Business Impact Analysis

Business Impact Analysis (BIA) is a systematic process to assess and evaluate the potential effects of an interruption to operations as a result of a natural or man-made disaster, accident, or other emergency, as well as to gather information needed to develop recovery, prevention, and risk mitigation strategies.  We conduct Business Impact Analysis in accordance with NIST Special Publication 800-34 and best practices outlined by the Disaster Recovery Institute International (DRII).  

Our BIA process includes four steps:

  1. Determine mission/business systems and processes and recovery criticality 
    Mission/business systems and processes are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime.  The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission. 
  2. Identify resource requirements 
    Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible.  Resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records.
  3. Identify recovery priorities for system resources 
    Based upon the results from the previous activities, system resources are linked to critical mission/business processes and priority levels are established for sequencing recovery activities and resources.
  4. Business Impact Analysis (BIA) Report of Findings
  • Identify mission/business processes and recovery criticality:
    • Outage impacts
    • Maximum tolerable downtime
    • Recovery time objectives
    • Recovery point objectives
  • Resource requirements
  • Recovery priorities for system resources
  • Review of business continuity plan to assess potential gaps and to prepare remediation recommendations

Blog & Presentation: Improving Cybersecurity Management with a Business Impact Analysis