An Essential Guide to an Accurate Business Impact Analysis

Share on Google+0Tweet about this on TwitterShare on LinkedIn0Share on Facebook0Email this to someoneBuffer this pageShare on StumbleUpon0Share on Reddit0

Any IT service provider working with your business must understand the importance of a Business Impact Analysis. Your organisation should consider processes and functions as critical if the failure to execute them is likely to result in an unacceptable negative impact on your business. Typically, the kind of negative impact would relate to one of four key categories of business:

  1. 1. Legal – including regulatory compliance
  2. 2. Financial
  3. 3. Reputational
  4. 4. Environmental

Risk assessment is a process that takes place regularly within any IT deployment, especially when creating/implementing a GRC (Governance, Risk and Compliance) framework. A Business Impact Analysis (BIA) often precedes a risk assessment and is essential for your organisation to understand how a disaster will affect your business and what would be the resulting consequences.

 

Business Impact Analysis and Disaster Recovery

A BIA is core to any disaster recovery plan because it helps your organisation prioritise the functions that you should bring back online. BIA and efficient business continuity depends on the accurate assessment of recovery time objectives.

You should understand which of your IT systems can be offline and how long is an acceptable recovery time for those systems. Additionally, you must know what the impact of those systems being unusable for a range of periods. (See the Cost of IT downtime). For mission critical systems, your IT service provider should employ an instant failover with auto-detection disaster recovery.

For less demanding business processes, it may be more cost effective to have a manual system of recovery. A BIA justifies your organisation’s spend on recovery measures and often saves money because you can safely say which systems need less expensive options. Low cost recovery for non-critical systems could be anything from an occasional server reboot to a backup restore, rather than a multiple server systems used for instant failover setups.

 

What Should a BIA Include?

As with any disaster recovery and risk assessment, there are the usual business losses that stem from inhibited cash flow while systems are down, but there are many more considerations including:

 

What the Analysis Results Should Tell You

Understanding recovery timeframes and costs are obviously key reasons for conducting a BIA, but it should include details about how the analyst gathered the information. This can sometimes be an automated process, manual action or a mixture of both. An executive summary allows you to draw accurate  conclusions about where to focus resources and how to plan against losses.
Speak with your IT service provider to understand what your BIA should include and how often you should conduct a fresh analysis. Businesses and IT systems change, so the precautions you put in place are not a ‘set and forget’ exercise.

7 Valuable Tips

Share on Google+0Tweet about this on TwitterShare on LinkedIn0Share on Facebook0Email this to someoneBuffer this pageShare on StumbleUpon0Share on Reddit0

Tags: , , , , , , , ,

You may also like