The business impact analysis (BIA) is an indispensable step in developing a relevant and effective business continuity plan (BC plan).
Every business continuity programme, regardless of size, must regularly perform a BIA on the organization to ensure that the BC plan covers all critical parts of the business.
What is the Purpose of a BIA?
Before we sit down and write a business continuity plan, it is essential that we understand what functions we need to recover and by when. Organizations with numerous resource constraints have to be able to prioritize their recovery and focus on business functions that impact the organization most, should they be disrupted.
In particular, we want to identify those time-sensitive business functions that must be resumed quickly before too much damage is done. We want to focus on these business functions when developing a business continuity plan. We call them "critical business functions" or CBFs. A business impact analysis (BIA) is the process we use to identify these CBFs and associated recovery requirements.
Do I need to conduct BIA when implementing my Crisis Management (CM) or Crisis Communication (CC) Planning?
For readers who are implementing Crisis Management (CM) or Crisis Communication (CC) plan and aligning with the BCM planning methodology, you may wonder how BIA fits into the CM or CC discipline.
Suppose the management of threats (disasters) comes under the purview of the CM and CC teams. In that case, there is a requirement for both teams to review and understand what are the critical business functions, products and services that were prioritized to be recovered. The CM and CC Teams are expected to retrieve the BIA report from the BCM Team; hence, there is no need to implement BIA when implementing its CM or CC Plans.
How About IT Disaster Recovery (ITDR) Planning?
During the implementation of the BIA by the BCM Team, when a critical business function is identified, there is a requirement for the individual business unit to identify the application or IT resources that will require to support the running of the business function.
The IT Team responsible for implementing IT Disaster Recovery usually have two approaches.
- IT Team have already developed their "IT BIA", which prioritises IT systems and applications.
- Have access to the BCM Team's BIA report and align the critical systems and applications prioritisation based on the criticality specified by the business units. The ITDR Team will need to review the list as the business users do not know which component of the IT systems and applications they use.
What are the Products of a BIA?
A BIA is a handy tool in your BCM arsenal. A BIA will yield the following information:
- List of business functions in the organisation
- Impacts of a disruption
- Impacts of disruption over time
- the maximum time for business functions to recover before severe consequences occur
- operational dependency on other business functions and external agencies
- Information technology (IT) and operational technology (OT) systems used
- maximum acceptable data loss- essential documents and records
The next series of articles includes:
- How Does A Business Impact Analysis Actually Work?
- What is MBCO or Minimum Business Continuity Objective?
Why Conduct A BIA?
Conducting a BIA is essential to your organization's business continuity programme. A BIA has adequately been done, and regularly reviewed, ensuring that critical parts of your organization are included in the business continuity planning process and accorded appropriate recovery priority in the event of a disaster.
Talk to Us by Registering Your Interest via the Tell-Me-More buttons below
![TMM [BL-A-5]](https://no-cache.hubspot.com/cta/default/3893111/e7af9322-15cb-412d-91b6-59cd388ee6e9.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
