A business impact analysis (BIA) is the process of identifying mission critical systems, determining the maximum outage each business function can endure, and assessing the short-term and long-range impact.
Why Is BIA Important?
There’s no need for you to run, hide or panic if you haven’t planned ahead for an unplanned downtime. BUT there is a need for you to conduct a Business Impact Analysis. A BIA helps you identify where your vulnerabilities are, prioritize the importance of each business function, and then develop a business continuity management strategy should disaster strike.
Here are some of the critical steps to take when conducting a Business Impact Analysis for your company:
How To Conduct A Business Impact Analysis
Identify the people, places and programs critical to the survival of your business.
Start by listing the key processes and applications (internal and external) that are necessary to continue critical business functions (CBF). Then look for dependencies that may exist between processes and resources. If one of your servers goes down, will it knock out the others? Are there particular apps that, if inoperable, would render other ones useless? This step will help you pinpoint and rank the importance of each process and determine which areas you need to secure around the clock.
Understand the maximum downtime your company is able to tolerate
Once you know what your key processes are, you can assess your maximum tolerable downtime (MTD) or the max time you can withstand the unavailability of the business function. Can you get away with 24 hours? 48? 72? Or would 15 minutes be enough to hurt your productivity and reputation? Knowing your MTD will help you determine what your Recovery Time Objective (RTO) should be to get your systems (hardware, software and configuration) restored.
Determine the costs of various disruption scenarios.
Not all system disruptions are created equal. Each comes with its own set of costs, periods of downtime and methods of repair. For example, what would the effect of a sustained loss of power be to your facilities? Or a natural disaster? Or a hardware failure? Or a cyberattack? Applying an estimated cost to multiple disruption scenarios helps you put solutions and procedures in place should calamity strike, and also helps you focus on prevention strategies as well.
Consider who and what is absolutely necessary to restore critical operations.
You might think that once your systems are back online you can pop the champagne bottle, and perhaps the IT team can do just that. But from a business function perspective, there’s still work to do before you can resume production. You need to know who the staff members or suppliers are who will get critical functions up and running again. Identify who they are and what the work recovery time (WRT) will be. Once all systems affected by the disaster are verified and recovered, you’ll be back in business!
And if you have any questions about your company’s IT operations, give us a call! RCN Business Managed Services offers a wide range of solutions to help prepare for and lessen the impact of unplanned downtimes, along with a host of services to ease the general complexities associated with managing mission-critical applications.
IT Disaster Recovery Planning: Essential to Business Survival
There’s no threshold for vulnerability when it comes to disasters. Whether natural or manmade, catastrophic events don’t discriminate based on the type of business, its size, age or location. Many businesses think they're too small to need a plan when, in fact, an effective IT disaster recovery plan may be the difference between company survival or failure.Download the White Paper