Business Impact Analysis

A Business Impact Analysis (BIA) is a key step in the contingency planning process. The purpose of the BIA is to correlate specific system components with the critical services that they provide, and based on that information, to characterize the consequences of a disruption to the system components. Key steps are listing critical IT resources, identifying disruption impacts and allowable outage times, and developing recovery priorities.

Our organizational Business Impact Analysis methodology is tightly coupled with procedures outlined in the following National Institute of Standards and Technology (NIST) Special Publications:

NIST SP 800-34: Contingency Planning Guide for Information Technology Systems. 
NIST SP 800-30: Risk Management Guide for IT Systems
NIST SP 800-53: Recommended Security Controls for Federal Information Systems.

Combining best practices from these guidelines with a well defined process for executing a BIA allows organizations to :

  • Effectively identify the true organizational impact of any unplanned disruption of critical information processing systems or other key assets,
     

  • Identify sources of threats and noteworthy vulnerabilities which could lead to unplanned outages/disruption of service,
     

  • Implement appropriate safeguards to minimize the likelihood and consequences should any identified threats occur, and
     

  • Develop cost-effective and appropriate contingency plans, an essential component Disaster Recovery/Business Continuity Planning.

© 2007 Security Risk Solutions, Inc.  All Rights Reserved

  
  • Proven Methodology
  • Achievable
  • Invaluable Results