See Recovery Tier from BIA on Business Application?

cvik · ‎10-11-2023

Hi,

What is the relationship between "Emergency Tier" on Business Application in the CMDB and the "Recovery Tier" from the BIA in BCM module? Also, do they in any way relate to "Business Criticality"?
Is there a way to see the BIA result on the Application form?

Community Alums · ‎10-11-2023

Emergency Tier on Business Application record is to categorize whether it's business critical, mission critical or non critical this Categorization of the application is used when an emergency is ON.

Now in terms of BIA in BCM module, Recovery Tier record form to configure a recovery tier with a set of business applications by using BCM UIB Workspace.

You can configure recovery tier with a set of business applications that follow a similar range of recovery time objective (RTO) values. Use the Recovery Tiers module in the Business Continuity Management application navigator to configure a recovery tier.

While creating Recovery Tier record use Recovery time objectives to use the business critical applications which you have categorized in the business application table using emergency tier, this works as a reference for creating Recovery Ties, for example:

You cannot see BIA result on the Application form unfortunately.

peter_mcevoy · ‎10-24-2023

"Emergency Tier on Business Application record is to categorize whether it's business critical, mission critical or non critical this Categorization of the application is used when an emergency is ON."

I do not understand this. The BIA is what is used to determine the criticality of the application (for an Applicaiton Assessment). Why would the resulting Criticality Tier not be available in the Business Application record?

The definition of 'Emergency Tier'

Emergency tier

Actions or plans executed for the application in an emergency situation.

doesn't refer to any 'Loss Scenario' (what's an 'emergency'?)

Additionally, the field 'Business Criticality' is part of the Business Applicaiton record:

Business criticality

How critical the application is to the business. Auditing is enabled for the field.

Is this field not related to the BIA?

The Response to a 'Loss Scenario' would be the documented BCP, likely the Disaster Recovery Plan for that Business Application.

cvik · ‎10-25-2023

We ended up designing our own logic that uses the RPO/RTO values from the Dependency Assessment in the BIA to calculate the requirements a Business Application has based on all approved BIAs that the Business Application is part of. The flow will update new custom fields for "Required RPO" and "Required RTO" on the Business Application (CSDM). In addition the Business Criticality field will be set from "Required RTO".

In our organization we prefer to use BIA on Business Processes and not on Business Applications. The reason is that an application can be part of multiple business processes in completely different departments or business units. No single person or department can alone answer the impacts of an application outage. The IT Application Owner on the other hand know what the system is used for and by whom but is unable to determine the impact to the business such as financial impact or customer reputation. They can answer a lot of questions related to dependencies but we would rather maintain those in the CMDB.

There are however some technical systems that we have as Business Applications, but are not really used as part of a Business Process (with emphasis on Business). One example beeing Identity Access Management. For those we might conduct a simplified Application BIA or we will create a Business Process within the IT department to be able to rate Business Criticality, RTO and RPO requirements.

peter_mcevoy · ‎07-14-2025

I haven't been able to decipher any of this; seems like overcomplication is the standard.

This is how I feel about it: