How to perform an impact assessment

If you’re working on a business impact analysis and have identified your business processes, you’ll want to assess the impact to your organization when each process is disrupted. It doesn’t matter if it’s an earthquake, flood, tornado or simply a careless construction worker down the street that interrupts power to your business. All that matters is the impact: the power is out indefinitely and your critical processes are not functioning.

Impact scenarios

The common impact scenarios you’ll likely encounter are:

  1. Loss or denial of physical access
  2. You have physical access, but technology isn’t working
  3. Both of the above

Impact categories

The typical BIA talks about financial impacts and operational impacts. Depending on your type of organization, there are other types of impacts you should plan for as well. A good working list includes:

  1. Financial
  2. Operational
  3. Legal and regulatory compliance
  4. Impact on your customers
  5. Reputation

 

Impact severity

Regardless of the type of impact, look at its severity; is it low, medium or high? This will be the basis for forming your recovery requirements. Obviously, those with higher impact severity will demand quicker attention.

Interdependencies

Finally, it’s important to understand how an interruption to one process may affect other processes when estimating the maximum allowable downtime. Interdependencies include a wide variety of resources that must be identified and quantified in terms of their importance to each business process.