(515) 865-4591
Bob@training-hipaa.net

Sample of Executive Business Impact Analysis (BIA) Finding Report for Contingency Plan

Executive Overview

Objectives

The intent of the Business Impact Analysis (BIA) was to help our organization identify which business units, operations, and processes are crucial to the survival of the business. The BIA has identified the time frames in which essential business operations must be restored to full functionality following a disruptive event.   It has defined the business impact of not performing critical business operations based on a worst-case scenario.  The BIA has also identified the resources required to resume business operations to a functioning level.

A worst-case scenario assumes that the physical infrastructure supporting each respective business unit has been destroyed and all records, equipment, etc are not accessible within 30 days.

The objectives for this BIA were:

  1. Estimate the financial, customer/operation, and legal/regulatory impacts for each major business unit, assuming a worst-case scenario
  2. Determine the estimated number of personnel required for recovery operations
  3. Identify the critical business functions, business unit processes and the estimated Recovery Time Objective (RTO) for each business unit.
  4. Provide a foundation for implementing Contingency Plans for HIPAA Security Rule 164.308 (a) (7) compliancy.

The RTO is the maximum allowable time a process can be inoperative following an outage / disruptive event.

These timeframes may have to be re-evaluated to meet the requirements of the Technology capabilities.  If the capabilities of technology do not meet the requirements of the business unit, a gap exists.  These gaps must be mitigated to prevent extended outages and impact to your organization.

Table of Contents: Executive BIA Finding Report

EXECUTIVE OVERVIEW

  • Objectives
  • Scope
  • Approach
  • Department Responses and Findings

BUSINESS UNIT RESULTS

SUMMARY OF FINDINGS

  • Combined Financial Impact
  • Combined Customer/Operational Impact
  • Combined Legal and/or Regulatory Impact
  • Recovery Personnel Requirements
  • Recovery Time Objectives for Business Processes
  • Manual Work-Around Processes
  • Work Backlog Processing
  • Recovery Complexity for Business Units

CONCLUSION         

APPENDIX   

APPENDIX A – BIA QUESTIONNAIRE
APPENDIX B – INDIVIDUAL FULL DEPARTMENT RESPONSES
APPENDIX C – BLANK DEPARTMENT OVERVIEW FORM
APPENDIX D – CUMULATIVE REPORT CHART TEMPLATES

To view a specific section of this document, please contact us at Bob@training-hipaa.net or call us at (515) 865-4591.