Business Impact Analysis
A Business Impact Analysis (BIA) identifies a company’s exposure to sudden loss of critical business functions and supporting resources, due to an accident, disaster, emergency, and/or threat. A risk analysis consultant can help you through this process and provide valuable information along the way. Risk analysis for business is crucial in creating a Business Continuity Plan and ultimately safeguarding your business from catastrophic loss. Working with a business risk assessment consultant to determine your business impact analysis plan can be critical to the continuation of your business should the worst occur.
The BIA Process
The Business Impact Analysis (BIA) is a structured process whose purpose is to quantify and qualify the impact the loss of a product or service would have on the following areas:
- Staff Welfare
- Brand & Reputation
- Customer Service
- Any other category defined by the business
These definitions will vary from business to business. They should be developed with input from all departments of the business for consistency throughout the BIA process. The definition for each area is divided into 5 categories:
- No Impact
Identify Critical Products and Services
The next step in the process is for each department to list the critical product(s) and/or service(s) it provides customers inside and outside the company. Each product or service is broken down into the following categories:
- Critical Activities
- Working Patterns
- Seasonal Variations
- Existing Service Level Agreements
- Departments depended upon to deliver the product or service
- Departments who depend upon this department for products or services
- IT Applications used
- Hardware used
- Suppliers used
- Key telephone numbers (Customer contacts, key suppliers, etc.)
This step uncovers the interdependencies that exist between each department and other departments, IT applications, and suppliers. It’s not unusual for a department to have an “Aha” moment (or several) as they go through this part of the exercise, either with help from a risk analysis firm or on their own.
Assess the Business Impact of Lost Products or Services
The information from the previous section gets combined in this section where the impact of the loss of the product or service is assessed. The goal is to determine when the loss would become critical to the business. This is done for each of the areas (Staff Welfare, Brand & Reputation, Customer Service, Finance, Legal, etc.) using the definitions developed earlier. The purpose is to determine the Maximum Acceptable Outage and the desired Recovery Time Objective for each product or service. When this step is completed, the business will be able to rank-order the recovery of products and/or services.
Assess the Business Impact of Lost Suppliers
The next step is to examine the impact of the loss of suppliers to the business. This is done using the same definitions developed for the products and services of the business. The goal is to determine when the loss of a Supplier would critically impact the business, so a Recovery Time Objective can be developed.
In this step, the impact of the loss of IT applications is assessed. As with the Suppliers, the goal is to determine when the loss of a Supplier would critically impact the business, so a Recovery Time Objective can be developed. If the company has a Disaster Recovery Plan in place, this information may already exist and should be used.
Do Manual Workarounds Exist?
It is also important to determine whether manual work-arounds exist that can be used until the IT application can be restored. If none exist, they should be developed if possible.
Determine Resources Needed to Recover
The final step in completing the BIA is to determine the amount of resources that will be needed to recover operations. This includes workspace, staff, IT applications, PCs, and everything else needed to restore operations to normal.
Once all this data is collected, the business risk assessment firm will review it and come up with a preliminary plan for recovery of business operations. This will include the order in which products and services are recovered, the IT applications that must be available, the Suppliers needed, and the resources required to support the effort.
While you can go through this process on your own, working with a business impact analysis consultant can prove to be invaluable. Trained professionals associated with a business risk assessment consulting firm have experience in a wide range of business situations and are prepared to show you where your BIA falls short. If you’re looking for a business continuity consultant or business risk assessment firm, contact us today.