RPO
11
![Page 12: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/12.jpg)
©2017 27001Academy www.advisera.com/27001academy
Biggest challenges with the BIA
12
• Determine the best way to estimate the RTO and MTPD
• Management buy-in for the whole BC lifecycle & funding
• How to ensure that the responses are valid and are not either overstating or understating the impact
• People don’t grasp RTO & MTPD• What items and activities to be included in
the BIA
![Page 13: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/13.jpg)
©2017 27001Academy www.advisera.com/27001academy
Conclusion
13
Don’t underestimate the BIA –without this kind of analysis your
business continuity would be based on wrong foundations
![Page 14: Implementing business impact analysis according to ISO 22301 · The implementation steps for business impact analysis (BIA) according to ISO 22301 ... Steps in the BIA 9 Your Text](https://reader034.vdocuments.site/reader034/viewer/2022042420/5f36c1a5c27dd620081caa44/html5/thumbnails/14.jpg)
Q & A
Dejan Kosutic