BIA/BCP/DRP

Do you know what’s important to power day-to-day business operations? Without a mapping between IT and your company, it’s nearly impossible to know what’s crucial.

What is a Business Impact Analysis (BIA)?

Business Impact Analysis is the process of developing and distributing a questionnaire to determine the Financial Impact and Operational Impact on an organization if its business offices and/or data center facilities are not available for an extended time. (FEMA/ready.gov) The BIA consists of a set of interviews for business units (BUs) within an organization. For example, Nth would interview a leader from IT, a leader from Finance, and a leader from HR. Some questions include:

• What are the most critical applications you are using?
• How long can you afford for your system to be down?
• What are your recovery time objectives (RTO)?

Why is a BIA important?

The reality is, work disasters happen in every industry. A disaster in the business environment is any event that creates an inability on an organization’s part to provide essential products and/or services for an indefinite period of time. (FEMA/ready.gov) A BIA helps the company recover from disasters; however, the main goal is to analyze the company’s current systems, and prevent disruption from happening.

What is Business Continuity Planning (BCP)?

Business continuity planning is the process of developing and documenting arrangements and procedures that enable an organization to respond to an event that lasts for an unacceptable period of time and to return to performing its critical functions after an interruption. (FEMA/ready.gov) Following the BIA, a formal document called the BCP collapses all the information gathered from the BIA. The BIA and BCP allow organizations to understand what’s important to the business. All organizations in any industry can use a BIA and BCP as every company should know what assets are critical to the business, so they can create a disaster recovery plan.

What is a Disaster Recovery Plan (DRP)?

“It would take at least three months for half of U.S. small businesses to recover from a natural disaster. So why it is two out of three small business owners don’t have a written disaster recovery plan?” (Source)

A disaster recovery plan is the management approved document that defines the resources, actions, tasks, and data required to manage the technology recovery effort. It usually refers to the technology recovery effort. (FEMA/ready.gov) A disaster recovery plan consists of 2 parts: a Recovery Point Objective (RPO) and a Recovery Time Objective (RTO). The RPO is the measure of how much data loss, in hours or days, is acceptable to an organization. The RTO is the period of time within which systems, applications, or functions must be recovered after an outage. (FEMA/ready.gov) A DRP is focused on the IT systems that power the applications which power the business services identified as a part of the BIA.

What is the process of a BIA/BCP/DRP project with Nth?

1. Kickoff call to describe what the engagement consists of, the resources, time allocations, and what the deliverables are
2. Nth sends out a BIA plan document and each BU fills it out with their team and submits to Nth for review
3. Nth conducts a consultation reviewing the document and refines if necessary
4. Once the BIA plans are done for all BUs, collapse all BIAs into one central BCP document
5. The BCP helps Nth to prepare a DRP, if necessary