1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations. Risk analysis doesn’t view the organization from the mission critical Business Process point of view. More over BIA perceives the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered.
2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? Disaster recovery planning is an essential part of business planning that – too often – gets neglected. Part of this has to do with the fact that making a Disaster Recovery plan requires a lot of time and attention from busy managers and executives from every functional department within the company. Business continuity is a newer term which was first popularized as a response to the Y2K bug. In order to stop your company from bleeding money in these situations, you need a plan that will allow the organization to continue generating revenue and providing services – although possibly with lower quality – on a temporary basis until the company has regained its bearings.
3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents include? Technical backup Plan, Communications Plan
4. Why is it important to have detailed backup and recovery steps within your disaster recovery plan (DRP)? When the plans work together no data is lost in the transition in the process.
5. What is the purpose of a risk analysis? What is the purpose of a business impact analysis? Why are these an important first step in defining a BCP and DRP? The purpose of risk analysis is to allow organizations to decide which risks require more attention than other do. The purpose of business impact analysis is to identify those business functions that are crucial to the organization and classify them as critical or noncritical. BIA section for each critical function receives additional information, including a description of recovery goals and requirements for each function. These are important first step because they are the building blocks for the organization.
6. How does risk analysis (RA) relate to a business impact analysis for an organization? Each element in an organization has a limited budget, the risk analysis help managers and CEOs decide how much they are willing to risk and using the business impact analysis which and how much will be spent on certain elements.
7. Given the list of identified mission critical business functions and processes, what kind of company would you say this organization is, and what do you think are its most important business processes and functions? I would think this company is an automotive company. I think it’s most important business process and functions are quality control mechanisms, research and development activities, and Manufacturing and production line.
8. Given the prioritization list provided for the organization’s identified business functions and processes, write an assessment of how this prioritization will impact the need for IT systems, applications, and data access.
9. For the top five identified business functions and processes, what recovery time objective (RTO) would you recommend for this organization and why? Priority 1 would need RTO of 5 minutes, without the server you have no website or e-commerce for payroll. Priority 2 RTO of 15 minutes because the domains can be down for a little while which will hamper communications but they would still be able to be productive. Priority 3 RTO is 5 minutes because it shouldn’t take long to get the phone lines back on line. Priority 4 RTO is 5 minutes because if the organization can’t help their customers then nobody would buy their product. Priority 5 RTO is 5 minutes because you need to send email and communication with other to make the organization’s product.
10. Why is payroll for employees and human resources also listed as a No. 1 business priority? If your employees don’t get paid then they won’t work and then the business loses money and also the company can violate laws and agreements.