Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

  

Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

  

Subscribe to our blog

Articles published weekly by IT security and compliance professionals with decades of experience

The Importance of a Business Impact Analysis

CJ Hurd
Apr 6, 2019 1:03:00 PM

Wouldn’t it be nice if we could predict the future?  You would know what stocks to invest in, what sports team was going win, and what lottery numbers to play.  It sure would make life easy, wouldn’t it?!  Well, unfortunately we can’t, so we are going to have to keep working hard, researching the best investments, and doing a lot of guessing, hoping, and praying.

Business Continuity Planning has some similarities.  We must research and work hard to develop a BCP that protects us if something that can negatively impact our organization should take place.  We also will be doing a lot of hoping and praying that a disastrous situation does not occur.  The difference with Business Continuity Planning is that we do have the ability to predict the future!

A Business Impact Analysis (BIA) is a process that allows us to identify critical business functions and predict the consequences a disruption of one of those functions would have.  It also allows us to gather information needed to develop recovery strategies and limit the potential loss.

Completing a BIA will assess the risks of a disaster on the organization.  It will allow for each department within your organization to explain and discuss how an unexpected event would affect their business function.  This will then help your organization prioritize specific functions through the use of Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

  • Recovery Point Objective (RPO) describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or “tolerance.”
  • The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity. In other words, the RTO is the answer to the question: “How much time did it take to recover after notification of business process disruption?“

Consider the Impact

The BIA will identify the operational and financial impacts resulting from the disruption of business functions and processes. Impacts to consider include:

  • Lost sales and income
  • Delayed sales or income
  • Increased expenses (e.g., overtime labor, outsourcing, expediting costs, etc.)
  • Regulatory fines
  • Contractual penalties or loss of contractual bonuses
  • Customer dissatisfaction or defection
  • Delay of new business plans
Some things in life are unavoidable – we certainly cannot control the natural weather cycles which lead to most of these unforeseen situations.  However, by doing your due diligence and conducting a comprehensive Business Impact Analysis, your organization will be well prepared to maintain business functions and overcome those unavoidable situations!

Subscribe by Email

No Comments Yet

Let us know what you think