Content Collection
While there are many methodologies available for performing an impact analysis and numerous conventions for structuring the final document, effective BIAs have more to do with content than format.
At a minimum, the BIA should contain a comprehensive catalog of business and support functions within the organization; some description of those functions, lists of critical systems and other resources involved in maintaining them; and a spider web of dependency/support relationships between the surveyed business functions.
Getting this minimal data can be a serious chore. Typically, most BIA endeavors begin by asking managers directly for specific details about the areas of the business for which they are responsible. Many BIA initiatives will start by sending questionnaires to sales managers, marketing executives and business unit directors that ask for information related to the function, operation and dependencies of the processes they oversee. These questionnaires are less intrusive to the business than gathering the information via an interview, so they're used more often.
Responses from the key managers can be used to map out dependency relationships and locate "hidden" processes, such as low-visibility functions or those performed outside the firm by a vendor or trusted partner. Examples are outsourced support-desk help or vendor-provided maintenance. These functions might be critical to business operation, but given thei
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com

r vendor-supplied nature, they may not be apparent in budgets or have dedicated personnel. These previously untracked activities can be added to a master inventory and their managers invited to participate in the BIA process; their input may yield even more areas to examine.
At the end of the exercise, the business is left with a comprehensive catalog of all functions and a precise road map of how they interact. The remaining task is to document those relationships and ensure updates are made as processes change.
In addition to documenting how business processes interact, it's important to collect financial information about them. Access to finances allows you to predict potential lost revenue, productivity costs and opportunity costs related to downtime in individual business units. Business managers will likely have basic profit and loss information for systems, but since you ultimately want to shed light on total downtime costs, you'll need to gather additional data.
To create this more detailed financial profile, enlist other areas of the firm to help. For example, the compliance department can provide insight into the fines or penalties that may be incurred if a particular process suffers downtime, while the legal department can help you understand what potential contractually de-fined fees you might owe if you are unable to provide service to clients for an extended period of time.
This financial picture can then be tied to the dependency information collected so that you can see, in dollars, the impact of one or more processes being unavailable.