Business impact analysis for business continuity: Understanding IT impact

The information gathered in this business impact analysis (BIA) phase will highlight new priorities, new gaps and new challenges to be addressed through the IT department. This excerpt from "Business Continuity & Disaster Recovery for IT Professionals" discusses the need to continually reassess business processes with IT systems.

As you can see from Table 4.2, the IT functions can be correlated to the business functions and processes at each step. As you gather this data, you will need to continually correlate the business functions/processes with the IT systems used to carry out or facilitate those functions in order to avoid gaps in your planning. In most cases, the subject matter experts and participants in this analysis will discuss the relationship of the IT systems to these functions. However, it's important to continually look at the intersection of IT systems to these business functions since the SMEs and departmental representatives may not fully understand the interdependencies of data or systems across the enterprise. For example, an SME might understand that use of the CRM system is vital to her job, but she may not have a clue that the CRM system resides on a server on the fourth floor and requires data updates from three other sources. From an IT perspective, you'll see this vital CRM function as a series of servers, applications, and data flows. As you work with the BC/DR team to map out the business functions and processes, you'll need to develop a parallel map of how that information intersects with IT equipment and functions.

In addition, you'll need to develop an understanding of how long it would take to replace or repair IT equipment based on the assessment of criticality. When you move into the risk mitigation phase, you might decide that the most optimal solution is to implement a fully redundant system for three key functions because the replacement or repair time for these systems exceeds the maximum tolerable downtime. The analysis of the data gathered in this phase must include IT-specific data so that you can optimize your risk mitigation strategies (coming up in Chapter 5).

The impact of IT on business functions (and the impact of business functions on IT) is usually already pretty well understood by the IT department through normal IT activities. However, the information gathered in this business impact analysis phase will bring to light new priorities, new gaps, and new challenges to be addressed through the IT department. Understanding how this data impacts IT and how IT impacts this data is key to developing a solid BIA and a comprehensive BC/DR plan.

Use the following table of contents to navigate to chapter excerpts.

Business Continuity and Disaster Recovery for IT Professionals
  Home: BIA for business continuity: Introduction
  1: BIA for business continuity: Overview
  2: BIA for business continuity: Upstream and downstream losses
  3: BIA for business continuity: Understanding impact criticality
  4: BIA for business continuity: Recovery time requirements
  5: BIA for business continuity: Identifying business functions
  6: BIA for business continuity: Gathering data
  7: BIA for business continuity: Data collection methodologies
  8: BIA for business continuity: Determining the impact
  9: BIA for business continuity: Data points
  10: BIA for business continuity: Understanding IT Impact
  11: BIA for business continuity: BIA for small business
  12: BIA for business continuity: Preparing the BIA report
Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are emerging as the next big thing in corporate IT circles. With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning. Business Continuity & Disaster Recovery for IT Professionals offers complete coverage of the three categories of disaster: natural hazards, human-caused hazards and accidental/technical hazards, as well as extensive disaster planning and readiness checklists for IT infrastructure, enterprise applications, servers and desktops – among other tools. Purchase the book from Syngress Publishing
Susan Snedaker, Principal Consultant and founder of Virtual Team Consulting, LLC has over 20 years experience working in IT in both technical and executive positions including with Microsoft, Honeywell, and Logical Solutions. Her experience in executive roles at both Keane, Inc. and Apta Software, Inc. provided extensive strategic and operational experience in managing hardware, software and other IT projects involving both small and large teams. As a consultant, she and her team work with companies of all sizes to improve operations, which often entails auditing IT functions and building stronger project management skills, both in the IT department and company-wide. She has developed customized project management training for a number of clients and has taught project management in a variety of settings. Ms. Snedaker holds a Masters degree in Business Administration (MBA) and a Bachelors degree in Management. She is a Microsoft Certified Systems Engineer (MCSE), a Microsoft Certified Trainer (MCT), and has a certificate in Advanced Project Management from Stanford University.

Dig Deeper on Storage Backup and Disaster Recovery Services