The ultimate business continuity planning tool including business impact analysis (BIA)

Business Continuity Expert

Javascript DHTML Drop Down Menu Powered by dhtml-menu-builder.com

Use BC Expert software including professional business impact analysis (BIA)
All three versions of the BC Expert software include professional business impact analysis (BIA) functions


Using impact analysis to establish recovery time objectives (RTOs) and impact analysis values

Business Impact analysis (BIA) is a critical part of the organizational resilience process and is used for setting recovery times and criticality as well as driving risk treatment strategy and risk treatment projects. An impact analysis should result in the differentiation between critical and non-critical operations and critical and non-critical components. Operations or operational components may be considered critical if the implications for stakeholders of damage to the organization resulting from loss or unavailability of that operation or operational component are regarded as unacceptable. Acceptability of the estimated impact from disruption may be judged according to the established risk appetite of the organization and the approved risk policy. Risk treatment and risk treatment strategy are normally identified with regard to the cost of establishing and maintaining appropriate business or technical recovery solutions. An operation or operational component may also be considered critical if dictated by a regulatory or legal requirement. For each critical operation or operational component that is considered to be within the scope of the organizational resilience project, two important BIA values can then be assigned:

  • Recovery Time Objective (RTO) - the acceptable amount of time to restore the function.

  • Maximum tolerable period of disruption (MTPD) – the maximum amount of time before the disruption will cause significant and critical losses or damage.

  • Criticality value - establish how important a component is to the business

A critical start point for business contin uity is a business impact analysis BIA

Business impact analysis and assessment

 When analyzing your business for the purposes of improving continuity and resiliency, it is necessary to identify and assess the likely impact on the organization from potential disruptive events. Also known as business impact analysis, this risk based process is often considered to be a rather daunting procedure as it often involves making a subjective assessment on disruptive events where the severity can range from minimal to catastrophic. This lack of clarity causes confusion and uncertainty and makes the process of defining specific outcomes difficult and can be subject to many disagreements about how an accurate result can be achieved. At long last help is now available that removes much of the complexity and establishes a workable and practical framework that is easy to understand and implement. The BC Expert software outlined on this website provides a simple methodology for achieving this and it really works.

Setting priorities for impact analysis

After defining and analyzing potential hazards and threats, calculating and assessing the resultant impact scenarios that form the basis of the response and recovery plan the development of a series of relevant and formal plans is recommended. As a general rule priorities for development of these plans should be based on the criticality levels established through the impact analysis of the potential incidents that could occur. The business impact analysis (BIA) is the cornerstone of the business continuity process.
     

 

BC Expert available in three scalable versions:

Silver:        Risk, BIA, business continuity (BCP) plans (more)

Gold:          Full functionality for best BCP practise (more)

Platinum: Multi-enterprise BCP version (more)

Using the Organizational Resilience Software to conduct effective impact analysis

The first stage in the risk identification and impact analysis is to identify the organization’s critical objectives. This will cover all important products and services created and delivered to the customers plus all critical potential non-compliance items. These critical objectives will be identified during the organization components mapping process which should support detailed dependency setting and should create the ability to cascade established impact values to all related operations and operational components. Once these critical objectives have been identified, it is necessary to identify a range of measurable impact categories that relate to the organization. Impact categories could include items such as financial loss; loss of business; environmental loss; or regulatory non-compliance etc. The BC Expert software delivers a range of standard impact category areas but the User can adjust these very easily to make the list specifically relevant to the organization’s needs and perceived areas or risk. The User also establishes up to five measurement periods for assessing impact from the moment that the disruptive incident occurs. The software includes a default setting for these periods but they can be easily changed to match the User’s needs. The User then assesses the impact on the organization from the interruption to the critical objectives within each period and this creates a recovery objective for the selected item. These values are then cascaded through the mapped components with adjustments for the level of dependency as set by the User. This process results in clear and verifiable criticality values, clear and verifiable recovery time objectives, and clear and verifiable maximum periods of tolerable disruption

       

Home Business continuity Disaster recovery Crisis management Contingency management Business continuity plan Sitemap Business continuity BCP