Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Which technique do you prefer to do analysis of your BCM: BIA or threat evaluation? and why?

user-image
Question added by Khaled Altawily , Director Business Continuity & Crisis Managament , Alrajhi Bank
Date Posted: 2017/03/05
Khaled Abdalla
by Khaled Abdalla , IT, R&D director , KAN

My Dear Friend,

sorry for not being able to answer you earlier,i was too busy

however your question reflects you do mix between a lot of things here

i see this question as if someone is trying offering you an apple and a watermelon and asking you which is the biggest fruit in its field between the2, 

however i ll try to be short and to the point here to help you.

in your BCM you MUST do both BIIA and Threat evaluation, for all your business processes because with the outcome of both you will be able to make an informed and wise decision about something different in your BCM plane design  which processes to totally offer in your DR site, which of them will be actively and continuously replicated and which will not affect the business much

 BCM ideal objective is very simple replicate everything in more than1 site and recruit double capacity staff, and make real time copies this way you get zero interruption and  business disturbance (strange but reality for some security reasons and some organisations due to secrecy reasons i can not disclose in here ) however this is not easy and is always very expensive so you must help management to make a decision and select between several options and lots of spectrum between online replication and paper replicas, your role is to help management to perform this in the least expensive and easy to manage way and to help your management justify the investment to the share holders you must analysis each of the business processes to give them a weight and consequently make a recommendation based on your organisation budget

for example do you need your DR site  to be on a mountain? or in a secured vault against earthquakes and nuclear explosions?

how likely is this to happen for your organisation?

and how much impact is such an event on your business and customers?

 there is a lot to consider but this issue is  a research topic and a PhD Theses and i can write down books just to explain this

but hope those examples helps you to get an idea why your question was not relevant and why do we usually do both of them plus many other analysis techniques

if you needed more info mail me so u can get faster response

i rarely check spam folders unfortunately

 

 

Mohammed Amanullah Khan
by Mohammed Amanullah Khan , Business Continuity Senior Manager , Bank of America

I would say both, BIA will tell you what is your actual Recoery Time Objective, Recovery Point Objective and what are your vendors scores from this aspect and thrsat evaluation will show you how strong your resiliency planning is in terms of working and completing all your critical task activities without effecting the SLA or impact to customers from delivery of services.

More Questions Like This

Do you need help in adding the right keywords to your CV? Let our CV writing experts help you.