Training-led Implementation Series
Blog_Jan_Ban.jpg

How Does A Business Impact Analysis Actually Work ?

A BIA is essentially an exercise comparing business functions, and ranking them according to their "criticality". This blog discuss "How does BIA works?" and "How are critical business functions identified?"
Moh Heng Goh

You have just read "What You Need To Know Before You Start Your Business Impact Analysis?" and the next step is to understand how BIA works?

How does a BIA actually work ?

3_Business Impact Analysis

A BIA is essentially an exercise comparing business functions, and ranking them according to their "criticality". For the BIA to be comprehensive, it is typically conducted across the organization, involving most, if not all business units. Each business function is then examined for the impact caused by a disruption a various time intervals, e.g. if a disruption continued for 8 hours, 24 hours, 2 days, etc..

An impact profile can then be derived for that business function from which the threshold time, called the Recovery Time Objective (RTO), could be determined. Recovery should be targeted to complete before reaching this threshold and recovery after this time would incur significant losses or impact. Hence by examining the impact severity of a functional disruption over time, it is possible to determine and assign RTOs to each business function.

These business functions are thereafter ranked according to their RTOs. The shorter the RTO, the more time-sensitive or critical that business function is deemed to be. The recovery priority of business functions during a disaster is hence determined.

How are CBFs determined?

CBFs or Critical Business Functions are business functions that are core to achieving the organization's mission, and hence must be recovered during a disaster. There are a number of ways to decide whether a business function is critical or not. Example are:

  • business functions that are necessary to fulfil the Minimum Business Continuity Objective (MBCO), e.g. trading services in an investment bank
  • business functions that meet conditions set by a regulator, e.g. business functions with RTOs of less than 4 hours
  • business functions that meet internal guidelines set by the organization, e.g. business functions involving payment
  • business functions with RTOs less than a pre-determined time period, e.g. business functions with RTOs of less than 7 days

Because so much of business continuity planning revolves around the recovery of CBFs, it is important that we recognise the criteria used for determining what exactly constitutes a CBF to the organization, and have this documented.

Learn More About Business Continuity Management 

You may want to learn more about business continuity management courses.

Pillar Page BCM Read More About (RMA)

For our Singapore colleagues, funding are available under the WSQ and CITREP+ program:

CTA KMA Know more about WSQ Business Continuity Management CourseNew call-to-action

 

Your Comments

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2024