BUSINESS CONTINUITY MANAGEMEN

Business Impact Analysis

Client Name: BIAL

MANAGEMENT
Index
1 Start BIA
2 Functional Breakdown
3 Impact Analysis
4 RTO Summary
5 Systems
6 Assets
7 Skills
8 Vital Records
9 Workspace
10 Dependencies Legend
Do not type in grey filled cells
pe in grey filled cells
 BIAL Business Continuity Management
BIA Information

Date of BIA:

Business Unit: Testing Unit

Department: IT
Business Unit Description
Vendor Viability - Strong balance sheet and visionary management
End to end solution comprising > Fast
growth, Business process outsourcing ,IT outsourcing IT services
Delivery excellence- consistent on time, on budget delivery and rapid implementation
Proven and highly scalable Systems (Finnacle)

Functional Owner: Infosys,Mr Girish Vaidya Senior vice president and Head Business unit
Reports to: Nandan Nilekani MD and COO of Infosys
Location: Bengaluru
BAU* Operational Head Co173051
BAU* Support Head
26778
Count:
*BAU is defined as Business As Usual
ity Management

Friday, February 24, 2017

anagement
nd solution comprising > Fast
T services
very and rapid implementation
ble Systems (Finnacle)

r vice president and Head Business unit

of Infosys
 BIAL BUSINESS CONTINUITY MANAGEMENT
Impact Analysis Scale

SCORE LEVEL CONSEQUENCE TYPE

Financial
Infrastructure

1 Insignificant
HSEQ (Health, Safety, Environment and Quali
Reputation
Legal and Compliance
Financial
Infrastructure

2 Low HSEQ (Health, Safety, Environment and Quali

Reputation
Legal and Compliance
Financial
Infrastructure

3 Moderate
HSEQ (Health, Safety, Environment and Quali

Reputation
Legal and Compliance
Financial
Infrastructure

4 High HSEQ (Health, Safety, Environment and Quali

Reputation
Legal and Compliance
Financial
Infrastructure

5 Major
HSEQ (Health, Safety, Environment and Quali

Reputation
Legal and Compliance
MANAGEMENT

Imapct
IMPACT
Revenue decrease < R5m, Cost Increase < R5m
Insignificant impact on operations
Medical Incident, Short term local impact extending only as far as the activity,
Temporary impairment, full recovery is probable
Insignificant Local complaints, Minor disruptions to relations
Low level legal case
Revenue decrease R5m - 10m, Cost increase R5 million - R10 million
Performance below goal but within acceptable limits
Slight injury/First Aid, Medium term (5-15yrs) impact limited to the site and its
immediate surroundings, Permanent mild impairment which causes mild
restriction on daily functioning
Minor local public attention, Breakdown in relations at local govt. level and local
clients and suppliers
Minor legal issue
Revenue decrease 10m -20m, Cost increase R10 million - R20 million
Performance below goal. Moderate changes to infrastructure required.
Lost-time injury, long term regional impact, impact will cease after the
operational life of the activity, Permanent and moderate impairment which
causes significant restriction on daily functioning
Local impact- significant local public concern, Breakdown in relations with key
people at decision making level in State Government, Clients and Suppliers
Serious breach of the law. Moderate penalties
Revenue decrease 20m -50m, Cost increase R20 R50 miliion
Performance unacceptable- major changes required
Major injury or permanent disability, Permanent national environmental impact,
Permanent severe impairment resulting in death within 1-2 years
Regional impact- regional public concern, Breakdown in relations with National
Agencies, heads of critical clients and suppliers
Major breach of the law. Considerable penalties
Revenue decrease > 50m, Cost increase >R50 million
Unacceptable Performance - No alternative exists
A fatality, Event results in Legal action/ affect stakeholder relationships.
Permanent duration/ direct impact on human health. Felt across international
borders, Acute terminal illness with rapid progression to death
National /International impact-national/ international public concern, Breakdown
in relations with national government Ministery /National Departments
Very considerable penalties and prosecutions. Multiple law suits and jail terms
 BIAL Business Continuity Management
Functional Breakdown: Testing Unit

Headcount(C
Important Time of Comments (regarding
Function Process ritical Short Description Important Days of Month Process Type Manual Workarounds description
Day Days & Time)
Personnel)
Planning and Control 10% i. To determine the scope and risks and identify the Initial 4 Days of the project Working hours Since its the initial days of Manual Since the feasibilty of the clients
(Managers) objectives of testing. the project, so here time is requirement is checked here hence it is
ii. To determine the test approach. spent on understanding the done by the managers manually
iii. To implement the test policy and/or the test strategy. functional document of the
client project requirements
Analysis and Design 20% (Team i. To review the test basis. 4th to 13th Days of the month Working hours After undertsandiwng the Partially Automated After understanding the feasibility, test
Leads) ii. To identify test conditions. clients requirement senior conditions can be either manually
iii. To design the tests. team starts working on test written or can be automated by the help
iv. To evaluate testability of the requirements and system. conditions and test cases of a software
v. To design the test environment set-up and identify and simultaneously to the
required infrastructure and tools. development of the code Manual
Implementation and Execution 60% (Software i. To develop and prioritize our test cases by using 14th Day to 22nd Days of the Working hours After the development of test Partially Automated Here execution can be either done
Engineers) techniques and create test data for those tests. month cases, execution starts and manually or it can also be automated
ii. To create test suites from the test cases for efficient test workaround for test case using a software like QTP(Quick Test
execution. failures is implemented and Professional)
iii. To execute test suites and individual test cases tested again for proper
TESTING following the test procedures. functionality of the software
iv. To re-execute the tests that previously failed in order to
confirm a fix.
Partially Automated
Evaluating exit criteria and Reporting 60% (Software i. To check the test logs against the exit criteria specified 23rd day to 26th Days of the Working hours After the execution of test Manual We need to check it manually whether
Engineers) in test planning. month cases it is checked whether the test execution is done properly as
ii. To assess if more test are needed or if the exit criteria the execution has met the per the exit criteria by the TL(Team
specified should be changed. exit criteria as per the client Lead)
iii. To write a test summary report for stakeholders. requireent Automated
Test Closure activities 20% (Team i. To check which planned deliverables are actually 27th to 30th Days of the month Working hours Senior team finally decides Manual Managers are involved here to manually
Leads) delivered and to ensure that all incident reports have been whether the software can be verify whether all the clients
resolved. delivered successfully to the requirements are properly tested or not
ii. To finalize and archive testware such as scripts, test clients as per the exit criteria so that they can proceed for User
environments, etc. for later reuse. after successful completion Accepance Testing
iii. To handover the testware to the maintenance of User Accepamce Testing
organization. They will give support to the software.
iv To evaluate how the testing went and learn lessons for
future releases and projects.
 BIAL Business Continuity Management
Impact Analysis: Testing Unit

Process Name Type of Impact 0 - 4 Hours4-8 Hours

8 - 24 Hours

Finance
Network Infrastructure
HSEQ (Health, Safety,
Environment and Quality)
Planning and Control Reputation
Legal and Compliance
Highest Impact 1 1 2
Process RTO Up to 1 Week

Process Name Type of Impact 0 - 4 Hours4-8 Hours

8 - 24 Hours

Finance
Network Infrastructure
HSEQ (Health, Safety,
Environment and Quality)
Analysis and Design Reputation
Legal and Compliance
Highest Impact 1 1 1
Process RTO More than 1 Mon

Process Name Type of Impact 0 - 4 Hours4-8 Hours

8 - 24 Hours

Finance
Network Infrastructure
HSEQ (Health, Safety,
Implementation and Environment and Quality)
Execution Reputation
Legal and Compliance
Highest Impact 1 1 1
Process RTO 2-4 Weeks

Process Name Type of Impact 0 - 4 Hours4-8 Hours

8 - 24 Hours

Finance
Infrastructure
HSEQ (Health, Safety,
Evaluating exit criteria Environment and Quality)
and Reporting Reputation
Legal and Compliance
Evaluating exit criteria
and Reporting

Highest Impact 1 1 1
Process RTO 2-4 Weeks

Process Name Type of Impact 0 - 4 Hours4-8 Hours

8 - 24 Hours

Finance
Infrastructure
HSEQ (Health, Safety,
Environment and Quality)
Test Closure activities Reputation
Legal and Compliance
Highest Impact 1 1 1
Process RTO 2-4 Weeks

h
 More
Up to 3 Up to 1
2-4 Weeks than 1 Rationale and Comments
Days Week
Month

Since the managers understand the

clients requirement here hence after 3
days the impact on finance will be more
because here they decide the budget of
the project similarily reputation and legal
and compliance issues can occur in case
3 5 5 5 of critical software projects
Up to 1 Week
More
Up to 3 Up to 1
2-4 Weeks than 1 Rationale and Comments
Days Week
Month

Since we are usually taking nine days fotr

this process so upto one week there is
not much impact on the project but after
that it can have an impact on finance,
reputation and legal and compliance
1 2 3 4
More than 1 Month
More
Up to 3 Up to 1
2-4 Weeks than 1 Rationale and Comments
Days Week
Month

Here implementation and execution of

test conditions is done hence upto one
week there will be no major impact but
after that it will start impacting project
delivery timelines
2 3 4 5
2-4 Weeks
More
Up to 3 Up to 1
2-4 Weeks than 1 Rationale and Comments
Days Week
Month

After the successful execution it is

verified whether the test conditions have
been successfully tested as per the exit
criteria hence upto three days there is
not much impact but after that it will
affect project timelines
 After the successful execution it is
verified whether the test conditions have
been successfully tested as per the exit
criteria hence upto three days there is
not much impact but after that it will
affect project timelines
2 3 4 5
2-4 Weeks
More
Up to 3 Up to 1
2-4 Weeks than 1 Rationale and Comments
Days Week
Month

Here managers verify the execution of

the project as per the client requirements
so as to proceed with the user
acceptance testing hence after three
days clients will expect everything to be
completed else it can affect the finance,
2 3 4 5 legal and compliance issues.
2-4 Weeks
 BIAL Business Continuity Management
RTO Summary: Testing Unit

Ref Process name

0 - 4 Hours

Planning and Control

i. To determine the scope and risks and identify the objectives of testing.
ii. To determine the test approach.
iii. To implement the test policy and/or the test strategy.

Analysis and Design

i. To review the test basis.

ii. To identify test conditions.
iii. To design the tests.
iv. To evaluate testability of the requirements and system.
v. To design the test environment set-up and identify and required
infrastructure and tools.
Implementation and Execution

i. To develop and prioritize our test cases by using techniques and

create test data for those tests.
ii. To create test suites from the test cases for efficient test execution.
iii. To execute test suites and individual test cases following the test
procedures.
iv. To re-execute the tests that previously failed in order to confirm a fix.
Evaluating exit criteria and Reporting

i. To check the test logs against the exit criteria specified in test
planning.
ii. To assess if more test are needed or if the exit criteria specified
should be changed.
iii. To write a test summary report for stakeholders.

Test Closure activities

i. To check which planned deliverables are actually delivered and to

ensure that all incident reports have been resolved.
ii. To finalize and archive testware such as scripts, test environments,
etc. for later reuse.
iii. To handover the testware to the maintenance organization. They will
give support to the software.
iv To evaluate how the testing went and learn lessons for future releases
and projects.
0
Lowest RTO:
 Lowest RTO
Up to 1 Week

RTO
More
8 - 24 Up to 3 Up to 1 2-4
4-8 Hours than 1
Hours Days Week Weeks
Month

x Up to 1 Week

x More than 1 Month

x 2-4 Weeks

x 2-4 Weeks

x 2-4 Weeks
0 0 0 1 4 7
Up to 1 Week Up to 1 Week
0 - 4 Hours
4-8 Hours
8 - 24 Hours

Up to 3 Days

Up to 1 Week

2-4 Weeks

More than 1 Month

Ref System

Mainframe

Quick Test Professional

Quality centre

People Soft

Tableua
*The Recovery Time Objective (RTO) for each system refers to the first point at which a process requires access
timeframe for each critical system is defined by the shortest RTO for the processes it supports.

** The Recovery Point Objective (RPO) for each system refers to the maximum data loss that is tolerable to the

*** The Minimum Tolerable Period of Disruption (MTPoD) refers to what time the organisation can be
disrupted without treat to be out of business all together

Both RTO, RPO and MTPod are selected from the following list
0 - 4 Hours
4 - 8 Hours
8 - 24 Hours
Up to 3 Days
Up to 1 Week
2 - 4 Weeks
More than 1 Month
N/A
Planning and Control
Analysis and Design
Implementation and
Evaluating exit criter
Test Closure activities
0
0
0
0
0
0
0
All processes
BIAL Business Continuity Management
Critical Systems: Testing Unit

Critical process(es) supported by system Process RTO RTO*

Implementation and Execution 4 - 8 Hours

Implementation and Execution 8 - 24 Hours

Implementation and Execution 8 - 24 Hours

Planning and Control 0 - 4 Hours

Analysis and Design 8 - 24 Hours

bjective (RTO) for each system refers to the first point at which a process requires access to the system. The RTO
tical system is defined by the shortest RTO for the processes it supports.

Objective (RPO) for each system refers to the maximum data loss that is tolerable to the process.

rable Period of Disruption (MTPoD) refers to what time the organisation can be
t to be out of business all together

TPod are selected from the following list

1
2
3
4
5
9
10
11
12
13
14
15
17
 Platform (e.g.
Package or
RPO** MTPod*** Server/Deskto Comments
Bespoke?
p)
A large high-speed
computer, especially one
0 - 4 Hours Up to 1 Week Package Desktop supporting numerous
workstations or
peripherals.

Provides functional and

regression test automation
4 - 8 Hours Up to 3 Days Package Desktop
for software applications
and environments.

It is a web-based tool and

supports high level of
communication and
association among various
stakeholders (Business
4 - 8 Hours N/A Package Desktop
Analyst, Developers ,
Testers etc. ) , driving a
more effective and
efficient global application-
testing process

PeopleSoft is an integrated
software package that
provides a wide variety of
0 - 4 Hours Up to 1 Week Bespoke Desktop business applications to
assist in the day-to-day
execution and operation of
business processes.

Tableaucanhelpanyonesee
andunderstandtheirdata.
Connecttoalmostany
0 - 4 Hours Up to 1 Week Bespoke Desktop
database,draganddropto
createvisualizations,and
sharewithaclick.
 system. The RTO

ss.
 BIAL Business Continuity Management
Critical Assets: Testing Unit

Back-up
Ref Asset Quantity Location
available?

Software asset Yes

Services No

Physical assets Yes

Information assets Yes

 Comments

Application software,System software

Computing services that the organization has outsourced.

Computer equipment: Mainframe computers, servers,

desktops and notebook computers.Communication
equipment: Modems, routers, EPABXs and fax machines.

Databases: Information about your customers, personnel,

production, sales, marketing, finances.
 BIAL Business Continuity Management
Skills: Testing Unit

Staf Skills Set

Analytical and logical thinking,The ability to envision

Management business situations,Critical thought and rational
enquiry,People manageent skilsl

Test conditions, Test cases development skills,clients

Team Lead
functional requirements undertsanding skills

Software Engineers Coding skills and software testing tools skills

Network Engineers Network manitainece skills

Planning and Control

Analysis and Design
Implementation and Execution
Evaluating exit criteria and Reporting
Test Closure activities
Err:509
Err:509
Err:509
0
0
0
 0
0
0
0
All processes
Associated Process Comments

Should be capable of understanding client requirements

Planning and Control and business impact interms of feasibility and cost
/benefits

Should be capable of transforming clients requirements

Analysis and Design
into test conditions/ test cases

Implementation and Should be capable of executing the test conditions /

Execution test cases

Implementation and Should be capable of setting up the network/

Execution environment as per the project needs
 BIAL Business Continuity Management
Vital Records: Testing Unit

Up to Up to
System 0-4 4-8 8 - 24
Vital Records 3 1
dependancy Hours Hours Hours
Days Week

Client Requirement document Y

Functional testing requirement

Y
document

Test condition/scenarios
Y
document

Defect report document Y

Test closure/Exit criteria

Y
document

Y
N
 Lowest RTO:
Upto1Week

More
2-4
than 1 Alternate Source Media Type
Weeks
Month

None Software

None Software

None Software

None Software

None Software
 Comments
0 - 4 Hours

Project initiation starts after receiving the client

requirement document mentioning all the functionalies
required by the client in the software
4-8 Hours

In this document functionalities of the software which are

feasible for testing are defined
8 - 24 Hours

Here test scenarios/ test cases are defined as per the

project requirements
Up to 3 Days
Here all the defects encounteerd during execution are
written with their proper solutions from the development
team Up to 1 Week

Here all the clients requirements are tested against the

pre defined exit criteria
2-4 Weeks
More than 1 Month
 BIAL Business Continuity Management
Workspace: Testing Unit

0-4 4-8 8-24 Up to 3 Up to 1 2-4

Workspace
Hours Hours Hours Days Week Weeks

Data Card
Laptop
ERP
SAP
MTN Corp- APN
Testing Softwares

0-4 4-8 8-24 Up to 3 Up to 1 2-4

Equipment
Hours Hours Hours Days Week Weeks

Communication equipment

Modems, routers, EPABXs and

fax machines.
y Management Lowest RTO:
Upto1Week
0 - 4 Hours
4-8 Hours
More
than 1 Comments
Month 8 - 24 Hours

The workspace requires it for testing

Up to 3 Days
Up to 1 Week
More
than 1 Comments
Month 2-4 Weeks

To communicate
More than 1 Month
To communicate using internet , and quick
transfer of data
an 1 Month
 BIAL Business Continuity Management
Dependencies: Testing Unit

External dependency Activity

Development Team Code development

Networking related acitivities like cloud

Network Team
deployment

Internal dependency Activity

Software Testing Team Execution of test scenarios/ test cases

Software testing tools Helpful in the execution of test cases

Planning and Control

Analysis and Design
Implementation and Execution
Evaluating exit criteria and Reporting
Test Closure activities
Err:509
Err:509
Err:509
0
0
0
0
0
0
 0
All processes
ity Management

Associated Process Comments

Analysis and Design Code development as per the client requirement

They will be responsible for the smooth

Implementation and Execution
functioning of the testing project

Associated Process Comments

They will test the software as per cleint

Implementation and Execution
requiremtns

For execution of test scenarios/ test cases eg:

Implementation and Execution
Mainframe, QTP,Quality centre
 Business Im

Dear: Infosys,Mr Girish Vaidya Senior vice president and Head Business unit i

1 Introduction

A Business Impact Analysis (BIA) has been conducted for in order to customise the business continuity plan according to the needs of
based on the following worst case scenario:

A catastrophic event occurs causing a halt in the daily operations of BIAL

The following assumptions apply to the worst case scenario:

The business as usual workspace is not available;
BIAL resources are not available;
All personnel are available to work; and
The incident occurs during the working day.

- This document is a summary of the BIA meeting you had with the BCM Project Team on

Please note that the BIA information in this document is a statement of recovery requirements not a statement of recovery capability. F
sign-off of the BIA, key risks will be identified that impact the critical processes and gaps or areas of improvement will be identified to e
and capability is in alignment with the risk of the company.

2 Your Business Impact Analysis

This document summarises the recovery requirements, in terms of recovery time objectives, workspace, systems, vital records and ass
recovery of your teams or functions critical processes.

2.1 Your Function

Business Unit Business Unit Head

Business as Usual Support He Business Unit reports to

Function description
As part of the BIA performed the following critical processes have been identified as part of your function:

2.2 Your BIA Summary

Recovery Time Objective (RTO) summary

The following RTOs have been established for the critical business processes in which your team or function is involved.

RTO
# Process name
0-4 Hours
4-8 Hours

Planning and Control

i. To determine the scope and risks and identify the objectives of testing.
01 ii. To determine the test approach.
iii. To implement the test policy and/or the test strategy.

Analysis and Design

02 i. To review the test basis.

ii. To identify test conditions.
iii. To design the tests.
Implementation and Execution
iv. To evaluate testability of the requirements and system.
v. To design the test environment set-up and identify and required infrastructure
i.
and Totools.
develop and prioritize our test cases by using techniques and create test data
03
for those tests.
ii. To create test suites from the test cases for efficient test execution.
iii. To execute test suites and individual test cases following the test procedures.
iv. To re-execute
Evaluating the tests
exit criteria andthat previously failed in order to confirm a fix.
Reporting
04
i. To check the test logs against the exit criteria specified in test planning.
ii. To assess if more test are needed or if the exit criteria specified should be
Test Closure activities
changed.
iii. To write a test summary report for stakeholders.
05 i. To check which planned deliverables are actually delivered and to ensure that all
incident reports have been resolved.
ii. To finalize and archive testware such as scripts, test environments, etc. for later
reuse.
iii. To handover the testware to the maintenance organization. They will give support
Day(s) and to theTime(s)
software. of Importance
iv To evaluate how the testing went and learn lessons for future releases and
The following day(s) of the month and time(s) of the day have been identified as critical for the delivery of the critical processes by this
projects.

# Process Name Important day(s) of th Important time(s) of the day

Manual Process workarounds
The key processes identified are either manual, automated, or partially automated and manual workarounds have been identified in the

# Process Name Process Type Manual workarounds description

Critical systems summary

The following systems have been identified that support the delivery of critical processes by this team or function. Please confirm these
additions and / or deletions.

Critical Process(es)
Package vs.
System Platform supported by the RTO* RPO**
Bespoke
system

*The Recovery Time Objective (RTO) for each system refers to the first point at which a process requires access to the system. The RTO
is defined by the shortest RTO for the processes it supports.
** The Recovery Point Objective (RPO) for each system refers to the maximum data loss that is tolerable to the process.
*** The Minimum Tolerable Period of Disruption (MTPoD) refers to what time the organisation can be disrupted without threat to be out

Critical assets
The following assets have been identified as critical to your team or function.
 Backup
Quanitit Locatio
Asset availabl Comments
y n
e?
Application software,System
Computing services that the
computers, servers, desktop
has outsourced.
notebook
Databases:computers.Commu
Information abou
equipment: Modems, routers
customers, personnel, produ
marketing, finances.

Recovery requirements summary

The following workspace and equipment recovery requirements have been identified.

Up to More
0-4 4-8 8 - 24 Up to 2-4
Workspace 1 than 1
Hours Hours Hours 3 Days Weeks
Week Month
Data Card
Laptop
ERP
SAP
MTN Corp- APN
Testing Softwares

Up to More
0-4 4-8 8 - 24 Up to 2-4
Equipment 1 than 1
Hours Hours Hours 3 Days Weeks
Week Month

The following staff have been identified as critical as part of your recovery requirements.

Critical staf Skill set Comments

Should be capable of understanding cli
requirements and business impact inte
Analytical and logical thinking,The ability to envision feasibility and cost /benefits
Management business situations,Critical thought and rational
enquiry,People manageent skilsl

The following vital records have been identified as part of your recovery requirements.

Up to
System 0-4 4-8 8 - 24 Up to 2-4
Vital Records 1
dependancy Hours Hours Hours 3 Days Weeks
Week
Client Requirement document Y
Functional testing requirement
Y
document
Test condition/scenarios
Y
document
Defect report document Y

Dependency summary
The following internal and external dependants within your function have been identified.

External dependency Activity Associated process

Internal dependency Activity Associated process

3 BIA Sign-of
If the BIA information for your functional area is accurate, please sign off the section below.

Name

Signature Date
 Business Impact Analysis Sign-of

ead Business unit infosys

plan according to the needs of the . The BIA has been conducted

he BCM Project Team on <<date of meeting>>

tement of recovery capability. Following your finalisation and

provement will be identified to ensure the applicable insurance

, systems, vital records and assets needed to support the

Business as Usual Head Count

Location
ction is involved.

RTO
Up to More
8 - 24 Up to 2-4
1 than 1
Hours 3 Days Weeks
Week Month

of the critical processes by this team or function.

me(s) of the day Comments

unds have been identified in the event of a disaster.

arounds description

or function. Please confirm these and make any appropriate

MTPod
Comments
***

s access to the system. The RTO timeframe for each critical system

e to the process.
rupted without threat to be out of business all together
 Comments

Application software,System software

Computing services that the organization
computers, servers, desktops and
has outsourced.
notebook
Databases:computers.Communication
Information about your
equipment: Modems, routers,
customers, personnel, EPABXs
production, and
sales,
marketing, finances.

Comments

The workspace requires it for testing

Comments

To communicate

ments
be capable of understanding client
ments and business impact interms of
ty and cost /benefits

More
Alternate
than 1 Media Type
Source
Month
None Software
None Software
None Software
None Software

Comments
Code development as per the client
requirement
They will be responsible for the smooth
functioning of the testing project

Err:509
Err:509

Err:509

Err:509

Err:509

Comments
They will test the software as per cleint
requiremtns
For execution of test scenarios/ test cases
eg: Mainframe, QTP,Quality centre