What exactly is the business impact analysis methodology ?
The Business Impact analysis is performed as a process-based methodology. The goal is to identify the most important processes that are critical for survival.
The problem with such a methodology is the time and resources needed for larger corporations because of their immense business complexity. Obviously, a thorough analysis of each process and all assets would provide a robust foundation for when performing pre-cautionary measures in order to protect the processes and the assets. Still, it would require a large amount of time and resources, and ultimately it is money companies want to save. Why spend money on pre-cautionary measures if they cost more to implement than the actual potential damage or disruptive event threatening the business?
There is increasing recognition that agility is an imperative for success of contemporary firms as they face intense rivalry, globalization, and time-to-market pressures. To be agile you need to have clarity around your business process and the maturity of the organization in following your processes and procedures.
To help with a Business Impact Analysis Methodology we recommend the BIA Self Assessment Toolkit. This toolkit helps you by providing a thorough list of questions to ask in relation to the maturity of the Business Impact Analysis Processes in the organization. (Avoiding the risk of wasting time and money trying to re-invent the wheel by creating your own list of questions.)
- What methods are in place to account for executive leadership and key personnel authorized to continue MEFs?
- Do you have an emergency on call method completed with designated positions in the event of an emergency event in your organization?
- Does your organization have a method for rapidly contacting all personnel on your list to provide critical information?
- What methods, protocols or procedures are available to contact key personnel both during and after normal work hours?
- Have methods to mitigate the risks identified in the business impact analysis and risk assessment been identified?
- Was there an established methodology used to perform the BIA and document the results of the analysis?
- What was the longest time your organization was unable to function due to the loss or interruption of its usual I/S support in the last 5 years?
- In the event a application or system is unavailable due to a major outage, how long are downtime procedures viable before major impacts occur?
- Which products/services if lost would create the greatest uncertainty in the business leading to staff leaving for more secure work?
- Which of your products/services are competing in a highly competitive market and a loss to competitors would impact significantly?
- What protection methods are in place to reduce loss of essential equipment and files?
- Do key personnel have a method of transportation to the alternate facility?