This BIA Plan template can be used by any organization. Refer to other packages for additional supporting documents for a complete
Enterprise wide Business Impact Analysis.
Cost: $90
Buy Now
Conducting a Business Impact Analysis Guide
Objective
The purpose of this document is to help businesses conduct
a Business Impact Analysis (BIA), which identifies the business’s
critical processes, required resources for each process
and the order in which processes need to be recovered.
This document provides guidance on how to conduct the BIA,
analyze the information that is collected, and report the
findings of the assessment. The following documents
are available to help the business complete the assessment:
- Business Impact Analysis Template (both short and long
versions)
- Application & Data Criticality Template
- Final Business Unit Report Template
- Final Executive Management Report Template
- Examples of Impact
The Business Impact Analysis is only a part of the overall
Business Assessment. A Business Assessment is separated
into two constituents, Risk Assessment and Business Impact
Analysis (BIA). The Risk Assessment is intended to
measure present vulnerabilities to the business’s
environment, while the Business Impact Analysis evaluates
probable loss that could result during a disaster.
To maximize the Business Impact Analysis, a Risk Assessment
should also be completed.
Table of Contents of Conducting a Business Impact Analysis
INTRODUCTION
Compliance
Scope
BUSINESS IMPACT ANALYSIS
Objectives of the Business Impact Analysis
Developing the Project Plan
BIA Process Steps
PHASE ONE – PROJECT DEVELOPMENT
Scope
Objectives and Deliverables
Method of Collection
Identify People
Interview Order
PHASE TWO – GATHER DATA
General Information
Process Information
Dependencies
Required Resources
Potential Impact
PHASE THREE – APPLICATION & DATA CRITICALITY
Application Information
Database Information
Hardware Information
Network Information
PHASE FOUR – ANALYZE THE DATA
Review Business Unit BIA
Follow-Up Meetings
Report the Results
FINAL REPORT & PRESENTATION
Creation of Executive Report
Presentations
NEXT STEPS
APPENDIX
Appendix A: Business Impact Analysis Short Template
Appendix B: Business Impact Analysis Long Version
Template
Appendix C: Application & Data Criticality Analysis
Template
Appendix D: Final Business Unit Report Template
Appendix E: Final Executive Report Template
Appendix F: Sample BIA Questions
Appendix G: Examples of Impacts
Business Impact Analysis Survey: Long Version Template
Objectives
Due to HIPAA Security Rule regulations, organization must
implement Contingency Planning Practices to ensure the protection
of ePHI (electronic Protected Health Information).
In order to accomplish this undertaking, there are several
steps that organization will be completing to identify critical
business functions, processes and applications that process
ePHI and to understand the potential impact to the business
if a disruptive event occurred.
The first step of implementing the Contingency Program
for organization is to conduct a Business Impact Analysis
(BIA). This questionnaire will help each business
unit identify their critical business functions and recovery
requirements as well as estimating the impact of a disaster
(or prolonged outage) to the business unit. Once the
survey is completed, the BIA Project team will review the
data, analyze and create a prioritized recovery strategy
to present to senior management.
For the purpose of this BIA, answer each question based
on the “worst-case scenario”. This means
your workplace and all records; files and equipment in it
are inaccessible. The priority of this questionnaire
is to identify any business process or application that
currently contains ePHI. However, please answer all
questions regardless of ePHI status. By completing
all questions to the best of your knowledge, a recovery
strategy that best meets the need of the business can be
established.
Some questions will be directly related to a specific process
where as other questions are about the business unit in
general. Some sections contain an additional “Notes”
area to amplify or explain your responses. While this
is not a requirement, it can be useful in helping the Project
Team understand the nature of your business unit operations.
Table of Contents: Business Impact Analysis Survey Template
OBJECTIVE
GENERAL INFORMATION
Respondent Information
Business Unit / Department Information
ePHI (electronic Protected Health Information)
Service Providers
Business Unit Vulnerability
Recovery Complexity
PROCESS INFORMATION
Process Identification
Process Criticality & Frequency
Processing Periods
Process Unavailability Impact
Process Deferrable
Manual Work – Around Procedures for Processes
Alternate Facilities / Work-load shifting
Backlog Work
DEPENEDENCIES
Internal Received Dependencies (Same Company)
Internal Sent Dependencies (Same Company)
External Received Dependencies (Outside Provider)
External Sent Dependencies (Outside Provider)
REQUIRED RESOURCES
Software Resources
Specialized Supplies and Clerical Type Resources
Equipment Resources
Manpower Resources
Reports
POTENTIAL IMPACT
Financial Impact
Customer & Operational Impact
Legal & Regulatory Impact
To view specific section of this document, please contact
us at Sales@training-HIPAA.net
or call us at (515) 865-4591.
