(515) 865-4591
Bob@training-hipaa.net

Business Impact Analysis policy for HIPAA Contingency Plan

Purpose:

The Business Impact Analysis (BIA) Policy document establishes the activities that need to be carried out by each Business Unit, Technology Unit, and Corporate Units (departments) within the organization.

All departments must utilize this methodology to identify the processes they perform, the required resources to perform those processes, the timeframes in which those processes need to be recovered, any supporting dependencies, resources, facilities, etc, and the potential financial, operational, and legal/regulatory impact for the processes.

Table of Contents

TERMINOLOGY     
ACCOUNTABILITY
COMPLIANCE        
REVISION HISTORY
ENDORSEMENT    

I.  POLICY OVERVIEW

A. Purpose
B. Scope
C. Ownership Roles & Responsibilities
D. Review Process
E. Reporting Process
F. Update Frequency and Annual Review
G. Approval

II. BIA REQUIREMENTS

A. BIA Completion
B. Business Process Identification
C. Business Process Recovery Time Objective
D. Financial Impact
E. Operational Impact
F. Legal and Regulatory Impact
G. Manual Work-Around Procedures
H. Required Resource

III. BIA RESULTS

A. Overall RTO for Department
B. Communication
C. Retention of BIA Survey

APPENDIX

APPENDIX A:  BUSINESS IMPACT ANALYSIS STANDARDS

To view specific section of this document, please contact us at Bob@training-hipaa.net or call us at (515) 865-4591.