A Business Impact Analysis (BIA) is a process to provide a greater understanding of how a business works and reveals the effects of losing critical parts of your business processes. It serves as a foundation for introducing a Business Continuity Management Plan (BCMP) and can be used to develop strategies and plans for a business to recover in the case of a potential threat or event happening.
Whilst a Business Impact Analysis is one of the requirements of the ISO22301 Business Continuity Management System standard, even if you’re not aligning to this standard, we would advise that an organization conducts a Business Impact Analysis and puts a Business Continuity Plan in place to reduce the impact of potential internal and external threats.
The BIA distinguishes between critical and non-critical business activities. Two values are assigned for each critical function:
Note: the BIA is:
The Business Impact Analysis is the foundation for the Business Continuity Plan. A BIA ensures recovery and continuous performance of essential business functions occurs quickly through all circumstances in an emergency. The BIA provides a methodical approach to examine, identify, and prioritise the mission essentials listed below:
The BIA process consists of the following areas:
Key Questions to be considered are:
The Business Impact Analysis Report contains the following information:
It is important to take the time to produce a good Business Impact Analysis and report as this will provide the solid foundation to create, implement and embed a BCMS that will be effective during disruptive incidents.
Written by Ted Spiller, CertiKit’s Compliance Consultant. Ted has worked for many year’s in ISO standards and is an ISO22301 Auditor.
For more guidance on implementing the ISO22301:2019 standard, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.