It is a data collection process to identify the critical functions and resources of an organization and understand their impact on business when these critical functions are disrupted.
This information forms the foundation of recovery strategies, investment in prevention and mitigation strategies (www.ready.gov).
BIA identifies the critical business functions and their impact but do not recommend solutions, which is later covered in the scope of Business Continuity Plan. BIA acts as an input provider to BCP. In a nutshell, one can define BIA is a top down approach for (i) Identifying critical business functions (ii) Identifying critical resources (iii) Identifying Maximum Acceptable Outage and …show more content…
Before an organization puts down a plan to remain operational during a disruption, they need to understand what are the critical functions of the business, which directly relates to the mission of the organization. Obviously, there would be more than one functions which would be critical to the organization, but the organization needs to decide and prioritize which are the most critically important functions which ensure the survivability of the organization. The priority is set by analysing the impact of these critical business functions when they are not functional. So, there are two very important steps (i) Identify the critical business functions and (ii)Understand their impact. These two steps form the core of the BIA based on which the continuity plan is developed which addresses the solution that needs to be implemented to keep the critical business functions operational when disaster …show more content…
We have considered non-critical functions also because they also impact the business and needs to be addressed sooner than later.
c) Prioritization: Further analysis of the business functions has helped us to understand what is absolutely critical (the business mission cannot survive without), major (the business mission can survive without it only for a shorter duration of time) and minor (does not fall into the category of major and minor). Any disruptions in business critical functions immediately impact the business mission, whereas, disruptions more than 24 hours, in the case of major business functions, would have an impact on the business mission. In the case of minor functions, there won’t be a significant impact on business until a couple of days of their disruption. The time limit is referred to as Maximum Acceptable Outage (MAO) and the business functions are classified based on their MAO.
The table below shows the IT systems and applications that would be impacted in situations of disruptions. Recovery time for each system and application would be equal to less than the MAO as any time more than the MAO would have a direct impact on the business