Please select user.
There are no topics yet.
I have a problem in BIA analysis. Analyzes an exemplary process: customer service at the financial point - stationary. The process is carried out, for example, in 10 locations in the country. In case of threats related to a specific point, e.g. a fire, only one facility loses. However, in the event of a ransomware attack or a complete failure of our ISP, none of the 10 work. What data related to the interruption of customer service should be taken into account in the analysis? Analyze the entire department or a single stationary service point? Please help!
The BIA questionnaire in 22301 Document Toolkit lists disruption periods of 2 hours, 4 hours, 24 hours, 48 hours and 1 week. There are some processes that are, although fundamental in company's operation, prone by their nature to prolonged periods of disruption. And although disruption of those for one week has been valued as 3 (high impact) by the top management, the impact still wouldn't be catastrophic.
The question I have is: do I need to tweak the questionnaire to include longer periods of disruption, like 1 month, so that we actually define at what point the consequences are considered to become catastrophic for the company, of we can leave them be, because they are still valued as 3, so non-acceptable by nature, so it doesn't really matter whether it's 3 or 4, the Business Continuity Strategy wouldn't change from that?