Business Impact Analysis

ISO 22301 describes Business Impact Analysis as: A process of analysing activities and the effect that a business disruption might have upon them.

Business Impact Analysis activities are delivered as meetings with individuals as well as with groups of people as workshops to gather the required information. All activities are delivered to assess the impacts of activity disruption and the resulting consequences to the delivery of the organisations key products and services.

The key outputs achieved through completing Business Impact Analysis activities are:

  1. To identify the activities that underpin the delivery of the organisations key products and services
  2. To assess the impacts over time to the organisation if these activities are prevented from being performed
  3. To determine the timeframes these suspended activities (and data) must be resumed by in order to ensure that no further (potentially irreversible) damage is sustained by the organisation. These are known as Recovery Time Objective (RTO), Maximum Tolerable Period of Disruption (MTPD) and Recovery Point Objective (RPO)
  4. To establish all of the dependencies such as IT (including communications), other departments, suppliers and niche skill sets (as examples) required for the activities to be conducted

DisasterComUK consulting practitioners have conducted Business Impact Analysis activities in the form of group workshops and individual meetings with organisations in the Private and Public sector spanning local and international business locations. Each specifically tailored to gather the required data in the most productive, time-efficient manner, and in a format that can be used again by the employing organisation.