eBook 2: Chapter 4
![BCM E2 PM [Business Impact Analysis] Banner](https://blog.bcm-institute.org/hs-fs/hubfs/BCM%20E2%20Blog%20Banner/BCM%20E2%20PM%20%5BBusiness%20Impact%20Analysis%5D%20Banner.png?width=750&height=150&name=BCM%20E2%20PM%20%5BBusiness%20Impact%20Analysis%5D%20Banner.png)
Implementing the Business Impact Analysis (BIA) Phase for the Singapore Institute of Technology (SIT)
Introduction
![[C4] Business Impact Analysis](https://no-cache.hubspot.com/cta/default/3893111/8bc06236-91b5-4298-b94f-a3edd5816628.png)
The Business Impact Analysis (BIA) phase is a cornerstone of the Business Continuity Management (BCM) Planning Methodology and a core requirement of ISO 22301.
For the Singapore Institute of Technology (SIT), conducting a BIA ensures that the institution understands how disruptions to critical academic, administrative, and operational functions can affect its ability to deliver on its mission—to nurture and develop individuals who impact society through practice-oriented education and applied research.
At SIT, where education delivery, student experience, and industry collaboration are tightly integrated, the BIA process identifies the critical business functions (CBFs) that support these goals and quantifies the potential impact of disruption over time.
This understanding allows SIT to prioritise recovery strategies, allocate resources efficiently, and ensure continuity of teaching, learning, and support services in the face of crises such as IT system failures, campus disruptions, or pandemic outbreaks.
Objectives of the BIA Phase
The key objectives of the BIA phase for SIT are to:
- Identify Critical Business Functions (CBFs) essential to SIT’s academic and operational continuity.
- Determine the impact of disruption on these CBFs over time, including effects on academic outcomes, student experience, regulatory compliance, and institutional reputation.
- Define recovery priorities and establish Maximum Tolerable Periods of Disruption (MTPD), Recovery Time Objectives (RTO), and Recovery Point Objectives (RPO) for each CBF.
- Provide input for the next BCM phase—Business Continuity Strategy (BCS)—by identifying key dependencies, resource requirements, and recovery options.
Step-by-Step Implementation at SIT
Step 1: Identify and Validate Critical Business Functions (CBFs)
SIT has identified ten key Critical Business Functions (CBFs) that underpin its mission and operations:
|
CBF Code |
Critical Business Function |
Description |
|
CBF-1 |
Academic Programme Delivery and Assessment |
Ensures continuous delivery of lectures, tutorials, laboratories, and assessments across SIT’s degree programmes. |
|
CBF-2 |
Digital Learning and IT Infrastructure |
Supports online and blended learning platforms (e.g., Microsoft Teams, LMS), data storage, and institutional IT systems. |
|
CBF-3 |
Student Administration and Support Services |
Covers enrolment, examination administration, counselling, and financial assistance to students. |
|
CBF-4 |
Industry Partnership and Work-Study Programme Coordination |
Manages collaboration with industry partners and oversees the Integrated Work Study Programme (IWSP). |
|
CBF-5 |
Campus Operations and Facility Management |
Maintains campus accessibility, utilities, safety, and physical learning environments. |
|
CBF-6 |
Finance and Procurement Management |
Handles financial transactions, budgeting, payments, and procurement of essential goods and services. |
|
CBF-7 |
Information Security and Data Protection |
Ensures the confidentiality, integrity, and availability of institutional and personal data. |
|
CBF-8 |
Leadership, Governance, and Crisis Management |
Provides direction and decision-making during disruptions, ensuring effective coordination and communication. |
|
CBF-9 |
Research and Innovation Activities |
Supports applied research projects and maintains partnerships with research institutions and industries. |
|
CBF-10 |
Communication and Public Relations |
Manages communication with students, staff, partners, and media during normal operations and crises. |
These CBFs represent the backbone of SIT’s operational resilience. Each department or academic division must validate the inclusion of its function and confirm interdependencies across teams.
Step 2: Assess Impact of Disruption
The next step is to determine how disruptions affect each CBF. SIT categorises impacts into five key dimensions:
- Academic Impact: Delays or interruptions in teaching, assessments, or academic progression.
- Student Experience: Disruptions to support services, campus life, or well-being.
- Regulatory and Compliance Impact: Failure to meet accreditation or Ministry of Education (MOE) reporting requirements.
- Reputational Impact: Diminished trust among students, parents, and industry partners.
- Financial Impact: Loss of revenue, increased operational costs, or penalties.
For each CBF, SIT’s BIA process evaluates the severity of these impacts over time (e.g., within 4 hours, 24 hours, 3 days, 1 week, 2 weeks) to establish impact escalation curves.
Step 3: Establish Recovery Time Objectives (RTO) and Maximum Tolerable Period of Disruption (MTPD)
Each CBF must determine:
- RTO (Recovery Time Objective): The target time within which operations should resume to avoid unacceptable consequences.
- MTPD (Maximum Tolerable Period of Disruption): The absolute maximum downtime beyond which the function’s disruption becomes critical to SIT’s viability.
For example:
- CBF-1 Academic Programme Delivery may have an RTO of 24 hours to resume online classes, and an MTPD of 5 days before academic schedules are severely compromised.
- CBF-2 Digital Learning and IT Infrastructure may have an RTO of 4 hours, as downtime directly affects academic continuity and assessments.
- CBF-6 Finance and Procurement Management may have a longer RTO of 3 days, depending on payment cycles and vendor dependencies.
Step 4: Identify Dependencies and Resource Requirements
Each CBF must document its internal and external dependencies, including:
- People: Faculty, administrative staff, and technical support personnel.
- Technology: Learning Management Systems (LMS), servers, and communication platforms.
- Facilities: Lecture theatres, laboratories, and office spaces.
- Suppliers and Partners: IT service providers, vendors, and industry collaborators.
For instance, CBF-4 Industry Partnership and Work-Study Programme Coordination depends on continuous engagement with partner organisations. A disruption in communication systems or travel restrictions could significantly affect ongoing placements.
Step 5: Validate and Report BIA Findings
The BIA findings should be validated through:
- Departmental Reviews: Each academic school and administrative unit reviews its BIA results for accuracy.
- BCM Committee Approval: The SIT BCM Committee consolidates and validates all BIAs to ensure institutional consistency.
- Executive Review: Senior management endorses the prioritised list of CBFs, RTOs, and resource requirements for subsequent BCM phases.
The final deliverable from this phase is the SIT BIA Report, which serves as a reference for developing recovery strategies in the Business Continuity Strategy (BCS) phase.
Expected Deliverables
At the end of the BIA phase, SIT should have:
- A validated list of Critical Business Functions (CBFs) and their dependencies.
- Defined impact assessment matrices across academic, financial, reputational, and compliance categories.
- Established RTOs and MTPDs for each CBF.
- A consolidated SIT BIA Report with management approval.
- An updated BCM register capturing interdependencies and prioritisation.
The Business Impact Analysis phase enables SIT to take a structured, evidence-based approach to safeguarding its educational mission.
By systematically assessing how disruptions affect its critical functions, SIT ensures that resources are directed to what matters most—maintaining teaching continuity, protecting students’ learning experiences, and upholding its reputation as Singapore’s university of applied learning.
As SIT progresses to the next phase—the Business Continuity Strategy (BCS)—the insights gained from the BIA will guide the design of practical and achievable recovery solutions, ensuring that SIT remains resilient, responsive, and ready to continue its mission even in times of disruption.
![[C1] Business Continuity Management Planning Methodology](https://no-cache.hubspot.com/cta/default/3893111/bc2f0e17-2827-4ce0-9a06-7c05434314fc.png)
![[C2] Project Management](https://no-cache.hubspot.com/cta/default/3893111/3a311fa3-a1b1-47e6-b10d-af447cd88e02.png)
![[C3] Risk Analysis and Review](https://no-cache.hubspot.com/cta/default/3893111/b9faa4ef-9c43-4215-a838-b89bf6160dca.png)
![[C5] Business Continuity Strategy](https://no-cache.hubspot.com/cta/default/3893111/ff7d5c03-a93b-4131-b673-f997d6592d89.png)
![[C6] BCM Plan Development](https://no-cache.hubspot.com/cta/default/3893111/052950a1-b690-4303-87b6-7848f69f2513.png)
![[C7] Testing and Exercising](https://no-cache.hubspot.com/cta/default/3893111/e4fcdf0f-e927-488f-baa8-4564c74bda78.png)
![[C8] Program Management](https://no-cache.hubspot.com/cta/default/3893111/625627a6-2a06-46dd-ab95-e84e8c2ed22e.png)
![[C9] Summary](https://no-cache.hubspot.com/cta/default/3893111/9e5f7b73-8827-42b4-b5b2-769d4170c7e4.png)
![[C10] Back Cover for BCM](https://no-cache.hubspot.com/cta/default/3893111/f23b8be6-b8e3-46cf-816c-2f5de1541220.png)
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
