Business Impact Analysis

From Wikipedia, the free encyclopedia

This article or section is not written in the formal tone expected of an encyclopedia article.
Please improve it or discuss changes on the talk page. See Wikipedia's guide to writing better articles for suggestions.
This article may need to be wikified to meet Wikipedia's quality standards.
Please help improve this article, especially its introduction, section layout, and relevant internal links. (help)

[edit] Business Impact Analysis

A Business Impact Analysis (BIA) is part of a Business continuity plan (BCP). A BIA verifies the financial loss over time when Information Systems (IS) are lost, or down, due to a disaster. A BIA will also offer different cost-to-recover solutions and outline the point where it makes fiscal sense to invest in a disaster recovery plan.

A BIA will state Recovery Time Objectives (RTO). These objectives are the time frames that information systems must be up and running to keep the organization’s business afloat. Significant to RTO will be individual system dependencies. This is critical as a Web order system, for example, may have a RTO of 2 hours, but the systems that support it may have a RTO of 8 hours. This means the RTO of the Web order system can't be met unless the RTO for the supporting systems is changed.

A BIA performs a Risk Assessment of the IS infrastructure, including all components of the infrastructure (servers, storage devices, network devices...anything and everything in the IS infrastructure). It will make recommendations on mitigating any risks found, based on the vulnerabilities discovered.

Furthermore, the BIA will recommend different recovery solutions and graph those solutions against the business impact showing the point where the two intersect, that is, the point where the cost-of-recovery equals the financial loss along with outlining, over time, a point where the loss is so great, recovery is unattainable. With this information, decision makers are better equipped to make an intelligent decision as to which recovery solution is the right one for their particular situation.

The BIA will include:

• Project Scope & Objectives • Summary of the Findings (including the Risk Assessment Findings) • Existing Strengths and Problem Areas • Business Impact vs. Cost-to-Recover Graph • Recommendations

The most important outcome of a BIA is that it will outline the financial impact on an organization should a disaster occur along with the annual cost to develop and maintain a disaster recovery solution.

For more information, see Disaster Recovery at: http://www.sans.org/reading_room/

Retrieved from "http://en.wikipedia.org../../../b/u/s/Business_Impact_Analysis_6c50.html"