Business Impact Analysis
How KJT Group Used a Business Impact Analysis to Develop a DR Strategy and Meet New Compliance Regulations
Summary
KJT Group is an evidence-based consulting firm, focused specifically on healthcare. Their client-base includes pharmaceutical, biotech, and medical device manufacturers, as well as health insurers. As a result, they collect and process health-related data and adhere to information security standards set by the International Organization for Standardization (ISO).
As the threat landscape evolves and compliance standards change, KJT Group made the decision to invest resources into their security posture to ensure compliance, develop a disaster recovery strategy, and improve overall functionality. They enlisted ProArch’s help in completing a Business Impact Analysis (BIA) to assess the organization.
Situation
Due to the nature of their work in health care, KJT Group decided to implement security standards as defined by ISO. The ISO framework was recently amended to include a new standard: ISO 27001, which required a BIA to reach compliance.
KJT Group also wanted insight into their disaster recovery process and any technical risks associated with their current state. They already had plans to migrate all workloads to the cloud to improve security, so they took this as an opportunity to assess any potential gaps in their cloud-readiness. This meant they would need an analysis of any technical requirements that needed resolving before migration.
“We were using Amazon Web Services but there were shortcomings where security was involved. As our needs changed, we knew it was time to take a hard look at our data and processes as a whole.” - Param Singh, Senior Director of Information Technology and Information Security, KJT Group
Solution
KJT Group needed to determine expectations for recovery for each application in scope, the risk to the organization regarding downtime, and their current capability to meet recovery requirements. Without the resources to gather this information in-house, they began the search for IT partners that could guide them and provide recommendations based on their business objectives.
Ultimately, KJT Group partnered with ProArch to perform a Business Impact Analysis. This provided a more holistic view of their infrastructure and how a disaster recovery incident may impact it.
The primary focus areas of the assessment were determined to be:
- Datacenter architecture
- Microsoft Active Directory best practices analysis
- Network Infrastructure
- Client services
- IT processes and compliance
- Network administration
ProArch began by collecting data related to key business and technical areas, which ultimately informed the final analysis, deliverables, and recommendations. Next, the team established technical requirements for all applications, systems, networks, and assets. This included strategic planning sessions to document changes required to meet the various business units' Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), which would ensure compliance.
Throughout the Business Impact Analysis, ProArch developed an actionable road map that prioritized and recommended solutions that supported KJT Group’s goals.
- Disaster Recovery gaps
- Operational and financial impact of current state vs future state
- Inventory and analysis of data
- Application inventory, dependencies, and recovery capabilities
- Analysis of technical gaps
Benefits
KJT Group and ProArch’s partnership was results-driven and ultimately helped them reach key business goals.
As a result of the Business Impact Analysis, KJT Group has secured benefits like:
- Improved cybersecurity posture
- Established RPO and RTO requirements
- Met compliance with ISO 27001 requirements
- Strategy for cloud migration
“The Business Impact Analysis allowed us to bridge the technical gaps between what we had and what we needed.”