Disaster Preparedness: Enable Business Continuity Via a Business Impact Analysis

September 08, 2017

Contributor: Kasey Panetta

Build an IT disaster recovery plan to minimize business impact following a natural disaster.

In the immediate aftermath of Hurricane Harvey and with Hurricane Irma preparations in full swing, it’s important for all organizations to carefully examine their plans for dealing with a natural disaster.

As companies have increased dependence on IT systems to deliver their services more quickly, the ability to recover from the effects of disasters has become more important and more complex.

During and immediately following a disaster, the primary focus for business and IT leaders should be on ensuring the safety of employees and helping out where possible.

Executives affected by these disasters — and those who witness them — recognize the need to plan for these unexpected events. Identifying the most critical business functions and how much investment is required to protect them is critical.

A business impact analysis (BIA) will enable the organization to properly prioritize and organize focus areas in the event of a disaster. Those without BIAs tend to treat all business functions with the same priority, which can mean delayed recovery, unnecessary expense, or failure to protect critical processes and systems.

“Due to highly automated and integrated business processes, organizations suffer significantly when IT, network access or cloud services are unavailable or performing poorly,” says Lowell Shulman, research director. “Organizations require a disaster recovery plan that includes formal BIA to consider the impacts of disruptions to all essential businesses processes and their dependencies. A BIA will enable an organization to focus efforts and investment on those business functions/processes that are most critical to the organization and set expectations for a prioritized recovery timeline.”

Companies looking to create a BIA should follow these steps:

Prework: Build the teams and framework to enable a successful BIA

For the BIA to be effective and thorough, cross-functional involvement is vital. This allows the framework to be reflective of the priorities of the entire organization. A project lead must pull together a team with representation from key organizations that includes an executive sponsor, business operations and optional members from legal, finance, HR and other business units. This team will define the goal and scope, set the timeline, select necessary tools and define a business impact framework.

Read More: Gartner Research and Advice for Disaster Recovery

Step 1: Gather business impact data and recovery requirements

Step 1 requires organizations to design and perform a BIA survey. This survey will capture key data about business operations and the potential impact of that business function being unavailable. Start with a list of business functions from each business unit. This survey should be conducted primarily by those within the BIA team and should be supplemented with in-depth interviews with extended team members.  

Step 2: Consolidate the business impact data

The next step is to assemble the BIA data gathered from the surveys and use the data to identify all necessary components of mission-critical and business-critical business functions. This will ensure that these processes and their dependencies are identified, including whether timely restoration or recovery is needed or possible. From this data, the team should build business process flowcharts with all internal and external components and dependencies.

Read More: Gartner Research and Advice for Disaster Supply Chain Risk Management and Recovery

Step 3: Analyze business impact data and define recovery practices

During this step, the team should collate requirements and objectives for business continuity and disaster recovery. The end result should be a report that reflects the true needs of the organization. The team should agree to a prioritized list of critical processes and components, evaluating financial and nonfinancial impacts. This is the time to identify and define recovery sequences to ensure that the business is up and running to acceptable standards as soon as possible. This analysis should be shared with key stakeholders for validation and feedback

Free Research: Use IT Disaster Recovery Tiering to Build a Recovery Strategy That Works

Step 4: Promote, leverage and update BIA over time

Present the results of the BIA to the executive sponsor and extended team, as well as external partners who will need to act on it. The presentation should have key findings as well as implementation priority recommendations. Remember, this is not a static document but one that should be regularly updated, particularly given the frequent updates and changes in IT and business applications. Best practice is to review the document at least once per year or as part of the process to update or deploy business processes.

Experience Information Technology conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.