Site icon Eminence Papers

Business Impact Analysis (BIA) and Business Continuity Plan (BCP)

Business Impact Analysis (BIA) and Business Continuity Plan (BCP)

Health Network Inc. is a fictitious firm that provides health services and is headquartered in Minneapolis, Minnesota. The company’s staff exceeds 600 employees and generates annual revenue of $500 Million. Health Network offers three broad categories of products: HNet Exchange, HNetPay, and HNetConnect. As the primary revenue source, HNet Exchange provides the company with sufficient security for the electronic messages generated by the patients visiting the facility. The data is then routed to receiving customers at the organization’s diverse clinics. On the other hand, the second product, HNet Pay, secures the payments and billing processes of the organization’s customers. The platform accepts various forms of payment that clients may use. The final product of HNetConnect is an online platform that lists doctors, clinics, and other medical facilities, allowing customers to locate suitable forms of care at the correct location. The platform comprises personal information, work addresses, medical certifications, and various services that healthcare providers can provide.

Business Impact Analysis (BIA) Plan

Business impact analysis (BIA) is a technique used to predict the outcomes of disruptions to a business, its processes, and the systems utilized in collecting the relevant data. The data collected by the project manager can be used in developing strategies to aid the business in recovering from any form of emergency it may experience while carrying out various sets of economic activities (Păunescu et al., 2018). The primary reason businesses should carry out business impact analysis is because it is part of the comprehensive plan that comes in handy in minimizing various forms of business risk. Some commonly identified risks that may disrupt businesses include the failure of suppliers, cyber-attacks, labor disputes, and unnatural disasters (Păunescu et al., 2018).

Business impact analysis is essential for the organization because it necessitates prior planning. It has been established that it is ineffective for a business to initiate a response in the midst of a crisis. This initiative can be termed a reactionary measure. However, proactive businesses often have measures to address these risks whenever they occur, resulting in a more effective outcome (Păunescu et al., 2018). Also, proactive measures give the management team more confidence in responding to these risks. The other significance of conducting a business impact analysis plan is that it necessitates prioritization of activities (Păunescu et al., 2018). Through business impact analysis, the organization can distinguish operations that require immediate recovery from those that can wait. It also identifies lost income from the disruption, higher costs incurred by the business, and the erosion of the business’s reputation with the customer base.

Critical Business Functions

Health Network Inc. executes its economic venture based on reliability and endurance. The functionalities of this company are pegged on the availability of resources. The function of Health Network Inc. is based on the following three frameworks: HNet Exchange, HNet Connect, and HNet Pay. Some of the critical business functions are listed below;

Electronic communication and connectivity between the patients and the healthcare providers

Provision of patient support through the generation of follow-up instructions and treatment plans

Improving administrative processes comprising scheduling, billing, and claims management

Adoption of various payment approaches to make accessibility of services easy and effective

Proper allocation of healthcare professionals to individual cases of patients

Storage of patient information for future reference

Transmission of services between facilities to allocate patients proper forms of care in their respective geographical locations

Critical Resources

The following are the critical resources contained within the Health Network framework;

Web servers

Electronic data

Wi-Fi connectivity for access by customers, clients, and employees

The organization offers applications and mobile devices

Computers and laptops

Organizational portal

HNet Exchange emerged as the primary product being extensively utilized by Health Network Company out of the three identified frameworks. HNet Exchange was the most utilized framework because it generated significant revenue for the organization. Furthermore, HNet Exchange forms the platform where healthcare professionals, clients, and other centers interact. Besides this, the other framework of HNet Pay is concerned with safeguarding the payments and billing processes of the customers who visit the organization in pursuit of various sets of services. Lastly, the HNet Connect framework collects administrative datasets comprising emergency records, profile information, and customer data.

Maximum Acceptable Outage (MAO) and Impact

The maximum acceptable outage (MAO) refers to the maximum time a system can be unavailable before adverse consequences can begin being experienced within the organization. The table below outlines the maximum acceptable outage for various levels, together with their respective impacts on the operations of the Health Network organization.

Impact Value MAO Impact
Level 1 Internet access for 15 minutes

 

The unavailability of the Internet for 15 minutes causes employees to resort to other activities that do not require Internet access.
Level 2 Portal access for 30 minutes

 

The clients would be kept waiting for the portal to grant them access.
Level 3 Access to HNet Pay for 30 minutes

 

Clients have experienced a slight delay in service acquisition because the billing and payment processes need to be fixed.
Level 4 HNet Exchange Access for one and a half hours There will be some compromise from third-party attacks, requiring several forms of adjustments.

Recovery Point Objective (RPO) and Recovery Time Objective (RTO)

The recovery point objective (RPO) refers to the data-loss metric, which is expressed in time and directly correlates to existing applications. In organizational settings, the RPO is used to determine the point in time to which data would be required to be recovered after the occurrence of a disruption (Fani & Subriadi, 2019). It is applied to define the data recovery strategy to be used in leveraging the applications, hence informing the selection of appropriate technology and cost implications. The increasing reliance on technology has caused RPOs to become shorter and shorter with time (Fani & Subriadi, 2019). Therefore, Health Network Inc. can utilize RPO effectively by understanding the need behind the recovery time. Since this company uses multiple applications to coordinate activities within the healthcare sector, it can easily establish how it can be worked around by understanding its respective functions.

On the other hand, the recovery time objective (RTO) refers to the time it takes a business to be restored to its initial condition before the occurrence of the disruption. Organizations use RTO to develop recovery strategies and execute technologies that permit this to happen within the stipulated time frame. The accurate estimation of the dollar and on-dollar impacts of the disruption caused by the threats experienced at Health Network Inc. necessitates the arrival of realistic RTO (Fani & Subriadi, 2019). Nevertheless, in the absence of BIA, businesses can still determine the RTO by adopting a less formal process.

Business Continuity Plan (BCP)

Purpose

A business continuity plan outlines the various measures an organization can adopt to maintain processes before, during, and after a disaster (Azadegan et al., 2020). Every business’s goal is to continue its operations despite the disruptive events it may experience while carrying out its economic venture. Concerning Health Network, the disaster relates to third-party attacks that may compromise the provision of healthcare services to respective customers (Fani & Subriadi, 2019). Health Network Inc.’s operations should be vigilant in applying respective continuity guidelines and procedures. The primary components of the continuity plan relate to identifying the risks that may face the organization and outlining the measures that can be adopted to address these challenges.

Scope

The service areas of Health Network Inc. are the following three frameworks: HNet Exchange, HNet Connect, and HNet Pay.

Recovery Objectives

Recovery Point Objective (RPO)

The recovery point objective (RPO) refers to the number of files that must be recovered from the backup system for the resumption of normal operations in incidences where the computer or network goes down due to program or communications failure. In normal circumstances, the RPO is expressed backward from when the failure is experienced and is exhibited in seconds, minutes, hours, or days. An RPO is an essential component within the organization because it outlines the minimum frequency with which backups can be made (Fani & Subriadi, 2019). This aids the organization in selecting the optimal disaster recovery procedures and technologies. For instance, if Health Network Inc. has an APO of one hour, the admins in the organization should ensure that the backup schedules occur at least once per hour.

In organizational settings, such as Health Network Inc., RPOs define the duration of time before the volume of data loss exceeds the maximum data loss outlined within the business continuity plan (BCP). The amount of data loss permitted by an RPO is identified as the enterprise loss tolerance (Fani & Subriadi, 2019). The loss tolerance of HNet Exchange was higher than that of HNet Pay or HNet Connect. The project manager at Health Network will be obligated to set the desired data backup frequency that fits the time that loss tolerance permits. The following are the four tiers of an RPO based on the workload and loss tolerance of the Health Network;

Critical Data (0-1 hour) – This includes the most vital data the organization cannot afford to lose, such as the data for billing and payment processes. Here, the RPO will be set for continuous backup.

Semi-critical data (1-4 hours) – Examples of data categorized as semi-critical include file servers or chat logs of Health Network. The RPO would be set for up to four hours.

Less Critical (4-12 hours) – This is data that the organization is not in haste to prevent the loss, such as marketing information. Health Network Inc. can work with a more extended loss tolerance of up to 12 hours.

Infrequent (13-24 hours) – This relates to infrequently updated data, such as product specifications, which can have an RPO of as long as 24 hours.

Recovery Time Objective (RTO)

The recovery time objective (RTO) is the amount of time that may elapse during or after a disaster before the services or processes of the organization are restored to normal levels. RTO captures the maximum allowable time between the unanticipated disaster and the resumption of normal service levels (Fani & Subriadi, 2019). Higher priority frameworks such as HNet Exchange receive more rigorous recovery objectives. Some of the categories of RTOs for Health Network include more than four days, between 1 and 4 days, less than 24 hours, less than 4 hours, and finally, less than 1 hour.

Recovery Teams

A recovery team is a group of individuals with defined roles and responsibilities required to foresee the recovery procedures of a business from existing threats or attacks. The recovery teams for Health Network will comprise these categories;

Professional IT Management

The Emergency Monitoring Team (EMT)

The Disaster Recovery Team (DRT)

Responsibilities of Team Members

The entire team will comprise the business continuity committee, crisis management team, and recovery teams. The business continuity committee (BCC) performs various roles in the recovery process. For instance, the team members in BCC ensure that the BCP is up to date, review and maintain the BCP budget, and approve significant changes in BCP (Azadegan et al., 2020). The committee also ensures that the BCP is consistent with other BCP documents, assessing all the issues relating to the plan and reporting the status of the BCP to the management committee (Azadegan et al., 2020). Additionally, the crisis management team must plan the organization’s future after the threats, implement measures to return to normalcy and handle post-crisis activities. Finally, the recovery teams handle all the activities in the emergency to enable Health Network Inc. to return to normalcy.

 References

Azadegan, A., Syed, T. A., Blome, C., & Tajeddini, K. (2020). Supply chain involvement in business continuity management: effects on reputational and operational damage containment from supply chain disruptions. Supply Chain Management: An International Journal25(6), 747-772.

Fani, S. V., & Subriadi, A. P. (2019). Business continuity plan: examining the multi-usable framework. Procedia Computer Science161, 275-282.

Păunescu, C., Popescu, M. C., & Blid, L. (2018). Business impact analysis for business continuity: Evidence from Romanian enterprises on critical functions. Management & Marketing. Challenges for the Knowledge Society13(3), 1035-1050.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


*NEW PROJECT PART 4 DETAILS*
Project Part 4: Business Impact Analysis (BIA) and Business Continuity Plan (BCP)
Senior management at Health Network has decided they want a business impact analysis (BIA) that examines the company’s data center and a business continuity plan (BCP). Because of the importance of risk management to the organization, management has allocated all funds for both efforts. Your team has their full support, as well as permission to contact any of them directly for participation or inclusion in the BIA or BCP.

Business Impact Analysis (BIA) and Business Continuity Plan (BCP)

Winter storms on the East Coast have affected the ability of Health Network employees to reach the Arlington offices in a safe and timely manner. However, no BCP plan currently exists to address corporate operations. The Arlington office is the primary location for business units, such as Finance, Legal, and Customer Support. Some of the corporate systems, such as the payroll and accounting applications, are located only in the corporate offices. Each corporate location is able to access the other two, and a remote virtual private network (VPN) exists between each production data center and the corporate locations.
The corporate systems are not currently being backed up and should be addressed in the new plan. The BCP should also include some details regarding how the BCP will be tested.
For this part of the project:
Research BIAs and BCPs.
Develop a draft BIA plan for the Health Network that focuses on the data center. The BIA should identify:
Critical business functions
Critical resources
Maximum acceptable outage (MAO) and impact
Recovery point objective (RPO) and recovery time objective (RTO)
Develop a draft BCP that could recover business operations while efforts are ongoing to restart previous operations. You may use or repurpose a BCP template you find online. Include a description of how you would test the plan.
Submission Requirements
Format: Microsoft Word (or compatible)
Font: Arial, size 12, double-spaced
Citation style: Your school’s preferred style guide

Exit mobile version