A business impact analysis (BIA) is a process utilized by companies to identify the effect of external and internal impacts upon the business functions within your organization. This process will help to establish which business functions are the most critical to your company’s survival in the event of a failure or business disruption. It is only by identifying and understanding risk and impact of various scenarios to your business that you will get a full picture of your vulnerabilities. This in turn will allow you to focus your technology and business planning and spending.

Comparatively, a risk analysis involves the most probable threats to an organization and analyzing the related vulnerabilities of the organization to those threats. It includes evaluating existing physical and environmental security and controls while assessing their adequacy relative to the potential threats to the organization.

Business impact analysis involves identifying the critical business functions within the organization and determining the impact of not performing the business function beyond the maximum acceptable outage. Criteria that may be used in the BIA evaluation process include: customer service; internal operations; legal and financial.

The value of the BIA development is dependent upon the participation of the entire organization. Interviewing key production or functional managers who are close to the day to day operations, as well as senior management who have the long term vision will ensure that the BIA is structured to account for the big picture. It is important to review and prioritize the BIA findings with the team’s input.

After the BIA has been completed by all functional areas of the business, the team should be able to assign Recovery Time Objectives (RTO) to each function based on the responses. The RTO is the time within which the function must be back in operation or negative impact to the business will result. This allows you to assign risk levels and the costs associated to the disruption.

Completion of the BIA allows you to focus on the key business areas in your Disaster Recovery and Business Continuity Planning. It insures that the key business operations are maintained during a disruption of service, and avoids concentrating on areas that may not have the greatest fiscal impact.