Business Impact Analysis (aka BIA) is one of the most critical Business Continuity Planning components. During this step we identify critical processes within the organization, calculate qualitative and quantitative impacts, specify required resources, and most importantly, define the Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
With that said, we will break down the good ol’ Who, What, When, Why, and How of this process. Let’s get started!
You! If you are reading this, then you have probably been assigned the glorious role of Business Continuity Planner, Disaster Recovery Planner. For many, this can be a daunting undertaking. An annoying task, it’s not like you don’t have enough on your plate, right?
Well lucky for you, there are people like us in this world who truly enjoy this industry. It is our goal to make Business Continuity Planning (BCP) as easy as possible while obtaining valuable results. Let’s keep going.
What is a Business Impact Analysis (BIA) you ask? In a nutshell, the BIA is a methodical process that analyzes the impacts of a disruption to your normal business operations.
Below we have broken down the common fields and questions that are found in a BIA.
Qualitative and Quantitative Impacts:
Critical or Key Staff
All interlinked inputs and outputs for the process
Recovery Time Objective (RTO) and Recovery Point Objective (RPO):
RTO of the process
RPO of the process
Depending on the standard you follow, there can also be the Maximum Allowable Downtime (MAD), or Maximum Tolerable Period Downtime (MTPD), etc.
Upon completion of the BIA, it is important to have it signed off or approved by Executive Management.
Now! If you haven’t conducted a BIA, then you are pretty much guessing which process are more critical than others.
The BIA is conducted after the Risk Assessment, (Step 3 in our methodology). Like your Business Continuity Plan, this is also a living document. It should be maintained and updated at least annually, and definitely when changes occur within the organization.
Simply to understand what processes are critical to your organization. If you were facing a major interruption, wouldn’t you want to know how to stop the bleeding ASAP? By conducting a BIA, you will understand which processes are your organization’s critical arteries. Something you don’t want to find out during an actual disaster. Think: avoid financial loss, legal issues, and reputation impact.
This is the fun part. When conducting a BIA there are a few things you will need to do:
- Identify the BIA method. Will you send a survey? Have a group session? Conduct one-on-one interviews? There is no right or wrong way, but one-on-ones typically capture the best data.
- Once you have decided on the style, you will need to schedule these meetings/surveys with the subject-matter expert of the process. Why? To ensure you get valuable and correct data.
- If your industry is regulated, use that as your fire power ( i.e. “If we don’t complete the BIA we’ll have regulatory penalties”). If not, make sure to get Executive Management support to help you with departments that are reluctant in partaking in the BIA.
To learn more about how Continuity Innovations can help you with your BIA, please contact us: