Business Continuity Management is essential for every organisation in order to ensure that your business can survive even in the face of crises or disasters, and a Business Impact Analysis (BIA) is the foundation for any solid business continuity framework. A BIA is the step where you identify the processes that are most critical to your organisation. Often companies won't allocate an adequate amount of time or resources to properly identify these factors and instead jump straight into creating recovery strategies and plans. Start with a BIA, so you're covered.
Upon completion of a BIA, you should know the following:
By knowing how long your business can survive, you'll be able to define your Maximum Acceptable Outage (MAO) period for each function. The MAO is the amount of time from when a crisis happens to the time when a critical business function must be fully operational in order to avoid serious financial loss. To identify all the above takes time and the input from the right people, so it's not as simple as sitting in a room one afternoon and smashing it out (unless, perhaps, your company is less than 5 people).
Step 1: Identify the scope of your BIA
Especially if your organisation is large, it may not be necessary to involve all parts of the company in your BIA initially, or at all. Before you start mapping out your organisation's critical business functions, determine which parts of the business are most critical and focus on those. Business 2 Community recommends keeping your scope small and manageable. For large companies, this means limiting your review to the most significant 7-10 business departments or units.
Once you have identified the departments you'll be covering, figure out the people you'll need to interview for the assessment. These should be the individuals who are doing the hands-on work and therefore are most knowledgeable of critical processes and vulnerabilities. They are the most likely to be able to give you the accurate detail you need. If and when there is technology involved in these parts of the company, make sure to include an IT person in addition to the person who does the job, because even if someone knows how to use the software, he or she may not know how it works on the back end. Lastly, set up a timeline for conducting and finalising your BIA. Not only will this keep you on track but it will also help with the next two steps.
Step 2: Establish the value of the BIA with your management team.
If you're conducting a BIA, hopefully that means that your organisation understands and supports the need for business continuity management and having a business continuity plan. However, they may not realise what goes into the BIA specifically, so once you've determined the scope, who will need to be involved and the timeframe, present your plan to your management team, so they realise the investment into the BIA process, the value that will stem from your work and have all the information upfront.
Step 3: Schedule and prepare for your BIA interviews
According to your timeline, set up time (allot about 2 hours) to interview those you've identified as the most knowledgeable about every process they handle and the potential impact it would have on the company should a disruption happen. Prior to the interview, try to gather basic information about the sector of the business you'll be reviewing such as number of people who work in it, an overview of their processes and systems and hours of operation. This will help make the interview be smooth and efficient.
Step 4: Host your BIA interviews
In hosting meetings, your goal is to understand the critical functions of your organisation's core business departments and the potential impact if and when those processes or systems get disrupted. To reach this goal, you should be asking the following questions.
Following every meeting, you'll want to share a recap with the person you interviewed, so they have the chance to review and verify all the information is correct.
Step 5: Analyse the data and prepare a report
During this step, review all the data you've gathered and assess what functions are most critical as well as sort through any findings you aren't clear about. Compile your results into a report. This should include:
Once you've created this report, share it with your management team and set up a time to review and address any questions. With their approval of either all or at least your most important recommendations, you and organisation will not be in the best position possible to build your recovery strategies and plans.
For assistance with your company's business continuity management, software like RiskWare's Business Continuity Module can be incredibly helpful in facilitating and organising your business impact analysis process, among other elements of your BCM framework.
Ready to Learn how RiskWare can help?Let's organise a time to speak to one of our Risk Specialists and you can learn why millions of users around Australia trust RiskWare to manage their organisations Risks.
|
To learn more about how RiskWare is making the world a little less risky, visit us at RiskWare.com.au.