A business impact analysis results in the differentiation between critical and non critical processes and components. A component is considered critical if the stockholder implication of any damage to the organization resulting from the loss or unavailability of that operational component is regarded as unacceptable. Acceptability of the estimated impact from disruption can be assessed according the approved risk appetite of the organization.
The tools that can be used to prioritize critical activities include a business impact reference template and a BIA template (Insurance commission of WA - Risk Cover Division, 2009). A business impact reference table provides definition to different categories of impact and severity levels. The BIA template is captures impact information for each component assessed along two dimensions that are severity and duration of outage. These templates along with follow up interviews include items such as dependencies of the function that particular department performs, operational and financial impact that would be realized if that function is not performed recovery resources etc. All the business activities of the organization are then identified. Each business activity then becomes subject to BIA reference template and BIA template.
The analysis then determines Maximum Acceptable Outage (MAO) for each activity. MAO indicates the maximum amount of time before the disruption will cause critical loss or damage. Another important BIA value can also be calculated i.e. Recovery time objective (RTO), which is the acceptable amount of time to restore the function (Organizational - resilience, 2012). After identification of MAOs of all the activities a consolidated BIA report is then formulated that distinguishes the activities into two main groups i.e. critical and non-critical for business continuity purposes. Identification of the critical components is the output of this step. A function will be considered critical if it has serious financial as well financial consequences in case of disruption and also damage to the public image and reputation.
A BIA report is formulated that documents the potential impacts that could arise as a result of non performance of that function. Financial as well as operational impact of significant and critical business operations should be assessed by considering different BIA scenarios.
Question 2
After the formulation of consolidated business impact profile, the next important task is the identification of minimum resource requirements for continuity of business. This refers to identifying critical dependencies and resources such as people, IT systems, data backup etc that are ...