Choose timezone
Your profile timezone:
IT Business Impact Analysis and Business Continuity
→
Europe/Zurich
Business Continuity and Business Impact Analysis Briefing
|
|
| Quick recap | |
| The meeting served as a kickoff session for CERN's business continuity planning process, with Yiannis introduced as the consultant to guide the approach. The team discussed conducting a business impact assessment (BIA) to evaluate how disruptions affect different aspects of processes, including financial, operational, and reputational impacts. Derek outlined the methodology for reviewing services and their impacts, emphasizing the need for departmental assessments and future meetings to gather necessary details for the business continuity planning process. | |
| Next steps | |
| • Tim and Derek to send email with available meeting slots to attendees for scheduling one-on-one business impact analysis sessions. | |
| • Group leaders to review their service catalogs and consider grouping similar services together before the one-on-one sessions. | |
| • Tim and Derek to prepare and send some preliminary homework to attendees before the one-on-one sessions. | |
| • IT Department to participate in upcoming one-on-one business impact analysis sessions with Tim and Derek. | |
| • Tim and Derek to conduct consolidation exercise after completing all business impact analyses and present results back to the group. | |
| Summary | |
| CERN Business Continuity Planning Kickoff | |
| The meeting served as a kickoff session for the practical work on business continuity planning at CERN, following a presentation by Derek and Tim in late May. Derek introduced Yannis, a consultant and expert, who will guide the process, as CERN's IT departments plan to approach this differently. Yannis was set to provide an overview of the methodology for the business continuity planning system, and the team planned to address any questions or concerns and schedule one-on-one meetings in the coming months. | |
| Business Impact Assessment Overview | |
| Yiannis provided an overview of the business impact assessment (BIA) process, emphasizing its importance in creating a practical and useful business continuity plan. The BIA evaluates how disruptions affect different aspects of a process over time, considering factors such as equipment, human resources, and third-party dependencies. It also assesses the financial, operational, and reputational impacts of disruptions, helping to determine recovery time objectives and maximum tolerable downtime for each process. Ymioannides encouraged questions and noted that further details would be discussed in subsequent sessions. | |
| Process Disruption Impact Analysis | |
| Yiannis discussed the financial, operational, and reputational impacts of process disruptions. For an 8-hour disruption, the financial impact is minimal, ranging from 0 to 1, while operational impacts are also minor. For a full day without the process, the financial impact increases to about 1. Over one month, the financial impact could rise from 1 to 3, depending on the type of process. The operational and reputational impacts were also considered, with the latter varying based on the severity and public attention of the disruption. | |
| Business Impact Analysis Methodology | |
| Derek explained the methodology for conducting a business impact analysis and outlined a plan to schedule meetings with group representatives to gather information about the impact of service disruptions. He emphasized that while some questions may not have immediate answers, follow-up meetings and homework assignments will be used to gather the necessary details. Once all groups have been surveyed, the data will be consolidated into a single spreadsheet for balancing and final analysis. | |
| Business Continuity Planning Strategy | |
| Derek explained the approach to business continuity planning, noting that only high-priority services requiring immediate response within 1-3 days would have pre-planned strategies, while services with delayed impacts would be handled improvisationally. Wayne raised a point about the difference between departmental and CERN impact values, which Tim clarified by explaining that while the impact levels follow the ERMAC process, they are applied at the departmental level with more granular detail. | |
| Department Service Review Methodology | |
| Derek clarified that the review will cover all services in the department's service catalog, which could number over 100, though they may discuss consolidating similar services to avoid repetitive reviews. Arne raised concerns about the definition of services versus processes and the need to group similar services to streamline the review process. Derek explained that the review will focus on the impact of losing each service, using the BEST3 methodology, and emphasized that the starting point is considering the loss of a service, rather than specific scenarios. | |
| Service Disruption Financial Impact Assessment | |
| The team discussed the financial impact of service disruptions, with Arne asking about translating compute resource losses into monetary values. German explained that while they have impact data for some areas like experiments, they lack detailed information about how service disruptions would affect other departments and their communities. Derek clarified that the focus should be on direct impacts rather than secondary effects, and mentioned they are conducting group-by-group assessments across departments to understand specific activity dependencies. | |
| CERN Business Impact Analysis | |
| The team discussed conducting a business impact analysis for CERN services, focusing on understanding dependencies and rating service criticality. Derek explained that while they are doing this department by department, the ideal is to cover the entire organization, though this is currently impractical. Tim noted that the process will help with prioritization and recovery testing, while Derek mentioned that business continuity has been recognized by a director and will receive support. The next steps involve Tim sending availability slots for a kickoff meeting where they will discuss services and impact assessments, followed by a consolidation exercise to identify critical services for business continuity planning. | |
| AI-generated content may be inaccurate or misleading. Always check for accuracy. |
There are minutes attached to this event.
Show them.
