As the first step in business continuity planning, a business impact analysis (BIA) requires a strategic understanding of the business as a whole to drive the conscious, informed prioritization of functions across the entire organization.
But as you know if you’ve ever tried to do a BIA, developing that holistic organizational view is no easy task. Just gathering and organizing the required data is a significant undertaking.
Determining the Scope of a Business Impact Analysis
Many organizations try to make their BIA more manageable by breaking it down into department-sized chunks, with different groups conducting BIAs in silos. But this can be a major mistake that threatens the viability of the entire business continuity initiative.
You can’t truly understand recovery requirements unless you compare the functions and the recovery requirements of those functions across the entire organization. It doesn’t work to do a BIA for marketing, and then later do one for operations, for example. You can gradually expand the scope of a BIA department by department, but you can’t effectively plan for recovery unless you decide upfront how the recovery priorities that bubble up from departments compare company-wise.
Further, unless you have a strategic view of recovery requirements, you’re probably going to fail to recover your functions in the proper timeframes. Time is money, and the shorter the recovery time of anything the more expensive recovery is going to be.
Organizations have limited resources not just financially but in terms of staffing. The more an organization relies on shared support functions such as IT, the harder it is to manage and support the recovery of multiple departments at the same time.
Say your business owns 30 systems and has 5 IT people. Then say you do your BIA in silos. Marketing identifies a system it needs in 2 days, Operations identifies a system it needs in 2 days, and so on.
That may look great until a disaster occurs and IT gets the order to restore all those systems in two days, and they just can’t do it… Suddenly someone has to make some hard choices on-the-fly to override approved priorities when they’re already in a very confusing situation.
This is the kind of problem that an operational test, simulation or tabletop exercise should quickly reveal.
To empower your organization to efficiently and cost-effectively handle the impacts of disruptive forces, contact Pivot Point Security.