What is the purpose of a BIA?
The Business Impact Analysis (BIA) identifies and prioritizes the business units, departments, operations, and processes that are essential for the continuous delivery of technologies and services to the organization. The BIA document outlines and defines the critical business systems in use at your organization, enabling you to prioritize critical systems to ensure the continued delivery of technology services and critical business functions in the event of a disruption.
To build high availability production systems for the fastest recovery from multiple possible disruption scenarios, careful planning, preparation, and creation of robust recovery processes and procedures are required. VCSR analyzes systems, documents findings, and provides design recommendations based on the current state of IT infrastructure and required Recovery Time Objectives.
Conducting a BIA enables a company to develop systematic and logical recovery plans that allow them to respond rapidly and decisively to a crisis, reducing financial costs, downtime, harm to reputation, and other damage from a disaster. The BIA process prepares your team for negative events and equips an organization to react in the most effective way, allowing companies to allocate scarce resources where they will be most beneficial and make well-informed decisions during a crisis.
How we perform a BIA
VCSR distributes a set of Business Impact Analysis questionnaires to key leaders across your company’s departmental and technical functions. We then follow up with interview sessions to learn about the current state of your company’s capabilities for recognizing and responding to risks which would negatively impact all identified departments. These interviews with business leaders focus on identifying critical applications and other systems that require solutions resulting in system high availability. Additionally, each leader identifies critical processes and system dependencies for their departments.
The goal is to determine the systems and applications’ maximum outage and recovery timelines that would cause significant financial (resulting from operational outage) or reputational, loss of life, public health, and over-all risk to your company and its organization if exceeded. To determine these requirements, VCSR and your company perform the following actions:
- Interviews: VCSR in collaboration with your company’s point of contact, interview staff to determine the critical business processes, services, applications, and systems used to conduct business.
- Disaster Preparedness Artifacts Review: your company supplies current-state Disaster Recovery (DR) and Business Continuity (BC) artifacts including departmental BIA questionnaires, Access Control Plan, Risk Assessment Plan, Recovery Policies, Incident Response Plan and Policies and procedures. VCSR analyzes these as part of the Business Impact Analysis.
- Infrastructure Artifacts Analysis: your company supplies a current-state overview of technical infrastructure Recovery Time Objective (RTO) and Recovery Point Objective (RPO) specifications. VCSR analyzes these against questionnaire/interview responses as part of this risk preparedness review.
What we identify
We organize resources according to the following categories:
- Foundational. If these are offline for more than eight (8) hours, it will significantly impact safety, revenue generating processes, or company reputation/operations.
- Critical. If these are offline for more than 24 hours, it will significantly impact animal welfare, revenue generating processes, or company reputation/operations.
- Essential. If these are offline for up to 48 hours (about 2 days), it will begin to impact revenue generating processes, or company reputation/operations.
- Important. If these are offline for more than 72+ hours, it will begin to impact the ability of employees responsible for safety or other critical infrastructure.