Business Impact Analysis
Example BoK 3 BIA #1
1. What was performed?
- I have initiated the Business Impact Analysis (BIA) process in my organisation to identify the critical business functions and procedures, prioritising the same and understanding the impact of disruption on critical business functions.
2. When was it done?
- August 20x9 and was ended by December 20x0.
3. How was it carried out?
- I have explained my involvement in the BIA stage through the following heads.
Identification of critical business functions
- I had conducted two rounds of meetings and interviews with respective project managers/business units heads to identify the critical business functions and the business impact in case of any disaster and disruptions.
Defining RTO and RPO
- In consultation with the management and business units head, I defined the RTO for six critical business processes considering those in their peak pressure period. I evaluated their IT, and other dependencies and approval took from management (COO in my organisation).
- Undertook the lead role to prioritise the recovery of critical business functions and the recovery of IT (servers, applications, and data).
- Summarise, analyse and reported the finding to management and was approved
Suggestion for improvement
- I have instigated much improvement in this activity over time, especially after taking training on BCCE. As a result, best practices have been followed at the re-assessment of business impact, which is carried out every year. There are currently about 17 critical business functions, and RTO and RPO are defined for each of the processes and accepted by management.
- I am involved with the respective team to supervise continuous exercising to maintain the desired RTO and RPO and its improvements.
- I am involved with management to understand the critical business functions, cross/inter-dependencies and the impacts on our business in case of disruption.