Understanding Your Vulnerabilities
An effective crisis management plan hinges on understanding your organization's vulnerabilities. Phase 3: Business Impact Analysis (BIA) equips you to achieve this critical objective.
By conducting a BIA, you gain valuable insights into the core functions that keep your organization running and the potential consequences of disruptions caused by a crisis. With this knowledge, you can prioritize response efforts and ensure business continuity even during challenging times.
It is important to note that the business continuity management team has already conducted this phase. The crisis management team may want to place reliance on the BCM Team's findings.
The first step in a BIA involves analyzing business function dependencies. This entails identifying the essential activities that ensure your organisation delivers its core products or services and understanding how these critical business functions rely on each other.
Imagine production relying on timely deliveries or customer service needing access to accurate data. By mapping these interdependencies, you can visualise the cascading effects of disruption on other organisational functions.
Following dependency analysis, Phase 3 establishes two key objectives: Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). An RTO defines the acceptable downtime for a critical business function after a crisis. Factors like function criticality, financial impact, and regulations all influence RTOs.
Setting ambitious yet achievable RTOs ensures your organisation can resume essential operations swiftly. Similarly, RPOs define the tolerable amount of data loss following a crisis. Data sensitivity, data backup procedures, and business needs all play a role in establishing achievable RPOs.
Setting these objectives lays the groundwork for developing targeted response and recovery strategies within your crisis management plan. A comprehensive BIA empowers you to minimise downtime, safeguard critical data, and ensure business continuity throughout any crisis.
Phase 3: Business Impact Analysis (BIA)
A strong crisis management plan starts with clearly understanding your organisation's vulnerabilities.
Phase 3: Business Impact Analysis (BIA) equips you to identify the critical functions that keep your organisation running and analyze the potential impact of disruptions caused by a crisis.
It is helpful to note that this phase is managed and should be completed by your counterpart, the Business Continuity Management team.
Access to the BIA provides valuable insights that empower you to prioritise response efforts and ensure business continuity during a crisis. The BCM team adopted these steps during the BCM Planning Methodology.
Identifying Critical Business Functions
Identify the critical business functions most affected by each potential crisis scenario. Understanding these vulnerabilities allows you to develop targeted response protocols that ensure the continuity of critical operations during a crisis.
Critical business functions may include:
- Production and Manufacturing. Ensuring the ability to continue producing or delivering goods and services.
- Financial Operations. Maintaining the ability to process financial transactions and manage cash flow.
- Customer Service. Providing ongoing support and communication to customers during a crisis.
- Human Resources. Ensuring the safety and well-being of employees during a crisis situation.
Analyze Business Function Dependencies
Organisations function through a network of interconnected activities. The first step in a BIA is to analyse business function dependencies. This involves identifying:
- Critical Business Functions. These essential activities ensure your organization delivers its core products or services. Examples may include production, customer service, or financial transactions.
- Interdependencies. Analyse how these critical business functions rely on each other. For instance, production may depend on timely deliveries from suppliers, while customer service may require access to accurate customer data.
Mapping Interdependencies
Utilise flowcharts or dependency matrices to visually map the interdependencies between critical business functions.
This visual representation helps you understand the cascading effects of disruption on other functions within your organisation.
Recovery Time Objectives (RTOs)
Once you have identified critical business functions, establish Recovery Time Objectives (RTOs). An RTO defines the acceptable downtime for a critical business function after a crisis event.
Factors to Consider When Setting RTOs
- Function Criticality. The more critical the function, the shorter the acceptable downtime.
- Financial Impact. Consider the potential financial losses associated with extended downtime for each critical function.
- Regulatory Requirements. Specific industries may have regulatory requirements dictating acceptable downtime to particular functions.
Setting Realistic RTOs
RTOs should be ambitious but achievable. Consider your organisation's resources and capabilities when setting these objectives.
Recovery Point Objectives (RPOs)
Data loss can be a significant consequence of a crisis. Recovery Point Objectives (RPOs) define the acceptable amount of data loss tolerable after a crisis event.
Factors to Consider When Setting RPOs
- Data Sensitivity. The more sensitive the data, the shorter the acceptable data loss window (RPO).
- Data Backups. Consider the frequency and reliability of your data backup procedures when determining your RPOs.
- Business Needs. Balance the cost of frequent backups with the potential impact of data loss on your organization's operations.
Setting Achievable RPOs
Similar to RTOs, RPOs should be realistic and achievable based on your data backup capabilities.
Summing Up ...
Completing Phase 3: Business Impact Analysis (BIA) will help you comprehensively understand your organisation's vulnerabilities.
Identifying critical business functions, analyzing interdependencies, and establishing RTOs and RPOs will provide the foundation for developing targeted response and recovery strategies within your crisis management plan.
This knowledge empowers you to minimise downtime, safeguard critical data, and ensure business continuity during crises.
Crisis Management Planning Methodology |
|||
 |
 |
 |
|
 |
 |
 |
 |
Goh, M. H. (2016). A Manager’s Guide to Implement Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.
More Information About Crisis Management Blended/ Hybrid Learning Courses
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].
![[BL-CM] [5] Register](https://no-cache.hubspot.com/cta/default/3893111/82024308-16f4-4491-98be-818a882c6286.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
