What is Business Impact Analysis?Tim Stock
In short, it’s a process of assessing the potential impact of an interference in a business’s IT. It typically forms part of a disaster recovery plan and involves outlining what resources a business is dependent on and setting recovery targets. Without a business impact analysis, a disaster recovery plan will be ineffective at protecting critical data. Along with a comprehensive backup solution, it’s a key element of ensuring your business is protected, no matter what. To fully answer the question of “what is business impact analysis?” we’ll go through each step one by one.
Scoping out the project and aligning leadership
To start the process off, everyone needs to be on the same page about what they’re protecting. What data would a business be unable to function without? How much of it needs to be protected? This will mean liaising with heads of department. The process can then be coupled by identifying who should be involved; i.e., which heads of department are needed to help gather data. Before proceeding, the entire leadership team must be aligned on the above.
Here we are looking to determine what processes and activities are performed by various departments in order to serve the business’s customers. Numerous details will need to be acquired. These include:
- Process name
- The process’s peak operation times
- Where the process is performed
- Which team members are involved in the process
- The process’s dependencies; personnel, equipment, etc.
- The likelihood of those dependencies going down
- What kind of downtime would be expected without that process
- Regulatory or compliance impacts
These details will be acquired by questionnaires or interviews from managers, team members, and anyone else with valuable knowledge about the processes in question.
Reviewing and analysing the information
What is business impact analysis if it doesn’t involve carefully pouring over data? The objective of this stage is to create a list of business processes and prioritise each one. Then, given the priority level, the aim is to outline a timeframe for recovering the process and returning it to normal after a disaster. The higher the priority level, the shorter the timeframe allowed.
Creating the report
Now it’s time to document what you’ve learned from the start of the project to the end. There are no hard and fast rules here but typically the following elements should be included in the report:
- The scope of the project
- The team members involved
- The methods used for gathering data
- A summary of what was learned
- Finer details on each department such as the impact of disruption and critical processes
The document is then ready to be factored into a disaster recovery plan.
So, what is business impact analysis? It’s essentially the process of outlining what really matters in your business so you can devise a way to best protect it. No backup and disaster recovery program would be complete without it. Of course, there’s plenty more to backup and disaster recovery, which is why we’ve created our latest eBook. It offers a 101 on everything you need to know about protecting your business in the event of a disaster.