Business Impact Analysis

  • Security Risk Solutions
  • A Business Impact Analysis (BIA) is a key step.

    In the contingency planning process, the purpose of the BIA is to correlate
    specific system components with the critical services that they provide, and
    based on that information, to characterize the consequences of a disruption
    to the system components. Key steps are listing critical IT resources,
    identifying disruption impacts and allowable outage times, and developing
    recovery priorities.

    Our organizational Business Impact Analysis methodology is tightly coupled
    with procedures outlined in the following National Institute of Standards and
    Technology (NIST) Special Publications:

    • NIST SP 800-34: Contingency Planning Guide for Information Technology
      Systems.  .
    • NIST SP 800-30: Risk Management Guide for IT Systems .
    • NIST SP 800-53: Recommended Security Controls for Federal
      Information Systems.

    Combining best practices from these guidelines with a well defined process for executing a BIA allows organizations to :

    • Effectively identify the true organizational impact of any unplanned
      disruption of critical information processing systems or other key
    • Identify sources of threats and noteworthy vulnerabilities which could
      lead to unplanned outages/disruption of service,
    • Implement appropriate safeguards to minimize the likelihood and consequences should any identified threats occur, and
    • Develop cost-effective and appropriate contingency plans, an essential component Disaster Recovery/Business Continuity Planning.