Here’s why you need to conduct a BIA and how you can get started.
Have you identified which of your business operations must keep running, no matter what? Have you determined the maximum outage each business function can endure before it hurts your business? Have you assessed the short-term and long-range impact? Have you searched for a hole in the ground to bury your head after reading these questions?
There’s no need for you to run, hide or panic if you haven’t planned ahead for an unplanned downtime. BUT there is a need for you to conduct a Business Impact Analysis. And what is the purpose of the business impact analysis (BIA)? A BIA helps you identify where your vulnerabilities are, prioritize the importance of each business function, and then develop a business continuity management strategy should disaster strike. Here are some of the critical steps to take when conducting a Business Impact Analysis for your company:
Identify the people, places and programs critical to the survival of your business.
Start by listing the key processes and applications (internal and external) that are necessary to continue critical business functions (CBF). Then look for dependencies that may exist between processes and resources. If one of your servers goes down, will it knock out the others? Are there particular apps that, if inoperable, would render other ones useless? This step will help you pinpoint and rank the importance of each process and determine which areas you need to secure around the clock.
Understand the maximum downtime your company is able to tolerate
Once you know what your key processes are, you can assess your maximum tolerable downtime (MTD) or the max time you can withstand the unavailability of the business function. Can you get away with 24 hours? 48? 72? Or would 15 minutes be enough to hurt your productivity and reputation? Knowing your MTD will help you determine what your Recovery Time Objective (RTO) should be to get your systems (hardware, software and configuration) restored.
Determine the costs of various disruption scenarios.
Not all system disruptions are created equal. Each comes with its own set of costs, periods of downtime and methods of repair. For example, what would the effect of a sustained loss of power be to your facilities? Or a natural disaster? Or a hardware failure? Or a cyberattack? Applying an estimated cost to multiple disruption scenarios helps you put solutions and procedures in place should calamity strike, and also helps you focus on prevention strategies as well.
Consider who and what is absolutely necessary to restore critical operations.
You might think that once your systems are back online you can pop the champagne bottle, and perhaps the IT team can do just that. But from a business function perspective, there’s still work to do before you can resume production. You need to know who the staff members or suppliers are who will get critical functions up and running again. Identify who they are and what the work recovery time (WRT) will be. Once all systems affected by the disaster are verified and recovered, you’ll be back in business!
While there is no set standard or template for conducting a BIA for your company, we have prepared a Business Impact Analysis Checklist to help guide you through the process.
And if you have any questions about your company’s IT operations, give us a call! RCN Business Managed Services offers a wide range of solutions to help prepare for and lessen the impact of unplanned downtimes, along with a host of services to ease the general complexities associated with managing mission-critical applications.