Email Examples

Previous page
Table of content
Next page

  < Day Day Up > 


Scope

The scope of your BIAis really quite logical, but it does take time to consider all areas. To facilitate your analysis, we have included a phased approach that you may want to consider taking during this process while you build the information portfolio for the particular application/service you have selected.

  • Phase I- Identify which server, system, service, or application you want to analyze.

  • Phase II- Find out which data owners, application administrators, system administrators, database administrators (DBAs), and business unit managers you would like to interview. Hint: During the interview process, ask the interviewees whom else you should be speaking to regarding this particular system.

  • Phase III- Meet with these individuals or groups to start building your information portfolio on this business unit.

  • Phase IV- Generate a report from the information portfolio.

Phase I

What is it that you will be analyzing? Remember that as you begin this process, it will begin to waterfall into other BIAs. Here is what we mean:

  • Identify the name of the system or service.

  • Start a new information portfolio for this service, application, or system.

  • Identify the components required for this service, application, or system to be recovered. This includes hardware and software components as well.

Start where you are familiar and move on from there. For example, you know that accounts receivable (AR) is fairly important; begin analyzing that and soon you may find that there is a much larger package that contains AR you should be analyzing.

Since this has been written for the purposes of analyzing IT functions, you may want to create a form that is fairly generic as it pertains to systems, services, or applications. You will bring into your organization a much higher level of consistency, which is key when it comes to delegating the task of conducting BIAs to other team members.

Phase II

Now that you have the name of the system or service that you want to analyze, you should have enough information to begin building your contact list for interviews. When you choose whom to talk to, start at the highest level and work your way down. This accomplishes two things:

  1. If you get the audience with the first person you talk to, you know you are getting someone who will understand the impact to the business.

  2. If this person asks you to speak with someone who reports to him or her, you know that you will get his or her full cooperation having been told by a superior to work with you.

We have found that some people do not like talking about the likelihood of a disaster and subsequent impact to their business units, mainly because a process such as this exposes more than just the systems; it may also expose policies and procedures that need to be changed within the business unit. Unfortunately, those of us who conduct BIAs are often viewed in the same light as an auditor. Yet although the process may be painful, the end result makes for a much stronger company and organization.

Moving on, continue to build your information portfolio and schedule your appointments Here are some points you may want to follow during this process:

  • Identify the parties with an interest in the components you have identified in Phase I.

  • Make sure you have listed the data owners, application administrators, system administrators, DBAs, and so on.

  • Make contacts and set up interview appointments.

Play detective-assume nothing and ask everything. Let the interviewees give you the information and avoid the tendency to 'help' with the answers. It is even a good idea if you have a junior staff member or the IT staff administrator assist in the interview process so as not to taint the answers with your own. You will then get a better image of what the business unit perspective is.

Some of the areas to cover in this interview process are as follows:

  • What are the areas of impact to the business should this system or service become unavailable? Remember, different levels of individuals will have different perspectives on the impact, so interview as many people as possible.

  • What other business units rely on this component of the organization?

  • Is this a revenue-generating application or activity?

  • What financial impact would it have if it were down?

  • What, if any, service level agreements (SLAs) are in place with either internal or external customers?

  • What monetary impact does that SLA have with either internal or external customers?

  • If you are a publicly held company, how much exposure could you stand before you begin to lose shareholder confidence? How would a loss affect your reputation on Wall Street?

Phase III

Now that you have a list of people to talk to, kindly ask them to allocate 60 to 90 minutes of their time in the next couple of weeks in order to complete this analysis. Always work with an agenda, especially if you are at the upper management level. Their time is limited, and without an agenda prepared at least 48 hours prior to the interview, you may find yourself having to reschedule and thus lose some level of credibility. Remember, this is as much a marketing campaign for the IT team as it is an investigation of the particular systems or services that need to be protected. Be sure to send out reminder emails. You should send at least three:

  • One after you first schedule the appointment

  • Another when you send the agenda, at least 48 hours prior to the meeting

  • A third 24 hours before the meeting

It won't seem like you are badgering them, and it will be enough to get your point across. You are saying that this is important, you are taking it seriously, and you intend on running this analysis with as much professionalism as possible.

That was scheduling 101, so now let's jump into the interview process itself. The agenda you sent out should list the scope of this meeting. In other words, you should have done enough investigative work at this point to be able to outline to the interviewees just what it is you are trying to accomplish and with what system or service. It's also important for them to know that this is a business-critical function and in order for the company to become aware of the impact of a loss, this meeting must take place.

With each subsequent meeting with an individual or group of individuals, be sure to use separate interview forms that will be placed in your information portfolio. Document everything, and if possible, ask the person(s) for permission to record the conversation in order to be as thorough as possible during this analysis. The information out of these meetings is very important; it will dictate the direction for the DR plan as it pertains to this particular business unit's system or service. At this point in the interview process, you do not want to dispute with the managers, saying such things as 'Oh that would cost too much money to recover it in that way!' Show some restraint and just write down or record their responses to your questions. It's okay to let them know that the shorter the recovery time, the higher the cost associated with it. However, your analysis will have a far greater impact on the managers after you have summarized your report and presented them with the costs of recovery based on their level of expectation than if you try to convince them during the interview. Also try to remember that you invited them to this meeting, so you should listen to what they have to say about their business needs. If you sound as though you are cutting them off at every step, they will be less apt to want to help you during your interview time. Your ability to recover their system is going to be solely based on what they tell you during this meeting. Remember, it's all about IT marketing.

Following are some items to keep in perspective when talking about recovery:

  • Legal requirements, such as in an SLA, if any.

  • Corporate image. If you are a leader in data widgets and lose a critical data center that tracks the production of your data widgets, what kind of consumer confidence will that build or destroy? What about Wall Street if you are a publicly traded company?

  • How much money will you be losing if you can't access this system?

You can create your own forms or use the templates we have here, but basically you should identify the costs associated with a particular system or service unavailability. As you do this, remember to factor in the other components that are dependent on this system as well. You will have to work with your finance team or an outside risk assessment team to come up with some average figures for your industry to qualify how heavy the financial impact would be on your organization. Many of the industry research firms will have this type of information, so if your company subscribes to their service, perhaps you should query their database of information to add into your BIA forms. Suffice it to say that the levels of severity will be driven by the financial impact to be felt. It may be a good idea to frame it in such as way that the financial impacts are in ranges of your selection from 1 to 10 and to associate each level with a recovery window, with 10 having the most financial impact and probably requiring the shortest time of recovery. You will have to determine what these ranges are for your organization.

Phase IV

This is where the real work starts. You need to begin summarizing the information gathered from all of the interviews you conducted. Make sure you include in this report any red flags you have noted, along with risks, business impact, length of time this service or system could be down- including the amount of money lost per day, per hour, or per minute depending on the type of service it is-and the recovery steps. The recovery steps are based on assumptions you have made in the scope of your DR plan; so if you haven't planned to recover from a complete facility loss, do not attempt to build the recovery steps to do so here. Having said that, what you can do is create a list of what is required in order to recover this system, including the following:

  • Hardware.

  • Software, including OS, applications, and so on.

  • Data, include how current the data must be.

  • Recovery time, which is dictated by the business unit manager. This is not something we contradict during the initial meeting. At most companies, if the business unit managers believe the recovery of their service must happen in a particular time frame, the cost of building the resiliency they require would come out of their budgets. If that's not the case at your company, we recommend that you still hold back until you deliver your report. We still think that it has a much bigger impact.

  • An impact report, listing the financial impact, consumer confidence impact, and so on. This report is at the heart of the BIA and is of critical importance to the business unit and upper management.


  < Day Day Up > 


Previous page
Table of content
Next page
Implementing Backup and Recovery(c) The Readiness Guide for the Enterprise
Implementing Backup and Recovery: The Readiness Guide for the Enterprise
ISBN: 0471227145
EAN: 2147483647
Year: 2005
Pages: 176
Authors: David B Little, David A. Chapa
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Adobe After Effects 7.0 Studio Techniques
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Twisted Network Programming Essentials
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy