If you’re working on a business impact analysis and have identified your business processes, you’ll want to assess the impact to your organization when each process is disrupted. It doesn’t matter if it’s an earthquake, flood, tornado or simply a careless construction worker down the street that interrupts power to your business. All that matters is the impact: the power is out indefinitely and your critical processes are not functioning.
The common impact scenarios you’ll likely encounter are:
- Loss or denial of physical access
- You have physical access, but technology isn’t working
- Both of the above
The typical BIA talks about financial impacts and operational impacts. Depending on your type of organization, there are other types of impacts you should plan for as well. A good working list includes:
- Legal and regulatory compliance
- Impact on your customers
Regardless of the type of impact, look at its severity; is it low, medium or high? This will be the basis for forming your recovery requirements. Obviously, those with higher impact severity will demand quicker attention.
Finally, it’s important to understand how an interruption to one process may affect other processes when estimating the maximum allowable downtime. Interdependencies include a wide variety of resources that must be identified and quantified in terms of their importance to each business process.