In our first integrated business resiliency post, we talked about weaving resiliency into the fabric of your organization by following four principles of integrated business resiliency: prioritization, alignment, preparation and visibility. Let's take an in-depth look at the first principle, prioritization — specifically at the important role the business impact analysis (BIA) plays in setting priorities.
The BIA is essential to business resiliency planning because it allows you to measure the relative importance of each business activity and its support functions (i.e., systems, facilities and information) based on its criticality to the organization. This criticality drives prioritization of resiliency efforts.
Criticality should be measured in terms of impact to the organization's strategies, finances, compliance, and information integrity, among other factors. Understanding these impacts makes it possible to see exactly where a business disruption, resulting from a natural disaster, a cyber attack or other extreme event, will pose the greatest threat to an organization. Once you know that, you can make well-informed decisions about priorities for business resiliency planning.
It's important to understand that the BIA isn't a one-time exercise; rather, it's an ongoing, evolving activity that redirects recovery priorities as the organization's objectives and strategies change. Organizations don't stand still. They change constantly, with mergers and acquisitions, new products and services, geographic moves and evolving strategies. That's why the BIA is never merely a "check the box" activity performed only to satisfy auditors. To realize the greatest value from it, you need to use it as a means of regularly examining the various moving parts in relation to each other and making decisions about priorities based on those interrelationships at any given time.
The BIA is what enables you to prioritize resiliency measures, recovery planning and recovery testing for various parts of the organization, and to prioritize how you'll allocate budget and other resources to support these activities. After all, it's not unusual for an organization to have hundreds of different processes and systems in place, and it may not be practical or sustainable to build the same degree of resiliency into all of them. The BIA gives you the information you need to set priorities based on what is most important in business terms.
Learn more about how you can prepare your organization to be more resilient by downloading Key Principles of Integrated Business Resiliency. Then watch for other posts in the coming weeks that include practical information about putting these principles into action.
Author: Patrick Potter
Category: RSA Fundamentals, Blog Post
Keywords: BIA, Business Impact Analysis, Resiliency, Business Resiliency