Business Impact Analysis:

Businesses are prone to attacks of different kinds and management has to be prepared to meet
this contingency through identified disaster and recovery efforts. The purpose of the BIA is to
identify the organization's mandate and critical services or products; rank the order of priority of
services or products for continuous delivery or rapid recovery; and identify internal and external
impacts of disruptions. It is important that firms chalk out their recovery plans and continuity
plans so that their critical assets and services are not disrupted or halted in any way. (Doughty)
The methods for establishing component priorities:
The firm must make a check list of all its critical deliveries and determining those dependencies
on which the firm relies heavily upon the specific resources like technolgy supplies and every
other input that goes into the firms input resources have to be identified and made clear. Then
the recovery plan has to be initiated. The recovery plan could include
a. Resources that are needed to recover each component for example when there is a
security breach then data mining or data backup systems need to be identified for putting
the data management systems back into order.
b. Identification of all human personnel that could be deployed in terms of an impact. For
example chief technolgy officer should be made in charge of recovery of data.
c.plan activation details, including a clear statement of the circumstances when the plan will
be activated and who is authorized to do so
d.incident response team details, including key roles and responsibilities

e. an emergency kit
f. evacuation procedures for your premises
g. a communication plan, including key communication methods and timings needed to keep
everyone safe
h. contact lists for all the people you will need to communicate with during a crisis, including
staff and emergency services
i. an event log to record information, decisions and actions that you take during a crisis.
j. What are the daily activities conducted in each area of my business?
k. What are the long-term or ongoing activities performed by each area of my business?
l. What are the potential losses if these business activities could not be provided?
m. How long could each business activity be unavailable for before my business would
suffer?
n. Do these activities depend on any outside services or products?
o. How important are the activities to the business where would each activity fall in relation
to the rest of the business?

Identify dependencies:
This is the most critical of all impact analysis as it identifies dependencies of critical services and
products that are both internal and external to the organization.
Internal dependencies include employee availability, corporate assets such as equipment,
facilities, computer applications, data, tools, vehicles, and support services such as finance,
human resources, security and information technology support.
External dependencies include suppliers, any external corporate assets such as equipment,
facilities, computer applications, data, tools, vehicles, and any external support services such as

facility management, utilities, communications, transportation, finance institutions, insurance

providers, government services, legal services, and health and safety service.
Recommendation:
Firms and management have to keep in mind that there is a succession and cntunity planning that
has ot be initiated and so the firm should have
a.
b.
c.
d.
e.
f.

A continuity planning register

A risk management register along with mitigation schemes
It must also have a checklist of critical structure and information
Must identify the personal responsible for continuity
Should budget for this on high priority
Communicate the same to all stakeholders

Conclusion:
A business impact analysis is recommended for every firm because the magnitude of loss cannot
be ascertained till the attack has happened and critical areas lost out. Preparing to meet this is one
of the best ways for businesses to survive and continue. Hence BIA is very necessary for every
organization.
References:
Doughty, Ken. 'Performing A Business Impact Analysis'. EDPACS 18.9 (1991): 1-7. Web.
McCrackan, Andrew. Practical Guide To Business Continuity Assurance. Boston: Artech House,
2005. Print.
Krahulec, Josef, and Miroslav Jurenka. 'BUSINESS IMPACT ANALYSIS IN THE PROCESS
OF BUSINESS CONTINUITY MANAGEMENT'. Security and Defence 6.1 (2015): 29-36.
Web.