Business Impact Analysis

Business Impact Analysis, or BIA, refers to the process of determining, assessing and evaluating the potential effects of a disruption to critical operations, functions and processes, covering but not limited to inherent, and residual risks, impacts over time on revenue, net profit, and EBITDA.

A business impact analysis (BIA) forecasts the consequences of disruption over time The loss scenarios would have been preidentified through the previous stage the Risk Assessments, these potential loss scenarios would also consider a disruption to the supply chain, and other dependencies.

BIA quantifies the impacts of disruptions on a service, the risks to co and assigns Recovery Point objectives (RPO). Recovery time Sectivec (RTO s), estábished the Maximum Tolerable Period Of Disruption (1) for key processes products.

Identifying and evaluating the impact of these incidents leveraged from the previous phase the Risk Assessment will provide the investment justification for the next phase Recovery Strategies, mitigation and further controls potentially.

The point in time when a business function or process suffers” from a disruptive event to resuming its business as usual activities is quantified and projected loses shown in the final BIA report.

Usually when the BIA is completed we will see the dependencies on services, and infrastructure, and gain an understanding of whether or not IT, and the business (expectations to restore services) are aligned, usually they are not, due to either lack of communication, or budgetary issues.

What threatens your business?

A Business Impact Analysis (BIA) is usually but not always the first step understanding the Business and indeed setting in place a Business Continuity Management Road Map, plans and procedures. The overall objective of such a project is to ensure that, in the event of a significant reduction or loss of key resources, the impacts upon the critical business activities of the ‘Client Organisation’ are minimised i.e. the business can continue to function. The intention is to run your company if engaged through a series of “mini” BIA`s” (Business Impact Assessments) and Risk Assessments (RA) leveraging key individuals within the organisation providing valuable information through workshops and templates designed at gather information on what is your companies critical business processes and risks face by your company, leading to a sound business recovery and mitigation strategy.

Information collection will cover at minimum:

Mapping Of Critical Systems & Applications To Businesses, Upstream, Downstream
Assigning Recovery Time, And Point Objectives
Assigning Maximum Tolerable Period Of Disruption
Quantitative/Qualitative impacts Over Time, Inherent And Residual Risks, And Respective Mitigation Activities
Health Safety And Environmental Impacts
Financial Costs of Downtime (Tangible & Intangible)

Service Delivery, And Supply Chain
Organisational
Productivity
Reputational Impacts
Geographical, And Political Impacts
Legal / Statutory impacts

The deliverables from this phase will be a report that includes analysis both qualitative and quantitative of the business units:

Identification of the critical business activities linked to the IT system
Identification of the critical time period (if any) for each activity
Linkages to other activities, either internal or external;
Identification of the key resources that are used to perform the critical business activities;

Identification of any Vital Records (electronic or paper based);
Requirements needed to support the critical business activities at the minimal level.
Recommendations for next steps and budgetary costs
The maximum tolerable period of disruption to business activity

Recovery Time Objectives and the strategic options for the establishment of an appropriate Systems continuity capability
The impact, on the business activity, caused by the unavailability of each key resource (e.g. the potential cost or loss of customer loyalty)
Identification of any workarounds that can be used to perform the critical business activities if key resources unavailable;

Business Impact Analysis

What threatens your business?

Information collection will cover at minimum:

Mapping Of Critical Systems & Applications To Businesses, Upstream, Downstream

Assigning Recovery Time, And Point Objectives

Assigning Maximum Tolerable Period Of Disruption

Quantitative/Qualitative impacts Over Time, Inherent And Residual Risks, And Respective Mitigation Activities

Health Safety And Environmental Impacts

Financial Costs of Downtime (Tangible & Intangible)

Service Delivery, And Supply Chain

Organisational

Productivity

Reputational Impacts

Geographical, And Political Impacts

Legal / Statutory impacts

The deliverables from this phase will be a report that includes analysis both qualitative and quantitative of the business units:

Identification of the critical business activities linked to the IT system

Identification of the critical time period (if any) for each activity

Linkages to other activities, either internal or external;

Identification of the key resources that are used to perform the critical business activities;

Identification of any Vital Records (electronic or paper based);

Requirements needed to support the critical business activities at the minimal level.

Recommendations for next steps and budgetary costs

The maximum tolerable period of disruption to business activity

Recovery Time Objectives and the strategic options for the establishment of an appropriate Systems continuity capability

The impact, on the business activity, caused by the unavailability of each key resource (e.g. the potential cost or loss of customer loyalty)

Identification of any workarounds that can be used to perform the critical business activities if key resources unavailable;