Business impact analysis for business continuity: Introduction

This chapter excerpt from "Business Continuity & Disaster Recovery for IT Professionals" walks you through the process of conducting a business impact analysis.

In this chapter, we turn our attention to the process of business impact analysis. Risk assessment looks at the various threats your company faces; business impact analysis looks at the critical business functions and the impact of not having those functions available to the firm. These two assessments look at the company from two different angles. The risk assessment starts from the threat side, and the business impact analysis starts from the business process side. When you're managing general business risk, you might actually start with the business impact analysis. However, in planning for business continuity as an outgrowth of disaster recovery, it makes more sense to understand the full picture regarding risks and threats and then look at business impact. However, if you have a methodology you use that starts with business impact analysis, that's fine. Both outputs -- from the risk assessment and the business impact analysis phases -- are used as input to the mitigation strategy development. As long as you have those ready before you start the mitigation phase, you should be all set. Figure 4.1 depicts where we are in the planning process thus far.

Business Continuity and Disaster Recovery Planning Process
Figure 4.1 Business Continuity and Disaster Recovery Planning Process

You can see, in Figure 4.2, that we'll be focusing on the third and final segment of the risk assessment phase introduced in Chapter 3 (refer to Figure 3.2 in Chapter 3 for the full diagram). In this chapter, we're going to concentrate on the impact of various business functions on your operations. We'll begin with discussing the general framework of performing a business impact analysis and conclude with the specifics of performing an impact analysis for your business continuity and disaster recovery (BC/DR) plan.

Impact Assessment Process
Figure 4.2 Impact Assessment Process

Use the following table of contents to navigate to chapter excerpts.

Business Continuity and Disaster Recovery for IT Professionals

Home: BIA for business continuity: Introduction
BIA for business continuity: Overview 
BIA for business continuity: Upstream and downstream losses 
BIA for business continuity: Understanding impact criticality
BIA for business continuity: Recovery time requirements 
BIA for business continuity: Identifying business functions 
BIA for business continuity: Gathering data 
BIA for business continuity: Data collection methodologies 
BIA for business continuity: Determining the impact 
BIA for business continuity: Data points
BIA for business continuity: Understanding IT Impact
BIA for business continuity: BIA for small business 
BIA for business continuity: Preparing the BIA report

About the book:
Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are emerging as the next big thing in corporate IT circles. With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning. Business Continuity and Disaster Recovery for IT Professionals offers complete coverage of the three categories of disaster: natural hazards, human-caused hazards and accidental/technical hazards, as well as extensive disaster planning and readiness checklists for IT infrastructure, enterprise applications, servers and desktops -- among other tools. Purchase the book from Syngress Publishing.

About the author:
Susan Snedaker, Principal Consultant and founder of Virtual Team Consulting, LLC has over 20 years experience working in IT in both technical and executive positions including with Microsoft, Honeywell, and Logical Solutions. Her experience in executive roles at both Keane, Inc. and Apta Software, Inc. provided extensive strategic and operational experience in managing hardware, software and other IT projects involving both small and large teams. As a consultant, she and her team work with companies of all sizes to improve operations, which often entails auditing IT functions and building stronger project management skills, both in the IT department and company-wide. She has developed customized project management training for a number of clients and has taught project management in a variety of settings. Ms. Snedaker holds a Masters degree in Business Administration (MBA) and a Bachelors degree in Management. She is a Microsoft Certified Systems Engineer (MCSE), a Microsoft Certified Trainer (MCT), and has a certificate in Advanced Project Management from Stanford University.

Dig Deeper on Storage Backup and Disaster Recovery Services