Business Impact Assessment and Analysis - FAQs:

Who performs the business impact assessment (BIA)?

A group of people. Normally the management of the business will agree amongst themselves what the most important business functions are and what the risks are related to an inability to perform them. More details are then gathered from the parts of the organisation who are involved with the day-to-day activities associated with these priorities. They will identify what they need to continue operating during a disruption including key IT systems and workplace requirements

What tools do we need to perform a business impact assessment?

Many organisations use spreadsheets to capture and analyse this information. Spreadsheets are readily available, most people know how to use them  and their tabulated format makes them particularly helpful to present and analyse information.  Our business continuity plan templates download includes a business impact assessment template that will help you to capture the right information

What are the Business Impact Assessment & Analysis steps?

There are main steps to business impact assessment and analysis:

  1. The management of the organisation t set the general direction and scope of the business continuity planning effort by identifying priority activities and the disruption thresholds that can be tolerated.

  2. After being given the general steer from management, departments involved in the day-to-day activities associated with the identified priorities add detail by identifying what IT systems and other resources are required to recover following a major disruption and when these resources need to be available to avoid exceeding the thresholds set by management.

  3. Once the more detailed considerations for maintaining business continuity have been defined, the results of the business impact assessment are normally shared with the service functions in the organisation (such as Facilities and IT) so that they can give feedback on the current capabilities to meet these requirements. Hopefully, capabilities will align with requirements and progress can be made to the more detailed phases of business continuity plan development. If not management decisions will be required to either invest in improving recovery capabilities or accept a greater level of risk.

When should the Business Impact Assessment be reviewed?

once a business impact assessment has been developed it needs to be reviewed from time to time. Things change in an organisation -  the increased capability for remote working, for instance might significantly change the approach to workplace continuity, IT systems are changed. These can all affect the way that the business continuity plan is deployed and operated.  An annual review as part of an overall assurance programme  is highly recommended