Business Impact Analysis
Business Impact Analysis
“Business impact analysis(BIA) is the method of deciding out which processes are crucial to the organization’s continuing success, and knowing the impact of a disturbance to those methods.Several measures are used incorporating internal operations, customer service, regulatory or financial andlegal. The main purpose is to know the critical business process and functions those to the different information systems.” (Snedaker, S., 2007)
In this assignment, the interdependencies and priorities between the processes to be fully understood.BIA needs not only the knowledge of business function but also a complete understanding of the company itself, comprising individual business units, IT resources and the interdependencies between each. This job will require the assistance of senior executives and the collaboration of business unit managers, IT personnel and end users.
BIA needs not only the knowledge of business function but also a complete understanding of the company itself, comprising individual business units, IT resources and the interdependencies between each. This job will require the assistance of senior executives and the collaboration of business unit managers, IT personnel and end users.The steps within the BIA include
• Plan data-gathering methods
• Collect BIA data
• Check entirety of data
• Distinguish crucial business functions and resources
• Discover recovery time for various jobs and functions.
• Establish recovery options and budgets
Once business functions and processes have been evaluated and prioritized, the BIA should classify the likely impact of independent, non-specific events on these business functions and processes. “Non-specific events should be recognized so that administrators can focus on the result of several interruptions instead of particular threats that may never affect services. At that time, management should never neglect possible risks that are obvious in the company’s critical area. For example, financial institutions may be located in flood-prone areas, near fault lines, or in areas subject to hurricanes or storms.” (http://ithandbook.ffiec.gov)
Business functions are divisions of the company that has particular objectives or roles such as operations, sales, finance, or HR. “Business processes are the specified methods and operations used to achieve those purposes. Both functions and processes must be evaluated in order to fully explain the company’s important work.” (Snedaker, S., 2007)
The phase may originally prioritize business processes based on their criticality to the company’s achievement of necessary goals and the maintenance of safe and valid practices. The prioritization must be developed to discuss what processes are most important to the company.After considering the analysis of data from the BIA, it is important to divide the company’s recovery into particular areas, functions, or categories:
There are different methods of estimating the potential loss in BIA. One of the most common methods is the questionnaire. This method demands the development of a questionnaire circulated to end usersand senior executives. “The purpose of this method is to maximize the identification of real loss from the people completing business processes risked by the disaster. This questionnaire might be distributed and independently developed or filled out during an interactive interview process.”(Gregg, M. 2009).
- Recovery of Facility and supply.
- Recovery of Business processes.
- Recovery of various operations.
- Recovery of Data and information.
Various methods for determining component reliance and dependencies are:
“Once the BIA is complete, it should be evaluated during the risk assessment process and incorporated into, and tested as part of, the BCP. The BIA should be reviewed by the board and senior management periodically and updated to reflect significant changes in business operations, audit recommendations, and lessons learned during the testing process. In addition, a copy of the BIA should be maintained at an offsite location so it is easily accessible when needed.” (http://ithandbook.ffiec.gov)
- Determine the significant business systems for the organization that serves. This results can be recorded and followed in a spreadsheet. In various cases, the result data can be combined to critical systems. This is particularly true in e-commerce organizations.
- List each system as business critical, important or non-critical. If a selective system was not ready for an hour, a day or a week, you can ask system operators what would occur. In maximum situations, you can immediately classify systems based on operator replies.
- Record which components of the system have cross-dependencies. There may be non-critical systems that serve as upstream or downstream components to the critical system. Example, DNS service may not look as being critical to an online store until it is determined that the credit card gateway depends on DNS to send credit card requests and process transactions. This kind of cross-dependency may expect a reclassification of systems when associated with critical applications.
- “Recovery methods are the predefined actions that administration has allowed in the case when normal services are disrupted. To decide the best strategy to recover from a given break, the company must assess and complete:
- Complete documentation of all costs correlated with each likely alternative
- Priced cost estimates for any external services that might be required
- Written contracts with chosen vendors for all external services
- Likely resumption procedures in case there is a total failure of the facility
- Complete documentation of findings and conclusions as report to administration of chosen recovery strategy for feedback and approval.”(Gregg, M. 2009).
Business Impact Analysis. (n.d.). Retrieved February 26, 2016, from http://ithandbook.ffiec.gov/it-booklets/business-continuity-planning/business-impact-analysis.aspx
Gregg, M. (2009). CISSP Exam Cram: Business Continuity and Disaster Recovery Planning. Retrieved February 26, 2016, from http://www.pearsonitcertification.com/articles/article.aspx?p=1329710
Snedaker, S. (2007). Business continuity and disaster recovery planning for it professionals. Burlington, MA: Syngress.
Click following link to download this document
Business Impact Analysis.docx