Risk Management Plan Project 2

profileKSR
ProjectPart2.docx

Task 1: Business Impact Analysis (BIA) Plan

A business impact analysis refers to a significant process that encompasses determining, assessing, as well as predicting consequences that can be caused by a disaster or a business letdown (Blokdyk, 2019). These business issues can negatively affect the business functions and operations thus it is essential for an organization to have a business impact analysis plan in place that can guide the organization to conduct effective business impact analysis. Due to the importance of risk management to the organization, the Health Network, Inc has assigned me to create a BIA plan. After the present risk management plan was reviewed numerous threats were recognized that has the possibility of affecting the business functions and operations. Therefore, a business impact analysis plan should be developed to help guide to conduct a BIA.

The objectives of a BIA

Business impact analysis aims at determining the impacts on the business functions and operations that occurs due to a disaster or a business failure. It also ensures requirements for recovery are established, it aims at analyzing the mission-critical functions in the BCP and in deciding on the RPO and RTO. Other important goal includes analyzing the areas of weakness and vulnerability.

The business functions

The Health Network, Inc. has a variety of business functions such as:

The HNet Exchange services which involve securing electronic medical messages from its clients and later routed to the receipt customers.

The HNet Pay services that support the managing of protected payments as well as billing.

The HNet Connect services that aid the company's clients to get the appropriate brand care at an accurate location. Also, it comprises all the relevant details of the company employees which make it easy for the customers to connect with the right personnel.

The above-mentioned functions are critical to the company since they are relied upon for the normal functioning of the company. If our company is faced with a threat or a disaster this important functions would be affected.

Critical Resources

The company’s critical resources consist of the three production data centres, one thousand production servers, as well as six hundred and fifty corporate laptops and mobile devices.

Business impact analysis outline

Plan, Prepare and Communicate

Before carrying out a business impact analysis roadmap on how it should be conducted should be created. At this step, the organization goals are mapped and ensuring they are following the organization's plans. At this stage how both the quantitative and qualitative data will be gathered and interpreted is determined (Sikdar, 2017). Additionally, mode of communication is a major factor as to how those engaged in the business impact analysis should be informed on why it is carried out to be considered.

Collecting Information

At this step the most important processes, roles, and resources are determined. What would happen when the critical functions and processes are not able to be carried out is also determined. Additionally, different disasters that might impact the company are considered including the degree of the disaster and the ways it might impact.

Record and Interpret Data

After collecting all the relevant information it is recorded on a formal document. Errors are then checked and correction made. From the data, conclusions can be drawn such as determining the resources that are most important to the company. The minimum requirements for the company to recover after a disaster strikes are determined. Additionally, the RPO and RTO, the amount of money to be impacted by downtime, and the vulnerabilities that your business would benefit from addressing are determined (Snedaker, 2007).

Utilize the BIA created to develop a solid DR plan

On finishing the business impact analysis, the information collected can be utilized to create a successful DR plan that can be used to mitigate the vulnerabilities discovered. The information can also be used to help in calculating the cost-effectiveness of a DR solution.

Task 2: Business Continuity Plan (BCP)

The business continuity plan is established to prepare and help the company after an occurrence of a disaster and make it to quickly come back and start operating as usual (Gibson, 2011). Since the Arlington office is the primary location for business units, for instance, Finance, Legal, as well as Customer Support, and other corporate systems like the payroll and accounting applications, which are the ones being more affected, the BCP shall employ DLIS so that employees will understand on what to perform or how to act if any disaster occurs.

Scope

Following Gibson (2011), the business continuity plan shall propose for a warm site that is a bit distant from the headquarters. Also, the scope of the BCP shall cover fifty file servers of DLIS as well as its twelves databases, and system of payroll along with electronic funds transferring service.

Emergency Team Workers

The Emergency Management Team shall have general authority over the DLIS systems recovery when a disaster happens. Also, they are the selected liaison between the BCP Coordinator and the Recovery Team Lead(s) in recovery operations.

Damage Assessment Team

The Damage Assessment Team shall be accountable for determining the degree of destruction to the involved facility, infrastructure and IT systems, in addition to recovery time objectives. The Damage Assessment Team is comprised of Network Team personnel along with the entire IT department staff. The Damage Assessment Team Lead shall alert the BCP Coordinator as well as EMT Lead of the destruction assessment progress and inform any problems.

Technical Response Team

The Technical Recovery Team will be responsible for guaranteeing that the entire applications hosted on DLIS hardware are completely recovered at the different site to decrease downtime as well as harm of undertaking. It will comprise of the entire IT staff and has objectives to guarantee that applications are more available in the incidence of an emergency, and prove that the application if recovered functions as programmed.

Maintain Operations

In case of a debacle and when corporate offices are to be shifted, work shall continue at the assigned warm site. The site shall encompass servers with week by week reinforcements to guarantee the servers are up to consistence with every applicable data. Since it is a warm site and there shall be work terminals accessible, their applications might be obsolete as the servers are what consider a priority.

Notification / Activation Phase

In case of a disaster, the teams shall be the first to be aware of the disaster. They shall start storing and shifting devices and hardware to the warm location, and also be ready to assemble the devices for work to continue. Moreover, an emergency occasion may happen with or without earlier notice. The notice procedure will be the equivalent in either case. The way that workforce are alerted relies upon the sort of crisis and whether the crisis happens during or after usual business hours. Awareness during usual business hours shall be achieved by telephone, email, verbal, mobile phone, as well as a pager. Awareness after typical business hours shall be led by initiating the Team Call Tree.

Recovery Phase

In case a disaster occurs, the response team shall evaluate the possible harm to the network, hardware, as well as other accessories. On the off chance that basic equipment/gadgets were harmed the group can quickly start attempting to recover those gadgets to the working limit. The attention is on just strategic devices as that is the thing that makes the organization operates, any unnecessary services may be paused.

Reconstitution Phase

Reconstitution operations indicate the necessary actions to be taken for the reestablishment of DLIS operations at the present site or different site. At the point when tasks at the present site have been reestablished, unforeseen event at the warm site should be progressed back. The objective is to give a consistent change of activities from the warm site office back to the home office. Until the essential framework is reestablished and tried, the warm site shall keep on working.

References

Blokdyk, G. (2019). Business Impact Analysis BIA A Complete Guide - 2020 Edition. New York: Emereo Pty Limited.

Sikdar, P. (2017). Practitioner's Guide to Business Impact Analysis. CRC Press.

Snedaker, S. (2013). Business continuity and disaster recovery planning for IT professionals. Newnes.

Gibson, D. (2011). Managing Risk in Information Systems. Sudbury, MA: Jones & Bartlett Learning.