Business Impact Analysis
Example BoK 3 BIA #1
1. What was performed?
I have initiated the Business Impact Analysis (BIA) process in my organisation to identify critical business functions and procedures, prioritise them, and understand the impact of disruption on these functions.
2. When was it done?
- August 20x9 and ended by December 20x0.
3. How was it carried out?
- I have explained my involvement in the BIA stage through the following headings.
Identification of critical business functions
- I conducted two rounds of meetings and interviews with the respective project managers/business unit heads to identify the critical business functions and assess the business impact in the event of any disaster or disruptions.
Defining RTO and RPO
- In consultation with the management and business units head, I defined the RTO for six critical business processes considering those in their peak pressure period. I evaluated their IT, and other dependencies and approval took from management (COO in my organisation).
- Undertook the lead role to prioritise the recovery of critical business functions and the recovery of IT (servers, applications, and data).
- Summarise, analyse and reported the findings to management and was approved
Suggestion for improvement
- I have instigated much improvement in this activity over time, especially after taking training on BCCE. As a result, best practices have been followed at the reassessment of business impact, which is carried out every year. There are currently approximately 17 critical business functions, and RTO and RPO are defined for each process, which have been accepted by management.
- I am involved with the respective team to supervise continuous exercises to maintain the desired RTO and RPO, as well as their improvements.
- I am involved with management to understand the critical business functions, cross-dependencies, and the impacts on our business in the event of disruption.
