In an article which provides background information for those who are new to the business continuity profession, Jordan MacAvoy explains what a business impact analysis is and describes its role in the business continuity planning process.
A business impact analysis (BIA) is widely accepted to be a crucial part of a business continuity plan (BCP). This analysis enables companies to identify the financial effects of disruptions to their business. To understand how a BIA helps create a business continuity plan, its essential to distinguish the two concepts. It will also help to understand the benefits of a BIA and the checklist you should follow when creating a BCP.
A business impact analysis versus a business continuity plan
A business impact analysis determines the effects of a sudden disruption of business functions. The analysis is done in terms of the cost to your business. A BIA also highlights the essential business functions that will be affected by a disruption. This allows you to create a BCP based on the recovery of these critical functions. Generally, the BIA focuses on the effects of a disaster and sets priorities for resource allocation while determining the best way to recover from the disaster.
A business continuity plan lays out the steps that should be taken to recover from a disruption. Therefore, a BIA provides the foundation for an effective business continuity plan. BCPs deal with the technical operations, personnel, and any other resources to facilitate business continuity. A BIA is used in conjunction with a business continuity plan to enable a business to minimize downtime and to ensure your workforce is productive even during a crisis.
Benefits of a business impact analysis
One of the primary benefits of conducting a business impact analysis is that it confirms the scope of a business continuity program. The BIA determines the activities and resources that will help a company deliver its most crucial products and services. By understanding the impact of business activities and resources associated with disruption, you can better determine the scope of your business continuity plan.
Many businesses don't understand their contractual obligations during disruption. A BIA helps your organization understand these obligations and the implications of not meeting those obligations. As a result of this analysis, you'll create a BCP that ensures you're compliant with all your contractual obligations in the event of a disaster.
A business impact analysis helps you estimate the amount of money you’ll spend on your business continuity strategy. Understanding financial, contractual, operational, and reputational impacts enable you to develop an appropriate business continuity strategy. You can identify and implement the right capabilities necessary to meet your recovery objectives. This results in appropriate spend.
Last but not least, the business impact analysis helps collect data for business continuity plans. When conducting a business impact analysis, your business will collect content like recovery strategies, existing controls, internal and external contact details, team and staff requirements, and other important information that will be used when formulating a business continuity plan. This information will present a starting point for the BCP as opposed to starting from scratch.
A checklist for a business continuity plan and where the BIA fits in
1. Designate a team
The first step towards making an effective business continuity plan is finding the right team. Select one person to head the team and then assign specific roles to each of the team members. A typical business continuity team should consist of a senior manager, information officer, program coordinator, and representatives from each division of your company. The number of members in the team will vary depending on the size of your company.
2. Conduct a business impact analysis
The next crucial step in creating a business continuity plan is performing a business impact analysis. This analysis determines each impact of the disruption of business processes and functions. The analysis also uses this information to suggest recovery priorities and strategies. The results of the business impact analysis help the BCP team predict the potential consequences or impacts of a disruption on business functions. The results of the BIA are used to formulate a business continuity plan.
The business continuity team will use the findings of the business impact analysis to develop recovery and response strategies. These findings help the team create plans to address the effects of the disruption. During this stage, team members will develop cost estimates about how the business will mitigate risks and threats and recover from a disruption.
4. Back-up data
You need to prioritize on the data that's most important to your business continuity. The ideal data backup plan involves creating copies of things you cannot replace. If you're faced with a huge disruption, a good backup strategy will make sure you don't experience any downtime.
5. Develop a business continuity plan
At this stage, you should start your plan. This will be a rough draft. The next steps include communicating the plan to all the team members and letting everyone know their role in the BCP. The next phase is training the team members on their roles, testing the recovery strategies, making the necessary adjustments, and retesting the plans. Business continuity planning is a continuous process; therefore, you should test your plans frequently and make updates where necessary.
Business impact analysis and business continuity plans are compatible processes that are crucial when recovering from a disaster. The analysis helps you determine the potential risks and the impact of a disruption while the plan lays out the steps of mitigating the losses and resuming normal business operations. Understanding how to conduct a BIA and the steps necessary in formulating a business continuity plan is crucial if you're to recover from any business disaster.
Jordan MacAvoy is the CEO and founder of TalPoint, the #1 marketplace that connects independent security, risk, privacy and compliance experts with businesses in need. Prior to founding TalPoint, Jordan served as the Vice President of Marketing and Business Development at Reciprocity Labs, a leading Information Security focused GRC SaaS solution. Before Reciprocity, Jordan served in executive roles at Fundbox, a Forbes Next Billion Dollar Company, and Intuit, via their acquisition of the SaaS marketing and communications solution, Demandforce. He brings to the team two decades experience helping businesses solve challenging problems through the adoption of novel and innovative solutions. Jordan is a graduate of Boston University.