Business Impact and Risk Analysis as a part of disaster recovery planning

Business Impact and Risk Analysis as a part Disaster Recovery Planning A robust Disaster Recovery Plan is a necessity for all big and small businesses. Businesses that think a disaster will never happen to them, may be correct most of the time. However, the “once in a lifetime disaster”, is all that is needed to send a thriving business sans a Disaster Recovery Plan, into the shores of bankruptcy. Sanguine as one may be, a business going under is easier than one imagines.

Two crucial cogs in the Disaster Recovery Plan are Business Impact Analysis and Risk Analysis. However, Business Impact Analysis and Risk Analysis have to be at the correct stage of the overall Disaster Recovery Plan. Only then will it have the needed impact as a part of the Disaster Recovery Plan.
The overall goals of a Disaster Recovery Plan are:

  • To device strategies and procedures to help an organization resume normal operations after a disaster
  • To achieve normal or near-normal production within the shortest possible time
Environmental Disasters Chemical Spills and Discharges

With these goals in mind, it can be seen that the Business Impact Analysis has to be done before Risk Analysis. The purpose of the Business Impact Analysis is to determine the most critical business functions in the organization, along with the assets that are needed for these functions. Once the critical functions have been determined, the Risk Analysis will list out the vulnerabilities, both external and internal, that the assets providing core business can be subjected to.

Business Impact Analysis as a component of Disaster Recovery Plan

Some of the critical business functions that could impact production during a disaster that have to be factored into a Business Impact Analysis are:

  • Halt in business functions that generate revenue
  • Death and injuries to critical staff
  • Loss of production center
  • Death or incapacitation of top decision making management staff
  • Damage to assets linked to production

By posing a series of questions to key members of an operating sub-unit in an organization, it is possible to determine the business impact of a halt in production in that particular sub-unit. Therefore, at the end of this exercise, the big picture will emerge as to the order of criticality of each function. The Business Impact Analysis can now be formulated on the data obtained.

Some of the questions which have to be asked to obtain adequate information for Business Impact Analysis are

    • What are the critical and non-critical business functions of a particular unit and how does it operate?
    • What are the critical functions of each unit?
    • What is the revenue loss per hour for the unit in case of production downtime?
    • What are the external and internal inputs required for production in the unit?
    • What data is required for production?
    • What is the minimum recovery time to restore data to a pre-disaster state?
    • What is the minimum staff requirement to keep the unit operational?
    • What are the minimum assets required for production?

These are some of the answers to be elicited for Business Impact Analysis, but it is no means exhaustive

The Business Impact Analysis should have clarity on the following

  • Potential problems a business could face
  • Probable cost associated with a particular type of problem
  • Level of protection to be given to a unit depending on its criticality
  • The level of acceptable disruption
  • The minimum level of assets required to maintain production
  • The critical staff required to re-start and maintain production till normalcy is restored

Risk Analysis as a component of Disaster Recovery Plan

The Risk Analysis should primarily focus on the following risks associated with a disaster:

  • Loss of production center
  • Loss of critical data
  • Loss of IT/Manufacturing functions
  • Loss of skilled hands due to death/incapacitation or any other factor

Some of the common disasters that could strike a business are

  • Fire at production center
  • Power outage at production center
  • Illness/incapacitation of staff
  • Adverse weather conditions such as tornado, hurricane etc
  • Flooding and/or water damage
  • Accidental loss of data due to an employee mistake

By questioning and working with unit managers, it is possible to determine events which could adversely affect production. Some of the risks may be endemic to that area, whereas other types of risks could be a once in a life time event. Using available statistics, it is possible to have a reasonable estimate of the likelihood of an event occurring in that area and assign a risk factor to it, using standard guidelines.
Business Impact Analysis and Risk Analysis are key components of a Disaster Recovery Plan. When Business Impact Analysis and Risk Analysis are well formulated, it will go a long way in making a robust Disaster Recovery Plan.

Get Template

Disasters

Request a Demo