In the contingency planning process, the purpose of the BIA is to correlate
specific system components with the critical services that they provide, and
based on that information, to characterize the consequences of a disruption
to the system components. Key steps are listing critical IT resources,
identifying disruption impacts and allowable outage times, and developing
recovery priorities.

Our organizational Business Impact Analysis methodology is tightly coupled
with procedures outlined in the following National Institute of Standards and
Technology (NIST) Special Publications:

• NIST SP 800-34: Contingency Planning Guide for Information Technology
  Systems.  .
• NIST SP 800-30: Risk Management Guide for IT Systems .
• NIST SP 800-53: Recommended Security Controls for Federal
  Information Systems.

Combining best practices from these guidelines with a well defined process for executing a BIA allows organizations to :

• Effectively identify the true organizational impact of any unplanned
  disruption of critical information processing systems or other key
  assets.
• Identify sources of threats and noteworthy vulnerabilities which could
  lead to unplanned outages/disruption of service,
• Implement appropriate safeguards to minimize the likelihood and consequences should any identified threats occur, and
• Develop cost-effective and appropriate contingency plans, an essential component Disaster Recovery/Business Continuity Planning.