Assessment

Business Impact Analysis

A business impact analysis (BIA) identifies and analyzes your business functions then aligns IT appropriately with the business. The objective of the BIA is to identify the effects of a disruption of business functions and provide strategies to mitigate and minimize the risk to your business.

Details

The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business processes that the system supports and using this information to characterize the impact on those processes if the system were unavailable.

WWT services are designed using the ISO Technical Standard for Business Impact Analysis (BIA) and are aligned with industry-leading accrediting agencies. Based on interviews, WWT will gather business impact and recovery requirements to support the critical business processes.

The BIA is composed of the following three steps: 

  1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission.
  2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related inter-dependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components and vital records.
  3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources.

WWT will determine, based on our process, the Maximum Tolerable Downtime (MTD) for the applications. The MTD represents the total amount of time leaders/managers are willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave continuity planners with imprecise direction on (1) selection of an appropriate recovery method, and (2) the depth of detail which will be required when developing recovery procedures, including their scope and content.
 
WWT will also identify a Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD.
 
Finally, we will determine a Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data must be recovered (given the most recent backup copy of the data) after an outage.
 
Selected Deliverables 
  • Document inter-dependencies between business process and the supporting applications (data /applications, supply chain management, third-party partners and other resources)
    • Intra-departmental 
    • Inter-departmental 
    • External relationships 
  • Document the order of recovery for core and supporting business functions and technology 
  • Organize and present findings to customer
    • Business unit reports 
    • Executive level report 
  • Recommendations for DR delivery based on application criticality