myecfirst hitrustlogo PCILogo
Business Impact Analysis & Disaster Recovery

slide-inner-bia-12

Business Impact Analysis & Disaster Recovery Plan
Prepared for a Disaster?

Contingency planning, also referred to as Business Continuity Planning (BCP), is a coordinated strategy that involves plans, procedures and technical measures to enable the recovery of systems, operations, and data after a disruption. A Business Impact Analysis (BIA) is the foundation for building Contingency Plans.

Once the BIA is completed, Contingency Plans can be developed using the information identified in the BIA. Typically, two types of Contingency Plans will need to be developed. Emergency Mode Plans for business unit recovery and Disaster Recovery Plans (DRP) for Information Technology (IT) systems and infrastructures.

HIPAA Compliance Mandates

Contingency plan is a HIPAA Security standard. The objective of the contingency plan standard is to establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain EPHI. As shown in bold in the Figure below, the Contingency Plan standard is defined within the Administrative Safeguards section of the HIPAA Security Rule.

Standards Implementation Specifications R=Required
A=Addressable
Contingency Plan Data Backup Plan
Disaster Recovery Plan
Emergency Mode Operation Plan
Testing and Revision Procedure
Applications and Data Criticality Analysis
R
R
R
A
A

Contingency plan related requirements are also identified as implementation specifications in the Physical Safeguards section of the HIPAA Rule as well as the Technical Safeguards section.

It Starts with a BIA

A BIA is a critical step in contingency planning. The critical steps for a BIA include the need to:

  1. Identify business disruption events and measure probabilities
  2. Identify critical business functions
  3. Identify critical computer resources that support key business functions
  4. Identify disruption impacts and allowable outage times
  5. Develop recovery priorities

Our bizShieldtm Methodology

The Seven Steps to Enterprise Security™ is a methodology that describes a road-map to safeguard sensitive business information and enterprise vital assets. This methodology is also referred to as bizSHIELDtm.  bizSHIELDtm has also been influenced by the clauses (domains) defined in the ISO 27002 security standards as well as the CobIT and NIST security frameworks.

The bizSHIELDtm methodology delivers Confidentiality, Integrity and Availability (CIA) of your vital information and business assets. This methodology provides the blueprint for defending today’s enterprise. The Seven Steps methodology provides the framework for addressing contingency requirements.

The bizSHIELDtm security methodology identifies seven critical steps for an organization to follow as a twelve-month framework for organizing and prioritizing enterprise security initiatives.

Our Professional Team

ecfirst only engages credentialed professionals for its BIA engagements. Credentials such as CISSP, CSCS™ and CBCP are typical of ecfirst teams assigned to client engagements.

Your Commitment to Us

  1. Interviews with key members of IT staff, key individuals in departments and management.
  2. Copies of IT system and network documentation including downtime procedures and inventory of vital assets such as servers and applications.

Our Deliverable to You

bizSHIELDtm Business Impact Analysis (BIA) document will be created based on our review and analysis of information collected from your organization. This bizSHIELDtm Business Impact Analysis (BIA) Report will include information in the following areas:

  • Business Risk Assessment
    • Key business processes identification
    • Time-bands for business service interruption management
    • Financial and operational impact
  • Key Sensitive Systems and Applications Summary
  • Emergency Incident Assessment
    • BIA process control summary for emergency incident assessment
    • Serious information security incidents
    • Environmental disasters
    • Organized and/or deliberate disruption
    • Loss of utilities and services
    • Equipment or system failure
    • Other emergency situations

Fixed Fee with a Monthly Payment Schedule: Call for details and a customized proposal exclusively for your organization. On-Demand Compliance Solutions from ecfirst provides your organization with access to specialized compliance and security skills with no short term or long term commitments. Get Started Today!

Complimentary Private Webcast on Contigency Planning & BIA

For a complimentary private Webcast on Contingency Planning & BIA, please contact Karen Durbin at Karen.Durbin@ecfirst.com.