(515) 865-4591
Bob@training-hipaa.net

Package 5: Business Impact Analysis (BIA) Package with Policies and Applications & Data Criticality Analysis Bundle

This Enterprise wide Business Impact Analysis ( BIA) Plan template can be used by any organization.

Cost: $270
buynow

 

Conducting a Business Impact Analysis Guide

Objective

The purpose of this document is to help businesses conduct a Business Impact Analysis (BIA), which identifies the business’s critical processes, required resources for each process and the order in which processes need to be recovered.  This document provides guidance on how to conduct the BIA, analyze the information that is collected, and report the findings of the assessment. The following documents are available to help the business complete the assessment:

  • Business Impact Analysis Template (both short and long versions)
  • Application & Data Criticality Template
  • Final Business Unit Report Template
  • Final Executive Management Report Template
  • Examples of Impact

The Business Impact Analysis is only a part of the overall Business Assessment.  A Business Assessment is separated into two constituents, Risk Assessment and Business Impact Analysis (BIA).  The Risk Assessment is intended to measure present vulnerabilities to the business’s environment, while the Business Impact Analysis evaluates probable loss that could result during a disaster.  To maximize the Business Impact Analysis, a Risk Assessment should also be completed.

Table of Contents of Conducting a Business Impact Analysis

INTRODUCTION

Compliance
Scope

BUSINESS IMPACT ANALYSIS

Objectives of the Business Impact Analysis
Developing the Project Plan
BIA Process Steps

PHASE ONE – PROJECT DEVELOPMENT

Scope
Objectives and Deliverables
Method of Collection
Identify People
Interview Order

PHASE TWO – GATHER DATA      

General Information
Process Information
Dependencies
Required Resources
Potential Impact

PHASE THREE – APPLICATION & DATA CRITICALITY 

Application Information
Database Information
Hardware Information
Network Information

PHASE FOUR – ANALYZE THE DATA       

Review Business Unit BIA
Follow-Up Meetings
Report the Results

FINAL REPORT & PRESENTATION         

Creation of Executive Report
Presentations

NEXT STEPS           

APPENDIX

Appendix A:  Business Impact Analysis Short Template
Appendix B:  Business Impact Analysis Long Version Template
Appendix C:  Application & Data Criticality Analysis Template
Appendix D:  Final Business Unit Report Template
Appendix E:  Final Executive Report Template
Appendix F:  Sample BIA Questions
Appendix G:  Examples of Impacts

Long Version Business Impact Analysis Template

Objectives

Due to HIPAA Security Rule regulations, the organization must implement Contingency Planning Practices to ensure the protection of ePHI (electronic Protected Health Information).  In order to accomplish this undertaking, there are several steps that organization will be completing to identify critical business functions, processes, and applications that process ePHI and to understand the potential impact to the business if a disruptive event occurred.

The first step of implementing the Contingency Program for the organization is to conduct a Business Impact Analysis (BIA).  This questionnaire will help each business unit identify their critical business functions and recovery requirements as well as estimating the impact of a disaster (or prolonged outage) to the business unit.  Once the survey is completed, the BIA Project team will review the data, analyze and create a prioritized recovery strategy to present to senior management.

For the purpose of this BIA, answer each question based on the “worst-case scenario”.  This means your workplace and all records; files and equipment in it are inaccessible.  The priority of this questionnaire is to identify any business process or application that currently contains ePHI.  However, please answer all questions regardless of ePHI status.  By completing all questions to the best of your knowledge, a recovery strategy that best meets the need of the business can be established.

Some questions will be directly related to a specific process where as other questions are of the business unit in general. Some sections contain an additional “Notes” area to amplify or explain your responses.  While this is not a requirement, it can be useful in helping the Project Team understand the nature of your business unit operations.

Table of Contents: Business Impact Analysis Survey Template

OBJECTIVE 

GENERAL INFORMATION         

Respondent Information
Business Unit / Department Information
ePHI (electronic Protected Health Information)
Service Providers
Business Unit Vulnerability
Recovery Complexity

PROCESS INFORMATION

Process Identification
Process Criticality & Frequency
Processing Periods
Process Unavailability Impact
Process Deferrable
Manual Work – Around Procedures for Processes
Alternate Facilities / Work-load shifting
Backlog Work 

DEPENDENCIES  

Internal Received Dependencies (Same Company)
Internal Sent Dependencies (Same Company)
External Received Dependencies (Outside Provider)
External Sent Dependencies (Outside Provider)

REQUIRED RESOURCES 

Software Resources
Specialized Supplies and Clerical Type Resources
Equipment Resources
Manpower Resources
Reports

POTENTIAL IMPACT     

Financial Impact
Customer & Operational Impact
Legal & Regulatory Impact

Final BIA Executive Management Report Templates w/ Charts

Executive Overview

Objectives

The intent of the Business Impact Analysis (BIA) was to help our organization identify which business units, operations, and processes are crucial to the survival of the business. The BIA has identified the time frames in which essential business operations must be restored to full functionality following a disruptive event.   It has defined the business impact of not performing critical business operations based on a worst-case scenario.  The BIA has also identified the resources required to resume business operations to a functioning level.

A worst-case scenario assumes that the physical infrastructure supporting each respective business unit has been destroyed and all records, equipment, etc are not accessible within 30 days.

The objectives for this BIA were:

  1. Estimate the financial, customer/operation, and legal/regulatory impacts for each major business unit, assuming a worst-case scenario
  2. Determine the estimated number of personnel required for recovery operations
  3. Identify the critical business functions, business unit processes and the estimated Recovery Time Objective (RTO) for each business unit.
  4. Provide a foundation for implementing Contingency Plans for HIPAA Security Rule 164.308 (a) (7) compliancy.

The RTO is the maximum allowable time a process can be inoperative following an outage / disruptive event.

These timeframes may have to be re-evaluated to meet the requirements of the Technology capabilities.  If the capabilities of technology do not meet the requirements of the business unit, a gap exists.  These gaps must be mitigated to prevent extended outages and impact to your organization.

Table of Contents:Executive BIA Finding Report

EXECUTIVE OVERVIEW 

Objectives
Scope
Approach
Department Responses and Findings

BUSINESS UNIT RESULTS

SUMMARY OF FINDINGS

Combined Financial Impact
Combined Customer/Operational Impact
Combined Legal and/or Regulatory Impact
Recovery Personnel Requirements
Recovery Time Objectives for Business Processes
Manual Work-Around Processes
Work Backlog Processing
Recovery Complexity for Business Units

CONCLUSION         

APPENDIX   

APPENDIX A – BIA QUESTIONNAIRE
APPENDIX B – INDIVIDUAL FULL DEPARTMENT RESPONSES
APPENDIX C – BLANK DEPARTMENT OVERVIEW FORM
APPENDIX D – CUMULATIVE REPORT CHART TEMPLATES

Final Business Unit Report Template w/ Charts

<Enter Department Name>
Location of Department:
Participant: Date of Report:

The interview was conducted by <Enter the Name of Person(s) conducting interviews> on <Enter Month, Day, and Year>.

Overview of Business Unit (Department)

The <Enter Department Name> department is responsible for <enter responsibilities, duties, tasks. (Just provide a high-level overview of the department). Identify if the department does or does not provide direct patient care.

Business Processes

  • <Enter Process Names and put the RTO in ( ) >
  • <Enter Process Names and put the RTO in ( ) >
  • <Enter Process Names and put the RTO in ( ) >

Electronic Protected Health Information

  • <Identify the processes, applications, etc that contain ePHI>
  • <Identify the processes, applications, etc that contain ePHI>

Vendors

  • <Enter Vendor Name>
  • <Enter Vendor Name>

Internal Dependencies

  • <Enter Dependency and put RTO in ( ) >
  • <Enter Dependency and put RTO in ( ) >

External Dependencies

  • <Enter dependency and put RTO in ( ) >
  • <Enter dependency and put RTO in ( ) >

Applications

  • <Enter applications and put RTO in ( ) >
  • <Enter applications and put RTO in ( ) >

Business Impact Analysis Policy

Purpose:

The Business Impact Analysis (BIA) Policy document establishes the activities that need to be carried out by each Business Unit, Technology Unit, and Corporate Units (departments) within the organization.

All departments must utilize this methodology to identify the processes they perform, the required resources to perform those processes, the timeframes in which those processes need to be recovered, any supporting dependencies, resources, facilities, etc, and the potential financial, operational, and legal/regulatory impact for the processes.

 
Table of Contents

TERMINOLOGY     
ACCOUNTABILITY
COMPLIANCE        
REVISION HISTORY
ENDORSEMENT    

I.  POLICY OVERVIEW 

A. Purpose
B.  Scope
C.  Ownership Roles & Responsibilities
D. Review Process
E. Reporting Process
F. Update Frequency and Annual Review
G. Approval

II. BIA REQUIREMENTS 

A. BIA Completion
B.  Business Process Identification
C.   Business Process Recovery Time Objective
D.  Financial Impact
E.  Operational Impact
F.  Legal and Regulatory Impact
G.  Manual Work-Around Procedures
H.  Required Resource

III. BIA RESULTS 

A.  Overall RTO for Department
B.  Communication
C.  Retention of BIA Survey

APPENDIX   

APPENDIX A:  BUSINESS IMPACT ANALYSIS STANDARDS

Applications and Data Criticality Analysis Template

Objective

The purpose of the Application & Data Criticality Analysis is to determine the criticality to covered entity of all application based components and the potential losses which may be incurred if these components were not available for a period of time.  This questionnaire is designed to collect the information necessary to support the development of alternative processing strategies, solutions and IS Recovery plans.

The Business Impact Analysis (BIA) should be completed prior to this engagement.  The results of the BIA should be used to assess technology requirements based on the business needs.

This questionnaire also serves as a compliancy method for meeting the HIPAA Security Rule requirements for Application & Data Criticality Analysis.

Table of Contents of Applications and Data Criticality Analysis Template

OBJECTIVE                   

RESPONDENT INFORMATION  

APPLICATION INFORMATION 

Application Information
Application Specifications
Application Users
Application Service Providers
Application Vulnerability
Application Recovery Complexity
Application Recovery Plan
Application Recovery History
Application Standard Operating Procedures
Application Source Code and Backup Information
Application Dependencies
Application Data Reconstruction

DATABASE INFORMATION 

Database Information
Database Service Providers
Database Vulnerability
Database Recovery Complexity
Database Recovery Information
Database Recovery History
Database Standard Operating Procedures
Database Backup Information
Database Backup Tape Information

HARDWARE (SYSTEM) INFORMATION 

Hardware Information
Hardware Environment Information
Hardware Service Providers
Hardware Vulnerability
Hardware Recovery Complexity
Hardware Recovery Plan
Hardware Recovery History
Hardware Backup Information
Hardware Backup Tape Information

NETWORK INFORMATION

Network Equipment Requirements
Network Service Providers
Network Vulnerability
Network Recovery Complexity
Network Recovery Plan
Network Recovery History
Network Standard Operating Procedures

To view a specific section of this document, please contact us at Bob@training-hipaa.net or call us at (515) 865-4591.

Business Impact Analysis Package with Policies and Applications

 

Note: We offer 7 days money back guarantee to all USA companies with more than 50 employees only. Consulting companies/consultants/business associates are NOT eligible for this offer. Individuals from the USA are NOT eligible for refunds when they buy the product on their own name and NO company information is used. Corporate email is required for a refund of companies.

 

Companies who purchased templates without seeing samples and you are dissatisfied with our product, you will receive a full refund if you cancel your purchase&return the product within 7 days of buying the templates. You will not receive a refund after you have requested sample documents and have decided to buy templates after it.

 

Rated 4.9/5 based on 854 reviews