Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

BIA Data Model

Business Impact Analysis
Russ Stewart
European Head of Continuity, KPMG LLP
russell.stewart@kpmg.co.uk
EPICC Forum Vancouver
February 25th 2008
Workshop Objectives
• Clarify the need for a scalable, re-usable, accessible
approach to BIA
• Demonstrate a simple, graphic approach to obtaining the
information
• Demonstrate a model for storing BIA information and
maintaining interdependencies
• Describe how this BIA model can support a number of uses,
including BCM, ITIL, M&E planning, insurance
• Other…..?
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
1
BIA Definitions
Disaster Recovery Institute International (DRII)
“Identify the impacts resulting from disruptions and disaster
scenarios that can affect the organization and techniques that
can be used to quantify and qualify such impacts. Establish
critical functions, their recovery priorities, and
interdependencies so that recovery time objective(s) and
recovery point objective(s) can be set.”
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
2
BIA Definitions
Business Continuity Institute (BCI)
“A Business Impact Analysis (BIA) identifies the impacts
resulting from disruptions and disaster scenarios that can
affect your organization and employs techniques that can be
used to quantify and qualify such impacts.
The BIA will help to establish critical functions, their recovery
priorities, and interdependencies, so that recovery time
objectives can be set.”
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
3
Some Considerations…
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Complexity – number & nature of
interdependencies
Database extracts MVS to SP2 via
M Series 4.4
IBM3090-600J
MVS/ESA
IMS / ADABAS
File transfers AIX to HP/UX via
Platinum 9.9
FTP between Sun - NT
TM
Sun Enterprise
Sun ULTRASPARC
Solaris 2.5.1, 2.6, 7
Oracle 8.0, 81
TM
TM
HP 3000, K460
HP-UX 10, 11.0, 11.2,
MPE
Sybase 11.9, 12
IBM RS/6000, SP2
AIX 4.2, 4.3
DB2/6000
TM
Sequent
IBM AS/400
OS/400
Compaq Proliant 2500
Proliant 5500, NT 4.0
CICS
Batch
Inventory
CAD/CAM
OLTP
Financials
E-commerce
Exchange
Lotus
Notes
PeopleSoft
DK tape
STK Silos
Legato to DLT
Backup by
FDR Upstream
Backup by
tar - 8mm
ADSM to
3490s
Cheyenne to
4mm
OmniBack
D/R plan
(mainframe only)
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
5
Complexity – External Dependencies
Nature of Enterprise
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
6
Complexity – Degree of Integration
Nature of Enterprise
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
7
Criticality of Processes
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
8
BCM Maturity – Where should you be?
Outcomes
Business
Enhancement
Transform
Market Differentiator
Activities/Goals
Service
Improvement
• Integrate into existing processes
Cost Effective Process
Efficiency / Cost
Reduction
• Data analysis
• Enterprise view
Control
• Roles & responsibilities definition
Sustainable Process
• Methods & standards
development
• Process (vs. Function) view
• Alignment with production
• Testing
Recoverable Plans
• Technology enhancement
• Linking BC/DR interdependencies
React
Risk
Reduction
• Identification of
interdependencies
Remediated Plans
• Prioritization of plans and gaps
• Improvement of documentation
• Accountability alignment
• Information enhancement
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
9
Emerging Trends
TRADITIONAL
EMERGING
Recoverability - minimising the
financial impact
Availability - ensuring financial
continuity and customer satisfaction
Recovery from single episodes of
prolonged downtime
Continuous availability through
management of information and
operational risk
Low-frequency, high-impact disasters
Traditional threats to physical assets,
emerging threats to information
assets
BENEFITS
Recovery of degraded service levels
in 12 to 72 hours
Up to 99.999% availability of critical
business services
ENABLERS
Documented plans
Emerging technologies and
operational excellence
FOCUS
APPROACH
RISKS
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
10
Before you start a BIA…
Consider:
• Complexity of interdependencies
• External dependencies
• Degree of process integration
• Criticality of processes
As a result, consider:
• Appropriateness of BIA scope & objectives – where do you want your BCM to be?
Ideally we want our BIA approach to be :
• scalable
• deliver accessible outputs
• deliver re-usable outputs
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
11
Scenarios / Risks
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
London, February 1996
South Quay Plaza, Docklands
… Nothing can be recovered
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
13
Leeds, June 2007
KPMG Leeds Office
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
14
London July 2007
Suspect Vehicle Near
KPMG Fleet Street Office
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
15
Preston, July 2007
Chemical fire near KPMG Preston office
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
16
Risk Scenarios to Consider
• Fire
• Flood
• Bomb
• Contamination
• Imminent Catastrophic Event
• Natural disaster
• Pandemic
• Utilities failure
• Other ………………………………………………..
In effect too many scenarios (many of which we have not thought of).
BIA needs to be flexible enough to address current and future scenarios.
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
17
Where BIA fits into BCM
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
BCM Context
Risk Management
Business Continuity
Risk & Impact
Mitigation
Crisis
Mgt
Business
Recovery
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
19
Crisis Management
Characteristics of crisis management …
• Life & Limb
• Reputation
“Wrestle the Gorilla”
(Register & Larkin)
“Boiling the frog”
• Minutes/Hours
• Survival focus
Readiness requirement:
• too late for manuals
• need to exercise regularly
Most important decisions made with limited information
Well structured, accessible BIA information improves the impact assessment
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
20
Business Recovery
• After the initial crisis has been managed
• Objective is to recover business functions
• Survival Mode - some efficiency loss
• Readiness / Exercised
Components
• Business Plans
• ICT
• Facilities
• HR
Based on an agreed firm wide strategy…
Detail Recovery Plans put into action
BIA detail used to identify and prioritise actions, and to set MMRs, RTOs, RPOs
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
21
Risk & Impact Mitigation
• Lessen Impact
• Built into the culture of the organisation
• Embed in normal processes
• The responsibility of all the organisation’s people
Reduce risk through resilience
BIA identifies likelihood of failure of services and assets and relates such to impacts,
justifying proportionate resilience measures
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
22
BIA Approach
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Sources of Advice
• BCI Good Practice Guidelines – Section 2 (Understanding
the Organisation)
• BS 25999 – 2 Section 4.1.1
Very sound & recommended
Oriented towards WHAT should be considered
We will focus on aspects of HOW to do it and represent the
findings
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
24
Understanding the
Organisation
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Data Flow Diagramming (DFD)
• DFDs have their roots in the UK civil service “SSADM” methodology
• Structured Systems Analysis & Design Methodology
• Used to graphically represent an organisation’s current and planned
processes
• Information oriented – however can be adapted to include physical assets
……complement the more “traditional” methods (e.g. questionnaires,
structured interviews)
My preference: DFDs as the main approach to information gathering and
verification
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
26
Understanding the Organisation
Key Business Process
Data Store
Key Third
Parties
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
27
Understanding the Organisation
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
28
Data Flow Diagrams - Levels
UK Operations
2 Supply Chain
2.1
Stock Allocate
2.2
Transport Plan
1 Sales Processing
2.3
Urgent Orders
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
29
Data Flow Diagrams - Levels
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
30
Level 0 : UK Operations
Agency
Sales
Orders
Sales
Processing 1.
SOP
Ref.data
Supply
Chain 2.
Pricing.3
Stock
File
Logistics
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
31
Level 0 : Supply Chain Processes
Sales
Orders
SOP
Ref.data
Supply
Chain 2.
Stock
File
Logistics
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
32
Level 1 : Supply Chain
…break down into three component processes
Sales
Orders
Stock
Allocate 2.1
Urgent
Orders 2.3
SOP
Ref.data
Stock
File
Logistics
Transport
Plan 2.2
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
33
Level 1 : Supply Chain
Sales
Processing 1.
…Sales processing represented as external to these processes
Sales
Orders
Stock
Allocate 2.1
Urgent
Orders 2.3
SOP
Ref.data
Stock
File
Logistics
Transport
Plan 2.2
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
34
Level 1 : Supply Chain
Sales
Processing 1.
…data flows added
Sales
Orders
Stock
Allocate 2.1
Urgent
Orders 2.3
SOP
Ref.data
Stock
File
Logistics
Transport
Plan 2.2
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
35
Return to Level 0
Agency
Sales
Orders
Sales
Processing 1.
SOP
Ref.data
Supply
Chain 2.
Pricing.3
Stock
File
Logistics
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
36
Understanding the Organisation
DFD Output:
• Identification of processes that require recovery
• Identification of key third parties (internal & external) that you would
need to contact in recovery
• Identification of the ‘things’ (i.e. Services) you depend on – systems,
people, assets
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
37
Understanding the Organisation
Example of Services:
• Email
• Internet Access
• Telephone
• A key Excel Report on the Network Folder
• Administrative Paper Files
• Office building
• Payroll team
etc…
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
38
Exercise 1
Identify Processes & Services
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Exercise 1a – Identify Processes & Services
• Find an interesting person in the group
• List their responsibilities in terms of 5 -9 processes
Does not have to be right first time – iterative review approach
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
40
Exercise 1b – Identify Processes & Services
• Represent (draw!) an ellipse for each process on one flipchart
• For each process:
− Number it
− Add Data Stores / Services used in process
− Add third parties used in process
− Draw on data flows
Does not have to be right first time – iterative review approach
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
41
Return to Level 0
Agency
Sales
Orders
Sales
Processing 1.
SOP
Ref.data
Supply
Chain 2.
Pricing.3
Stock
File
Logistics
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
42
Obtaining the Facts
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
DFD input to BIA
Identify Key Processes
Understand
your
business
BIA
Input
Identify key services for the
business processes
Identify key third parties
MMR / RPO / RTO / Wait
Who to contact
Contingencies & Fallback
Alternative third parties
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
44
Analysis of Services
The DFD will give a list of Services…
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
45
Analysis of Services
Then add impact ratings…
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
46
Impacts
• Key criteria are impacts on: life, limb, reputation, revenue
• Base on loss of service for 48 hours (for example)
• Quantify if feasible, otherwise: High, Medium, Low
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
47
Analysis of Services
Minimum Resource Requirement (MRR)…
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
48
Minimum Resource Requirement (MRR)
• In “survival” mode – what is minimum level of that service
required
• For period of 10 weeks (for example)
• Not applicable to all services
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
49
Analysis of Services
Wait Time…
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
50
Wait Time
• A bit more than Recovery Time Objective (RTO)….
• How long would you wait before invoking contingency or
fallback?
• Bearing in mind that invocation is disruptive (and return to
normal)
• Key consideration is confidence in service being restored
soon
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
51
Analysis of Services
Recovery Time Objective (RTO)…
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
52
Recovery Time Objective (RTO)
• Time from invocation of recovery to minimum service
restored
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
53
Analysis of Services
Recovery Point Objective (RPO)…
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
54
Recovery Point Objective (RPO)
• In effect “how much data can you stand to lose”?
• To what point in time you restore your data to?
• Impacts on back-up regime, e.g.
− Weekly
− Daily
− Real-time mirroring
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
55
Analysis of Services
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
56
Exercise 2
Analysis of Services
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Exercise 2 – Analysis of Services
• In your groups, for each Service previously identified:
−
Impact : of service failure on process (H/M/L or quantified)
−
MRR : minimum resource requirement in survival mode
−
Wait Time : how long “do nothing”
−
RTO : recovery time objective (for minimum resource restored)
−
RPO : recovery point objective (how much data can you lose)
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
58
BIA MODEL
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
BIA Overall Data Model
Process A
Service 1
Component
v
Process B
Service 2
Component
w
Process C
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
60
Processes – Quick Recap
Process A
Process B
Process C
• View organisation as a collection of processes
• Fits in with the way organisations view themselves
• Fits in with business recovery planning – process orientation
• Processes should be defined at a fairly high level, e.g.:
−
Sales
−
Distribution planning
−
Compliance checking
• Organisational chart is a useful guide.
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
61
BIA Overall Data Model
Process A
Service 1
Component
v
Process B
Service 2
Component
w
Process C
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
62
Services – Quick Recap
A business process depends on a number of services, typically:
−
Information systems (including paper based)
−
People
−
Physical assets (eg plant, buildings)
Service 1
Service 2
Service 3
Service 4
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
63
BIA Overall Data Model
Process A
Service 1
Component
v
Process B
Service 2
Component
w
Process C
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
64
Components
A service depends on one or more components:
For example, email:
− Application software
− Hardware (servers)
− Data (reference & transactional)
− Network / communications
Component
v
Component
w
Component
x
Component
y
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
65
Components
A service depends on one or more components:
For example, office building:
− Cooling
− Power Distribution
− Water Systems
− Building Fabric
Component
v
Component
w
Component
x
Component
y
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
66
Components
Failure in any one of the components will have the potential
to render service(s) unavailable
Component
v
Component
w
Component
x
Component
y
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
67
BIA Overall Data Model
Process A
Service 1
Component
v
Process B
Service 2
Component
w
Process C
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
68
Interdependencies
Process A
Service 1
Component
v
Process B
Service 2
Component
w
Process C
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
69
An Example of Component Failure…
Process A
Service 1
Component
v
Process B
Service 2
Component
w
Process C
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
70
An Example of Component Failure…
Process A
Service 1
Component
v
Process B
Service 2
Data
Server
Process C
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
71
An Example of Component Failure…
Process A
DRP
System
Component
v
Process B
eSOP
System
Data
Server
Process C
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
72
An Example of Component Failure…
Online
Sales
Distribution
DRP
System
Component
v
eSOP
System
Data
Server
Payroll
Service 3
Component
x
Component
y
Service 4
Component
z
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
73
Risks
Online
Sales
Distribution
DRP
System
Payroll
eSOP
System
Data
Server
Likelihood of failure, a key element of
risk, exists at this level.
Results in compromise or cessation of
service.
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
74
Impacts
Online
Sales
Distribution
DRP
System
eSOP
System
Payroll
The impact of a service failure will tend
to affect a number of processes, each to
a different extent
Data
Server
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
75
Impacts
Online
Sales
Distribution
Payroll
eSOP
System
• Impact : High - late delivery of on-line orders
• Waiting time : 1 hour
• Contingency : none
• Fallback : manual planning of emailed and ‘phoned orders
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
76
Impacts
Online
Sales
Distribution
Payroll
eSOP
System
• Impact : High - reduced sales
• Waiting time : 30 mins
• Contingency : instruction to customers to email orders
• Fallback : instruction to customers to ‘phone orders through
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
77
Impacts
Online
Sales
Distribution
Payroll
eSOP
System
• Impact : Low - delayed and inaccurate commission payments to
salespeople
• Waiting time : 2 weeks
• Contingency : none
• Fallback : manual processing based on last month
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
78
Impacts
Online
Sales
Distribution
Payroll
eSOP
System
In Summary…
Process:
Distribution
Online Sales
Payroll
Impact:
High
High
Low
Wait Time:
1 Hour
30mins
2 Weeks
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
79
How to Hold
the Information
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
BIA Data Model
COMPONENT
Description
Likelihood
Resilience
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
FALLBACK
CONTINGENCY
Description
Recovery Time
Description
Invoke Time
SCENARIO
Description
BUSINESS
PROCESS /
SERVICE
COMPONENT/
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
COMPONENT/
SCENARIO
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
81
BIA Data Model
BUSINESS
PROCESS
Description
Process Owner
• Description: simple one liner, eg “Payroll Processing”
• Process Owner: typically from the organisation chart
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
82
BIA Data Model
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
• Service Description: simple one liner, eg “SAP System”
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
83
BIA Data Model
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
• Business Process/Service
• Link entity
• eg Payroll / SAP
BUSINESS
PROCESS /
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
84
BIA Data Model
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
• Business Process/Service
• Link entity
• eg Payroll / SAP
BUSINESS
PROCESS /
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
• Impact: H / M / L useful labels
• Wait Time: how long before contingency or
fallback
• RTO: Time from invocation of recovery to
minimum service restored
• RPO: In effect “how much data can you stand
to lose”?
• Fallback: alternative service, survival mode
• Contingency: other means of providing a
similar service
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
85
BIA Data Model
….essentially what info we collected doing DFDs
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
• Business Process/Service
• Link entity
• eg Payroll / SAP
BUSINESS
PROCESS /
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
• Impact: H / M / L useful labels
• Wait Time: how long before contingency or
fallback
• RTO: Time from invocation of recovery to
minimum service restored
• RPO: In effect “how much data can you stand
to lose”?
• Fallback: alternative service, survival mode
• Contingency: other means of providing a
similar service
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
86
BIA Data Model
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
CONTINGENCY
Description
Invoke Time
BUSINESS
PROCESS /
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
• Contingency
• Description: simple one liner, eg “Failover SAP to backup site”
• Invoke Time : time taken to render contingency operational
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
87
BIA Data Model
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
FALLBACK
CONTINGENCY
Description
Recovery Time
Description
Invoke Time
BUSINESS
PROCESS /
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
• Fallback
• Description: eg “Manual processing using last month’s data”
• Invoke Time : time taken to render fallback operational
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
88
BIA Data Model
COMPONENT
SERVICE
Description
Likelihood
Resilience
Description
BUSINESS
PROCESS
Description
Process Owner
FALLBACK
CONTINGENCY
Description
Recovery Time
Description
Invoke Time
BUSINESS
PROCESS /
SERVICE
• Component
Impact
Wait Time
RTO
RPO
Fallback
Contingency
• Description: eg “Data server UK/WAT/0998”
• Likelihood of failure : H/M/L (can quantify if feasible)
• Resilience : comment of resilience measures, eg “RAID”
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
89
BIA Data Model
COMPONENT
Description
Likelihood
Resilience
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
FALLBACK
CONTINGENCY
Description
Recovery Time
Description
Invoke Time
BUSINESS
PROCESS /
SERVICE
COMPONENT/
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
• Component / Service
• Link entity : eg Data Server / SAP
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
90
BIA Data Model
COMPONENT
SERVICE
Description
Likelihood
Resilience
Description
BUSINESS
PROCESS
Description
Process Owner
FALLBACK
CONTINGENCY
SCENARIO
Description
Recovery Time
Description
Invoke Time
Description
Likelihood
BUSINESS
PROCESS /
SERVICE
COMPONENT/
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
• Scenario
• Description: eg “Flooding of Datacentre”
• Likelihood : H/M/L
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
91
BIA Data Model
COMPONENT
Description
Likelihood
Resilience
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
FALLBACK
CONTINGENCY
Description
Recovery Time
Description
Invoke Time
SCENARIO
Description
BUSINESS
PROCESS /
SERVICE
COMPONENT/
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
• Component / Scenario
COMPONENT/
SCENARIO
• Link entity : eg Data server / Datacentre Flooding
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
92
BIA Data Model
COMPONENT
Description
Likelihood
Resilience
SERVICE
Description
BUSINESS
PROCESS
Description
Process Owner
FALLBACK
CONTINGENCY
Description
Recovery Time
Description
Invoke Time
SCENARIO
Description
BUSINESS
PROCESS /
SERVICE
COMPONENT/
SERVICE
Impact
Wait Time
RTO
RPO
Fallback
Contingency
COMPONENT/
SCENARIO
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
93
BIA Model – Example (1)
Service
Risk Comp.
Email
Fail
Business
Process
Impact
Wait Time
Contingency
Time
to
invoke
Fallback
RTO
RPO
L
Sales Orders
H
4 hours
Failover
4h
Phone/fax
2h
1h
Dist. Planning
M
2 days
Failover
4h
Phone/fax
1d
4h
Procurement
L
2 days
Failover
4h
Phone/fax
1d
2d
Scenario
App server
L
d/c fire
Data server
L
Flood
Network
L
Power
App softw.
L
Virus
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
94
BIA Model – Example (2)
Service
Risk Comp.
Fail
Business
Process
Impact
Wait Time
Contingency
Time
to
invoke
Fallback
RTO
RPO
M
Sales Orders
H
4 hours
Failover
4h
Phone/fax
2h
1h
Services
Dist. Planning
M
2 days
Failover
4h
Phone/fax
1d
4h
Office
Procurement
2 days
Failover
1d
2d
Marketing
2 days
Relocate
4h
2d
Phone/fax
Building &
D/centre
L
H
Remote
2d
HR
H
2 days
Relocate
2d
Remote
2d
Finance
H
Relocate
2d
Remote
2d
IT services
H
Relocate
4h
Remote
2d
Support
2 days
4 hours
Scenario
Power
Cooling
M
Fire
L
Flood
Water
L
Weather
Fabric
L
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
95
BCM Mitigation
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Risk / Impact Mitigations
• BIA Model example usage to support :
−
M&E resilience : maintenance schedules / SLA
−
M&E resilience : capital projects
−
M&E resilience : state monitoring / BMS
−
IT : resilience & failover strategies
−
IT : configuration management
−
IT : information security
−
Building fabric : maintenance schedules / SLA
−
Physical security : capital spend / manning / regime
−
Health & Safety : regime
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
97
Workshop Objectives
• Clarify the need for a scalable, re-usable, accessible
approach to BIA
• Demonstrate a simple, graphic approach to obtaining the
information
• Demonstrate a model for storing BIA information and
maintaining interdependencies
• Describe how this BIA model can support a number of uses,
including BCM, ITIL, M&E planning……
• Other…..?
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
98
Questions?
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Presenter’s contact details
Russ Stewart
European Head of Continuity, KPMG LLP
russell.stewart@kpmg.co.uk
www.kpmg.co.uk
© 2007 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms
affiliated with KPMG International, a Swiss cooperative. All rights reserved. This document is confidential and its circulation and use are restricted.
KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative.
Related documents
Randy Green KPMG 2015 SMU Bio
Randy Green KPMG 2015 SMU Bio
See slides
See slides
Joseph Shaveb is a senior associate in KPMG's Mergers
Joseph Shaveb is a senior associate in KPMG's Mergers
Graduate - Summer Intern Application form 2016-2017
Graduate - Summer Intern Application form 2016-2017
CB (13) 11 CIVIL SERVICE COMMISSION Capability Review and
CB (13) 11 CIVIL SERVICE COMMISSION Capability Review and
Tim Bentsen Bio
Tim Bentsen Bio
Slide pack - WTC Twente
Slide pack - WTC Twente
Associates to KPMG Deal Advisory starting in 2016
Associates to KPMG Deal Advisory starting in 2016
Download