Obtain an updated copy of business’ organization chart containing the list of business units and functions names of the functional managers of each unit confirm with Business Unit Directors and Business Unit Senior Management that these are the correct people to be interviewed.

Inform the interviewees, in advance, of the:

• Overall Business Continuity Plan process
  • Scope, assumptions, goals, etc.

Business processes

Importance of their contribution

Prepare for data collection and analysis process of each business unit by:

Preparing Business process questionnaires

• Quantitative (Loss of revenue, extra expense, legal penalties, etc).
• Qualitative (Business Interruption, Loss of confidence, damage to reputation, etc.)
• Develop and send questionnaires, in advance, to interviewees

Interviews

State the Scenario

• Assume worst case scenario
• No physical access to building
• No remote access to IT systems

Conduct interviews to address representatives from

• Business Unit
  • IT Support
    • Mainframe/LAN/WAN
    • Network Telecommunications

Type of information required

• Estimated numbers (answers) to some of (but not all) of the
• Qualitative and
• Quantitative questions
• Don’t get bogged down on details
• Remind them that their feedback will be part of overall deliverable that will be reviewed and confirmed by senior management
• Return for Financial Information
• May not be able to get financial info during interview
• Follow up, after a reasonable period of time, to acquire

Analyze information to produce the final deliverable

• Review results with interviewees to ensure information is accurate
  • No surprises
  • Produce a deliverable that should contain
    • Identification of each critical business unit
      • Title of each respective  business function
      • Supporting Critical IT systems and applications
      • Priority number

Maximum outage time

• Hours, days
• Interdependencies
• Workflow impact
• BIA questionnaires
• Presentation to senior management
• Review and modify (if required)
• Obtain their approval to continue to the next phase

Business Unit Functions/Applications

• Date of interview
• Name of interviewees
• Description of each function
  • Main purpose
  • Size (revenue, employees, customers)
  • Sources of data
  • Critical and peak time (daily, weekly, monthly)
  • IT system/applications interfaces

Alternate procedures (if IT systems down)

• Consequences
• Additional costs
• Length of time
  • Priority of each function
  • Proposed recovery strategy

Interdependencies with Other Business Units Locations

• Internal/External
  • Business processes
  • Workflow activities

Business Unit Functions/Applications Impact Outage

Quantitative Analysis Financial Impact

• Loss of revenue
• Loss of sales
  • Penalties for late payment
  • Unavailability of funds
  • Interest charges

Business Unit Functions/Applications Impact Outage

Quantitative Analysis Extra Expenses

• Hiring of temporary workers
• Overtime
  • Acquisition of equipment
  • Acquisition of outside services
  • Rental or lease of equipment
  • Temporary location of staff, etc.

Business Unit Functions/Applications Impact Outage

Qualitative Analysis Operational Impact

• Loss of customer service
• Loss of customer confidence
• Damage to reputation
  • Legal Liabilities
    • Contractual obligations
    • Punitive actions

Business Unit Functions /Applications Analyze

Recovery Windows – Information to calculate and determine

• Maximum downtime per business unit
• Critical business units
• Priority of critical business units
• Interdependencies with other business units
  • Critical – recovery required within 2 hours
  • Urgent – recovery required within 24 hours
  • Important – recovery required within 2 days
  • Regular – recovery required within 5 days
  • Non-Critical – recovery required within 15 days