In this chapter, we turn our attention to the process of business impact analysis. Risk assessment looks at the various threats your company faces; business impact analysis looks at the critical business functions and the impact of not having those functions available to the firm. These two assessments look at the company from two different angles. The risk assessment starts from the threat side, and the business impact analysis starts from the business process side. When you're managing general business risk, you might actually start with the business impact analysis. However, in planning for business continuity as an outgrowth of disaster recovery, it makes more sense to understand the full picture regarding risks and threats and then look at business impact. However, if you have a methodology you use that starts with business impact analysis, that's fine. Both outputs -- from the risk assessment and the business impact analysis phases -- are used as input to the mitigation strategy development. As long as you have those ready before you start the mitigation phase, you should be all set. Figure 4.1 depicts where we are in the planning process thus far.
You can see, in Figure 4.2, that we'll be focusing on the third and final segment of the risk assessment phase introduced in Chapter 3 (refer to Figure 3.2 in Chapter 3 for the full diagram). In this chapter, we're going to concentrate on the impact of various business functions on your operations. We'll begin with discussing the general framework of performing a business impact analysis and conclude with the specifics of performing an impact analysis for your business continuity and disaster recovery (BC/DR) plan.
Use the following table of contents to navigate to chapter excerpts.
Business Continuity and Disaster Recovery for IT Professionals
Home: BIA for business continuity: Introduction
BIA for business continuity: Overview
BIA for business continuity: Upstream and downstream losses
BIA for business continuity: Understanding impact criticality
BIA for business continuity: Recovery time requirements
BIA for business continuity: Identifying business functions
BIA for business continuity: Gathering data
BIA for business continuity: Data collection methodologies
BIA for business continuity: Determining the impact
BIA for business continuity: Data points
BIA for business continuity: Understanding IT Impact
BIA for business continuity: BIA for small business
BIA for business continuity: Preparing the BIA report
About the book:
Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are emerging as the next big thing in corporate IT circles. With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning. Business Continuity and Disaster Recovery for IT Professionals offers complete coverage of the three categories of disaster: natural hazards, human-caused hazards and accidental/technical hazards, as well as extensive disaster planning and readiness checklists for IT infrastructure, enterprise applications, servers and desktops -- among other tools. Purchase the book from Syngress Publishing.
About the author:
Susan Snedaker, Principal Consultant and founder of Virtual Team Consulting, LLC has over 20 years experience working in IT in both technical and executive positions including with Microsoft, Honeywell, and Logical Solutions. Her experience in executive roles at both Keane, Inc. and Apta Software, Inc. provided extensive strategic and operational experience in managing hardware, software and other IT projects involving both small and large teams. As a consultant, she and her team work with companies of all sizes to improve operations, which often entails auditing IT functions and building stronger project management skills, both in the IT department and company-wide. She has developed customized project management training for a number of clients and has taught project management in a variety of settings. Ms. Snedaker holds a Masters degree in Business Administration (MBA) and a Bachelors degree in Management. She is a Microsoft Certified Systems Engineer (MCSE), a Microsoft Certified Trainer (MCT), and has a certificate in Advanced Project Management from Stanford University.