Support to the ACT Business Analysis (BIA) Team

SUPPORT TO THE ACT BUSINESS IMPACT ANALYSIS (BIA)

Location : Norfolk, VA, USA (On-site)

Period of Performance : Base Period: Award – 31 December 2024, Option Period One: January 2025 – 31 December 2025, Option Period Two: 1 January 2026 – 31 December 2026, Option Period Three: 1 January 2027 – 31 December 2027, Option Period Four: 1January 2028 – 31 December 2028
 

Background Information:

Headquarters Allied Command Transformation (HQ SACT), ACT Office of Security (AOS) is the lead for all aspects of security in ACT, including physical security, personnel security, CIS security, and security of information.

The Business Continuity (BC) section within AOS is responsible for conducting business impact analysis of HQ SACT for BC purposes to identify prioritised products and services, which is an essential element of the Business Continuity Management System (BCMS).

Business Continuity Management (BCM) has become essential as a result of an audit conducted by the International Board of Auditors on the lack of policies and standards for BC planning within NATO to ensure the continuous delivery of products and services. This post will be instrumental and unique in providing the required support to the BC Staff Officer for the development and execution of the BC Plan. The main analysis technique to make certain that business continues for HQ SACT is through the Business Impact Analysis (BIA), which considers the timeframes and critical resources required to deliver prioritised products, services, processes and activities in the event of a disruption or disaster. The BIA will enable the HQ SACT to endorse or modify the scope of the BC programme. The BIA will identify legal, regulatory and contractual obligations. The BIA will evaluate impacts over time as well as identify BC requirements including downtime tolerance and capacity. The BIA will define a list of the prioritised products, services, processes, activities and critical resources by determining the maximum tolerable period of disruption (MTPD) for each. The BIA will identify the dependencies and interdependencies between products, services, processes, activities and critical resources. The BIA will also identify the recovery time objectives (RTOs) for the prioritised products, services, processes, activities and critical resources to avoid reaching the MTPD in support of BC planning and management. BIA is not a one-time or single stage activity but an ongoing process within the BCM cycle.

Currently, there is no recent Business Impact Analysis (BIA) conducted at HQ SACT or oversight provided to subordinate bodies to ensure the timeframe and critical resources necessary to continue to deliver such products and services during a disruption, man-made or natural disaster. As a step to meet BC requirements, this contract would support the production of BIAs for HQ SACT and provide professional guidance and direction to ACT subordinated bodies on conducting BIAs.
 

Tasking :

This contract provides technical support to the ACT Business Continuity Teams at each of the

ACT locations. Specific responsibilities include:

1. Analyse and prioritize the ACT business processes required to deliver the priority products and service; format to be coordinated with BC Staff Officer and Section Head.
2. Propose a suitable approach for developing the BIAs for HQ SACT and subordinate entities.
3. Analyse and create a prioritize list of the activities that produces or supports the delivery of the products and services; format to be coordinated with BC Staff Officer and Section Head.
4. Determine and create a list of the critical resources needed to carry out Business Continuity objective; format to be coordinated with BC Staff Officer and Section Head.
5. List and prioritize products and services, and determine the MTPD and RTO for each; format to be coordinated with BC Staff Officer and Section Head.
6. Determine and map all internal and external dependencies of activities on another activity; format to be coordinated with BC Staff Officer and Section Head.
7. Perform a risk and threat assessment to identify unacceptable levels of risk single points of failure; format to be coordinated with BC Staff Officer and Section Head.
8. Identify and list known and anticipated internal and external threats; format to be coordinated with BC Staff Officer and Section Head.
9. Create a process level impact table; format to be coordinated with BC Staff Officer and Section Head.
10. Estimate and illustrate the impact of each threat to the organization; format to be coordinated with BC Staff Officer and Section Head.
11. Determine and illustrate the probability of disruption for each threat; format to be coordinated with BC Staff Officer and Section Head.
12. Illustrate the calculation of a risk score for each threat; format to be coordinated with BC Staff Officer and Section Head.
13. Develop a list to prioritise the threats based on the risk score for the prioritised activities; format to be coordinated with BC Staff Officer and Section Head.
14. Prepare briefings on the completion of the final analysis and final consolidation; format to be coordinated with BC Staff Officer and Section Head.
15. Collect information on products, services and activities in the form of workshops, questionnaires and interviews; format to be coordinated with BC Staff Officer and Section Head.
16. Seek and document top management approval of the BIA so that BC solutions and mitigations measures can be designed.
17. Attend BC meetings on a monthly basis, or when directed by BC Staff Officer and Section Head, to brief status of BIAs.

Essential Qualifications :

1. 1. Bachelor’s Degree or equivalent national academic qualification in a numeric discipline
   2. Certified to at least the level Business Continuity practitioner under a national or international certification scheme.
   3. Education and training in Risk Management
   4. At least 4 years of experience in Business Continuity supporting a large international organization

1. Demonstrated proficiency in English as defined in STANAG 6001 (Standardized Linguistic Profile (SLP) 3333 - Listening, Speaking, Reading and Writing) or equivalent.
2. Active NATO SECRET (or higher) personnel security clearance issued by the industrial security authority of a NATO member nation
3. Valid NATO Nation passport with no travel restrictions to NATO nations
4. Proficiency in the use of the Microsoft Office Tool suite and collaborative software
5. Minimum of 60 Points in the Subject Matter Expert Criteria