You have just read "What You Need To Know Before You Start Your Business Impact Analysis?" and the next step is to understand how BIA works?
A BIA is essentially an exercise comparing business functions, and ranking them according to their "criticality". For the BIA to be comprehensive, it is typically conducted across the organization, involving most, if not all business units. Each business function is then examined for the impact caused by a disruption a various time intervals, e.g. if a disruption continued for 8 hours, 24 hours, 2 days, etc..
An impact profile can then be derived for that business function from which the threshold time, called the Recovery Time Objective (RTO), could be determined. Recovery should be targeted to complete before reaching this threshold and recovery after this time would incur significant losses or impact. Hence by examining the impact severity of a functional disruption over time, it is possible to determine and assign RTOs to each business function.
These business functions are thereafter ranked according to their RTOs. The shorter the RTO, the more time-sensitive or critical that business function is deemed to be. The recovery priority of business functions during a disaster is hence determined.
CBFs or Critical Business Functions are business functions that are core to achieving the organization's mission, and hence must be recovered during a disaster. There are a number of ways to decide whether a business function is critical or not. Example are:
Because so much of business continuity planning revolves around the recovery of CBFs, it is important that we recognise the criteria used for determining what exactly constitutes a CBF to the organization, and have this documented.
You may want to learn more about business continuity management courses.
For our Singapore colleagues, funding are available under the WSQ and CITREP+ program: