In this chapter, we turn our attention to the process of business impact analysis. Risk assessment looks at the various threats your company faces; business impact analysis looks at the critical business functions and the impact of not having those functions available to the firm. These two assessments look at the company from two different angles. The risk assessment starts from the threat side, and the business impact analysis starts from the business process side. When you're managing general business risk, you might actually start with the business impact analysis. However, in planning for business continuity as an outgrowth of disaster recovery, it makes more sense to understand the full picture regarding risks and threats and then look at business impact. However, if you have a methodology you use that starts with business impact analysis, that's fine. Both outputs -- from the risk assessment and the business impact analysis phases -- are used as input to the mitigation strategy development. As long as you have those ready before you start the mitigation phase, you should be all set. Figure 4.1 depicts where we are in the planning process thus far.
Figure 4.1 Business Continuity and Disaster Recovery Planning Process
You can see, in Figure 4.2, that we'll be focusing on the third and final segment of the risk assessment phase introduced in Chapter 3 (refer to Figure 3.2 in Chapter 3 for the full diagram). In this chapter, we're going to concentrate on the impact of various business functions on your operations. We'll begin with discussing the general framework of performing a business impact analysis and conclude with the specifics of performing an impact analysis for your business continuity and disaster recovery (BC/DR) plan.
Figure 4.2 Impact Assessment Process
Use the following table of contents to navigate to chapter excerpts.
Business Continuity & Disaster Recovery for IT Professionals
Home: BIA for business continuity: Introduction
1: BIA for business continuity: Overview
2:BIA for business continuity: Upstream and downstream losses
3:BIA for business continuity: Understanding impact criticality
4:BIA for business continuity: Recovery time requirements
5:BIA for business continuity: Identifying business functions
6:BIA for business continuity: Gathering data
7:BIA for business continuity: Data collection methodologies
8:BIA for business continuity: Determining the impact
9:BIA for business continuity: data points
10:BIA for business continuity: Understanding IT Impact
11:BIA for business continuity: BIA for small business
12:BIA for business continuity: Preparing the BIA report
ABOUT THE BOOK: Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are emerging as the next big thing in corporate IT circles. With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning. Business Continuity & Disaster Recovery for IT Professionals offers complete coverage of the three categories of disaster: natural hazards, human-caused hazards and accidental/technical hazards, as well as extensive disaster planning and readiness checklists for IT infrastructure, enterprise applications, servers and desktops – among other tools. Purchase the book from Syngress Publishing ABOUT THE AUTHOR: Susan Snedaker, Principal Consultant and founder of Virtual Team Consulting, LLC has more than 20 years of experience working in IT in both technical and executive positions including with Microsoft, Honeywell, and Logical Solutions. Her experience in executive roles at both Keane Inc. and Apta Software Inc. provided extensive strategic and operational experience in managing hardware, software and other IT projects involving both small and large teams. As a consultant, she and her team work with companies of all sizes to improve operations, which often entails auditing IT functions and building stronger project management skills, both in the IT department and company-wide. She has developed customized project management training for a number of clients and has taught project management in a variety of settings. Ms. Snedaker holds a Masters degree in Business Administration (MBA) and a Bachelors degree in Management. She is a Microsoft Certified Systems Engineer (MCSE), a Microsoft Certified Trainer (MCT), and has a certificate in Advanced Project Management from Stanford University.
This was first published in January 2008