Essential Guide

Essential guide to business continuity and disaster recovery plans

A comprehensive collection of articles, videos and more, hand-picked by our editors
Manage Learn to apply best practices and optimize your operations.

Risk assessment analysis and BIA data in BC plans

Examine how BIA and RA data are used to formulate business continuity strategies. It's common to bypass these steps, but the data can result in more precise and focused BC plans.

The process of developing business continuity and disaster recovery plans has several stages, but the initial discovery...

activities include a business impact analysis and risk assessment analysis. The next step is to formulate strategies to deal with the various risks and threats to critical business processes identified in the BIA and RA. The result is a completed business continuity plan.

This article explains the relationship between business impact analysis and risk assessment analysis findings, and then briefly describes how to develop business continuity/disaster recovery strategies and build BC/DR plans.

Business impact analysis data

The results of a BIA identify a number of key areas:

  • The most critical business functions and processes to be recovered and restored in the aftermath of a disruptive event.
  • Resources the organization needs to support those key operations, such as email, a suite of office applications, databases, laptop computers, Internet access, remote access and phones.
  • Key internal and external dependencies, as well as vital records and other documentation whose loss could impact the recovery of critical procedures.

Once the organization has identified the critical business processes and related assets and resources, the next step is to identify and assess the risks and threats that could disrupt the continued business performance.

business impact analysis, risk assessment, business continuity
A typical sequence of activities, as specified in global business continuity standards and good practice documents.

Risk assessment analysis data

It's important to determine external risks and threats as well as the vulnerabilities within the organization -- such as having only one data center or using legacy systems.

Use a risk assessment process that identifies the following:

  • Risks and threats.
  • The likelihood that risks and threats could occur.
  • The potential damage if they occur.
  • The financial implications of the threat occurring.

These risk factors are typically mapped to the critical processes identified in the BIA.

By mapping business impact analysis and risk assessment analysis data, you can zero in on the most critical business processes and the risks and threats that could disrupt them. This data is then used to determine the best ways to mitigate the potential damage to critical business operations if the identified risk or threats actually occur.

Identify business continuity strategies

The next step in the BC planning process is identifying business continuity strategies.

The three-step process of performing a business impact analysis, mapping the risk assessment analysis to the BIA and then defining a strategy ultimately generates the data organizations will use to prepare their BC plans. These results identify and prioritize the most critical business activities and resources, and define how a potential disruption can be mitigated or managed.

business continuity strategy
This flow chart shows how BIA and risk assessment data are used to transition into BC strategy development.

Examples of business impact analysis and risk assessment strategies that can be used to overcome disruptions include:

  • Data replication to ensure data is current and readily available.
  • Alternate work areas in case the main location is unavailable.
  • Remote access to corporate systems and applications so people can continue to work during a disruption.
  • Use of remotely hosted systems and applications that reduce the chance of a disruption as compared to when systems are locally hosted.

Next Steps

Risk assessments can be relatively simple

Five steps to a successful risk assessment procedure

Specialized software can help business impact analysis

This was last published in May 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Essential guide to business continuity and disaster recovery plans

Join the conversation

5 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Which is more important and why: Business impact analysis or risk assessment?
Cancel
Lack of BIA or risk analysis is an excellent blueprint for disaster :/ It's hard to believe, how omitting this steps can be a common practice. This is a very bad news :(
Cancel
I agree--and it's really hard to do one without the other. After all, if you don't know which systems should be protected and against what, you're right--it is, indeed, a blueprint for disaster (and no recovery!).
Cancel
I don't see anything in here about testing, or updating.
Cancel
That's because the story is about risk assessment and BIA--not exactly "testable" practices.
Cancel

-ADS BY GOOGLE

SearchSolidStateStorage

SearchCloudStorage

SearchDataBackup

SearchStorage

Close