Quick Guide on Conducting a Business Impact Analysis

I received a comment on my blog post, “Is a Disaster Recovery Plan Really Necessary?,” that asked an important question. How about a Business Impact Analysis? In order to write a successful disaster recovery plan, you need to conduct a business impact analysis (BIA).

What is a BIA? A BIA is a thorough investigation of your entire company, including business processes and the resources (e.g. computer systems, personnel, etc.), to fully understand the impact on on your business if there were some sort of outage. It allows a company to know which business processes and resources are essential to continue to run with minimal impact.

How do I figure this information out? Extensive interviews of stakeholders have to be conducted in order to comprehend what is vital for the company to continue to run during an outage.  The best way to start is to conduct a survey that asks them questions on how they run their business.  Here are some areas to ask questions on:

• Their current business process
• Current workarounds
• Recovery times

These surveys will be the start point to understand who to interview and the types of documentation that will assist you in the BIA.  Note: Remember to always have the support of management throughout the entire BIA.

During the interview process, you should also be researching and collecting as much documentation as you can.  You should be gathering organizational charts, current flowcharts, reports, metrics, etc.  These documents will help you better grasp the current business processes.

So how do I write this thing? Here is a format that you can use to tailor to fit your needs:

1 Introduction

1.1 Objective

1.2 Scope

1.3 Methodology

1.4 Document Organization

2 References

3 Business Processes

Business Area1: <Business Area Name>

Description:

Personnel Information:

Business Process1 Name and Description

Operational and Financial Impact

Dependencies

Recovery Time

Appendices

Appendix A: Survey

Appendix B: Reports Collected Through the BIA

Photo Detail: Burnt MacBook, originally uploaded by AurélienS.

5 Most Popular Posts on FreeAgentWriter

1.  Is a Disaster Recovery Plan Really Necessary?

Hurricane Katrina and other disasters have made some of us wonder if our IT infrastructure is protected. What can be done to ensure that if there were a natural or man-made disaster, your company would keep running with no issues? The answer is an IT Disaster Recovery Plan.

2. EARTH DAY READING: The Nine Must-Read Feeds for Going Green

What is Earth Day?  It is a day where we can celebrate the beauty that this world holds, and unite to find ways to help keep it the way it is, or make it better.  Below are the nine green RSS feeds that I read every day and provide me with helpful tips and articles to get rid of my own carbon footprint.

3. Disqus vs. IntenseDebate

Which is better for your blog? Disqus or IntenseDebate?

4. The Gray-Hair Factor and Age Discrimination

Everyone is always talking about gender and race discrimination. However, the worst discrimination going on is AGE DISCRIMINATION. Ever since I was a teenager, I’ve had to deal with this type of discrimination in stores, at work, and anywhere else you can think of. It baffles me when I enter a store, and no one greets me, while the gray-haired person behind me, gets two Sales Associates saying hello to him/her right away.

5. Ten Geeky Movie Quotes That Will Aid You in Business

Every geek knows that geeky movies have quotes that can be used in every day life or business. I have compiled the ten best geeky quotes that can be used when you are developing products and/or services for clients.

Is a Disaster Recovery Plan Really Necessary?

Hurricane Katrina and other disasters have made some of us wonder if our IT infrastructure is protected. What can be done to ensure that if there were a natural or man-made disaster, your company would keep running with no issues? The answer is an IT Disaster Recovery Plan.

This vital tool is lacking in many organizations around the country, and it could probably be the reason many will lose tons of revenue and vital information that would have remain intact if they would have taken the time to write one. The following steps will assist you in planning your own IT Disaster Recovery Plan.

Step One: What Risk Should I Analyze?

Conduct a thorough investigation of all the risks that could bring your IT systems come to a halt. What could cause a system outage? If you lived in California, then think about earthquakes. In Florida, think hurricanes. You get the idea.  After you have a list of possible threats, then create a Risk Log. This risk log will contain the following information:

• Risk
• Probability
• Impact
• Risk level (i.e. high, medium, low)

Hint: You can also tailor it to fit your needs by adding more categories.

Some of the risks to look out for that could happen to any company are as follows:

1. Targeted threats – Instead of randomly finding victims like worms, these are tailored to a company or individual.
2. Malicious bots – A program that is forwarded to individuals and waits for command by the hacker to infects the systems.
3. Computer passwords – A serious violation that can leave information vulnerable.
4. hysical assets- How secure is your technology, such as laptops and PDAs?
5. Date backups – Backups are very important because if systems go down, these are the ways to get back on track.

Step Two: How Much Would it Cost?

Think about the amount of money you need to spend in order to protect your business from the risks you listed in Step One. According to DevX.com, disaster recovery budgets are between two and eight percent of an organization’s total IT budget.

Step Three: How Long Will it Take?

Figure out a time table as to when you want to be up and running after a disaster. For some companies, they prefer 48 hours, while others prefer 72 hours afterward. Test, retest your plan to ensure that your estimated time is correct.

Step Four: Who Will Write the Plan?

Management should usually write the IT disaster recovery plan. However, many companies are starting to hire consultants to assist them with this task. An outsider will really view a company’s approach objectively and will provide better insight than someone that is closely connected to the company.

Step Five: Who Will Manage the Plan?

You want to find a team that will ensure that everything is handled according to plan. In the plan, you want to list their roles and responsibilities, so there is no confusion.

Step Six: What Are the Usual Sections of a Written IT Disaster Recovery Plan?

The usual sections are as follows:

• Introduction
• Plan Goals
• Roles & Responsibilities
• Inventory
• Backup Procedures
• Disaster Recovery Procedures
• Recovery Mobile Site (optional but useful)
• System Restoring
• Rebuilding
• Testing Plan
• Appendices (optional)

Conclusion:

Writing is sometimes a task.  Believe me, I should now.  It’s harder when you add technical jargon to it.  However, it is a useful annoyance that could save your company tons of money and work if you take the time to develop an IT Disaster Recovery Plan. Ensure that you test and retest your plan, so there are no surprises if a disaster were to hit.  Let’s hope it doesn’t.

Reexamine your plan every year because as we all know, technology changes with every moment that passes, as well as external risks. Protect your company before it is too late; develop your IT Disaster Recovery Plan now.

Does Your Company Really Need an IT Disaster Recovery Plan?

Hurricane Katrina made us aware of what could happen if businesses do not protect their Information Technology (IT) systems. What can be done to ensure that if there were a natural or man-made disaster, your company would keep running with no issues? The answer is an IT Disaster Recovery Plan. This vital tool is lacking in many organizations around the country, and it could probably be the reason many will lose tons of revenue and vital information that would have been intact if they would have taken the time to write one. The following steps will assist you in planning your own IT Disaster Recovery Plan.

Step One: Risk Analysis

Conduct a thorough investigation of all the risks that could plague your IT system. What could cause a system outage? If you lived in California, then you would think of earthquakes; in Florida, then you would think hurricanes. After you have a list of possible threats, then create a Risk Log. This risk log will have the following:

1. Risk

2. Probability

3. Impact

4. Risk level (high, medium, low)

Hint: You can also tailor it to fit your needs by adding more categories.

Some of the risks to look out for that could happen to any company are as follows:

1. Targeted threats – Instead of randomly finding victims like worms, these are tailored to a company or individual.

2. Malicious bots – A program that is forwarded to individuals and waits for command by the hacker to infects the systems.

3. Computer passwords – A serious violation that can leave information vulnerable.

4. Physical assets- How secure is your technology, such as laptops and PDAs?

5. Date backups – Backups are very important because if systems go down, these are the ways to get back on track.

Step Two: How Much Would it Cost?

Think about the amount of money you need to protect your business from the risks you listed in Step One. According to DevX.com, disaster recovery budgets are between 2 and 8 percent of an organization’s total IT budget.

Step Three: How Long Will it Take?

You have to figure out a time table as to when you want to be up and running after a disaster. For some companies, they prefer 48 hours, while others prefer 72 hours afterwards. Test, retest your plan to ensure that your estimated time is correct.

Step Four: Who Will Write the Plan?

Management should usually write the IT disaster recovery plan. However, many companies are starting to hire consultants to assist them with this task. An outsider will really view a company’s approach objectively and will provide better insight than someone that is closely connected to the company.

Step Five: Who Will Manage the Plan?

You want to find a team that will ensure that everything is handled according to plan. In the plan, you want to list their roles and responsibilities, so there is no confusion.

Step Six: What are the usual sections of a written IT disaster recovery plan?

IBM has an useful IT Disaster Recovery Plan template. Go check it out, so you can have an idea.

Conclusion:

Writing is sometimes a task. However, it is a useful annoyance that could save your company a lot of pain by developing an IT Disaster Recovery Plan. Ensure that you test and retest your plan, so there are no surprises if a disaster were to hit.

Reexamine your plan every year because as we all know, technology changes every moment that passes, as well as external risks. Protect your company before it is too late; develop your IT Disaster Recovery Plan now.