What is the Purpose of Abriska 22301?
Abriska 22301 was designed to support organisations conduct a BIA, which fully complies with the requirements of ISO 22301, the International Business Continuity Management Systems (BCMS) Standard. The purpose of ISO 22301 is to support the full life cycle of a BIA from an understanding of which resources are used for each activity and how many are needed during business as usual (BAU) through the impacts over a given timeline, understanding recovery time objectives (RTOs) right through to creating plans to return to a normal level of operation. A key feature of Abriska is that it replaces multiple spreadsheets with a ‘single source of truth’ database. Users are able to enter information through a secure Web-based system, thereby simplifying the BIA process. The relationship information can either be viewed via extracts or via the interactive dependency graph. Following the BIA, you are able to conduct a risk assessment where you identify and combine the assets, preloaded threats, and any specific vulnerabilities along with the impact and likelihood of each threat. This allows you to calculate your business continuity (BC) risks.
Abriska 22301 is designed to cover all bases of the BIA and risk assessment processes and was designed with input from URM’s team of senior BC consultants to ensure compliance with the ISO 22301 Standard.
What Type and Size of Organisation is Abriska 22301 Particularly Suited to?
Abriska 22301 is intended for any organisation looking to adopt an effective BIA and risk assessment tool which provides greater control and a uniform approach to BC. Abriska 22301 can be scaled up to multi-national organisations through its straightforward BIA process that can be conducted against every business-critical activity within the organisation. Due to the structure of the BIA and the process being the same for all organisations, the tool can easily be scaled up where needed by adding more activities.
What Are Abriska’s Key Features?
- Managed workflow for consistent data collection against a uniform approach across the organisation
- The Dependency Graph produced by Abriska 22301 is an interactive way of visualising the relationships between your business areas/divisions, products and services, activities and resources
- By providing the framework for detailed analysis at the BAU stage, you are able to fully capture exactly what each critical process requires and what could potentially disrupt it
- By providing a similar framework for the recovery stage, your organisation can also effectively plan the minimum acceptable requirements for this process
- Impact scales based on each defined business risk type provide an excellent tailored approach to your organisation’s specific risk areas
- RTOs are calculated based on pre-defined setup options to ensure that all activities are treated consistently throughout the organisation.
- You can drill down into activities to view risk levels for each related threat, along with similar views for resources and related activities
- Through both the BAU and recovery stages the inter-relationships between your activities, products and services and resources can be fully analysed and understood; this often results in a clearer understanding of gaps between current capability and what is required. This detailed feature ensures that in the event of a business incident all areas will be aware of their interdependence. This information is crucial in the event of a BC incident.
What are Abriska’s Benefits?
- Proven and trustworthy – Abriska 22301 is underpinned by ISO 22301, the International Standard for Business Continuity Management with the sole purpose of supporting the BIA and risk assessment requirements of this Standard
- Cost and time saving – When compared to a manual spreadsheet, Abriska enables organisations to centrally manage and expand their BIA process without having to rely on a plethora of spreadsheets.
- Shared workload - Abriska is a Web-based product which allows for the easy distribution of BIA and risk assessment tasks, whilst retaining centralised control, configuration and reporting.
- Consistency and repeatability - Abriska is ideally suited to meeting one of the absolute fundamental requirements of ISO 22301, i.e. conducting BIAs in a consistent manner across all areas of the organisation.
- Cloud based – Abriska 22301 is delivered from Microsoft Azure to provide a high level of availability and redundancy
How Does Abriska 22301 Work?
The first step with Abriska 22301 is to identify the organisation’s products and services, followed by the activities that are required to deliver these products and services and then the resources that support the activities. For each activity, the organisation is required to specify the following information: activity duration and frequency, linking to products and services, linking to customers, BAU, outage, recovery and vital records. This information forms the BIA and allows your organisation to identify the RTOs associated with each activity.
As part of its adoption of Abriska, each organisation is required to decide on the timescales involved in recovering the various activities. These same time scales are used in identifying the impacts over time for each activity and each associated impact type. Timescales are also used in assessing the number of each resource type needed during an activity’s BAU as well as how many are needed in recovery. This helps when planning the return to normal levels of operation.
URM ensures that Abriska remains compliant with best practice as outlined in ISO 22301.
What is the purpose of a business impact analysis (BIA) and risk assessment from a business continuity perspective?
ISO 22301, the International Standard for Business Continuity Management, aptly defines business continuity as the “capability of an organisation to continue the delivery of products and services within acceptable timeframes at pre-defined capacity during a disruption”. A critical component in fulfilling this capability and developing a sound business continuity management system (BCMS) is conducting a business impact analysis (BIA) and a risk assessment.
With a BIA, the organisation is seeking to identify the priorities for recovering disrupted activities (business processes) in terms of timescale, level of activity and required resources. The central concept of BIA is that recovery priorities should be based on the impact that would be sustained in the event of a business disruption.
With a risk assessment, the organisation is seeking to identify events that could cause a business disruption and then determine which of these are unacceptable and, therefore, areas where further treatment is required. These treatments include improving business continuity (BC) capabilities as well as other risk reduction measures, for example an IT risk could be reduced by implementing further redundancies within your own infrastructure or migrating to a Cloud IT infrastructure. The process should consider your organisation’s risk appetite, the basis of risk evaluation and acceptance decisions.
The outputs from the BIA and risk assessment provide the foundation for the development of response strategies and the BC plans designed to deliver the optimal resumption of activities.
What are the BIA and Risk Assessment Requirements of ISO 22301?
In addition to the existence of a BIA and risk assessment process, ISO 22301 specifically requires that:
- The determination of risks requiring treatment is based upon their analysis and evaluation
- The BIA includes a determination of the:
- ‘Maximum tolerable period of disruption’ (MTPD) for each activity
- ‘Prioritised timeframe’ for resuming disrupted activities
- Specified ‘minimum capacity’ of resumed activities
- Required resources for each activity and their interdependencies.
What Role can Business Continuity BIA and Risk Assessment Software Play?
BIA and risk assessment software can support the organisation by automating some of the processes involved in:
- Identifying the organisation’s key products and services, critical activities and required resources interrelated areas, processes and resources. Specialist software will help replace multiple spreadsheets and supporting documents and can aggregate information from multiple sources
- Identifying, analysing and evaluating the risks which could either cause a disruption or could affect the recovery of the organisation.
As such, specialist software can help you better understand what is critical to your business and to treat identifiable risks to improve your business continuity response.
More about Abriska
More about Business Continuity
Business Continuity Training
Our office is open 08:00 – 17:30 Monday to Friday.