A business impact analysis (BIA) determines which operational activities are the most critical, and what resources are required to maintain business continuity during and after a disruption. It quantifies the impacts of disruptions on service delivery, risks to service delivery, as well as RTOs and RPOs. These recovery requirements are then used to develop plans and solutions.
The BIA informs your business continuity plan (BCP). This process outlines the potential impact of disaster situations, creates policies and helps businesses recover quickly. Its objective is to protect employees and assets, both during and after an emergency.
Organizations must continually adjust BCP plans as the business evolves. The first step to perform a BIA, which identifies key business processes and application interdependencies, while determining the financial impact if any operational function goes down.
It’s important to remember that a BIA isn’t a one-off activity. Conducted regularly, a BIA will address any change including the addition of critical applications, switching vendors, consolidating facilities and more. Only by regularly conducting BIAs can organizations maintain resiliency. Other BIA benefits include:
Unless interdependencies are mapped out, it’s difficult to know how the failure of a particular application may disrupt other applications and key business processes. This analysis includes new technologies added to your environment. The more Software as a Service (SaaS) solutions involved increases potential points of failure since these systems are reliant on more external dependencies.
Performing a BIA identifies the resources that key activities depend on, determine their respective availability requirements and address them as needed. Regular BIAs track the evolution of those interdependencies as applications are added in, subtracted and altered. This way the business continuity plan is always up to date.
Determine Third Party Risk
How would a disruption at one of your vendors affect your business? Do they regularly test their business continuity plan? How would their downtime impact your organization’s workflow?
Applications and systems change over time for all parties. Your vendors’ interdependencies and BC plans are constantly evolving. If your IT department isn’t keeping up with these changes, then your organization is at risk.
A BIA evaluates third party risk exposing blind spots that might put your organization in jeopardy. As vendors change, BIA becomes a more valuable exercise.
Testing New Applications
IT recently added a new application. How critical is it to your business? How does it fit in the recovery strategy, and what are the new interdependencies? When new applications are rolled out, the environment is altered. It’s important to track these changes to determine how a disruption may impact business continuity.
This philosophy should be extended to the consolidation of systems, environments and facilities. For example, it’s likely that your business continuity plan relies on multiple buildings. If one location shuts down, an entire contingency plan may be compromised.
Conducting regular BIAs will help organizations stay mindful of how adding or reducing resources affects overall resiliency.
When done well, a business impact analysis provides a clear roadmap to resiliency. If you’re not regularly performing BIAs, add this exercise to your yearly or quarterly routine.