When a business begins their journey to plan for potential major disruptions (such as a fire or system crash) or natural disasters (such as a hurricane or flood), they often hear a lot of buzz around two different terms – A Business Impact Analysis and a Disaster Recovery Plan.
If you’re not sure what the difference is (or what they are in the first place), I’m here to bring clarity so you know exactly how your business can benefit (and stay protected) with both.
The Business Impact Analysis (BIA) defined
A Business Impact Analysis (BIA) is a process to determine the potential effects of an interruption to business operations and determine ways to mitigate the impact of a given interruption.
Without understanding the risks and putting effective controls in place, businesses can face significant negative impacts if an interruption keeps them from doing business for an extended time period. In extreme cases, an interruption could put a firm out of business if they are not properly prepared for the potential risks.
5 key components of a good Business Impact Analysis
- Obtain executive support – From the very start, in order to create a successful Business Impact Analysis, support from executives in your company is pivotal. Executive support will enable you to get cooperation from key departments in your organization.
- Achieve complete organizational understanding – During any good BIA, an intensely thorough deep-dive into what the organization is about, how it functions, essential processes, main business goals, etc. is absolutely necessary. It helps to identify the main procedures and systems that may be impacted by an impending disaster. Such engagements typically employ processes to review information technology components combined with interviews with the various levels and departments of an organization. This allows the team to gain a sufficient overview of the business processes and applications used to conduct and manage a given organization’s business.
- Identify clear priorities – Any time FlexManage conducts a BIA, we outline clear and direct priorities regarding recovery time objectives (RTO) and recover point objectives (RPO). If we don’t know what the goals are regarding recovery timing after or during a disaster, we cannot make the right decisions regarding the correct procedures or tools we should utilize when selecting a strategy or developing the Disaster Recovery Plan. RTO and RPO are the foundation of a solid BIA.
- Get everyone on the same page – Communication is key. After FlexManage conducts a BIA for a client, we take the necessary time to touch base with the proper stakeholders or personnel to ensure that our findings are accurate and that the entire team is on board. After all, success is all in the details.
- Update your BIA and DR Plans regularly – If an organization has experienced resources in place that can perform the Business Impact Analysis, it should be performed on a regular basis. Otherwise, there are consulting firms like FlexManage that specialize in this type of engagement. Based on findings during these reviews, the DR Plan should be updated accordingly.
The Disaster Recovery (DR) Plan defined
After you’ve conducted a thorough Business Impact Analysis, the next thing you’ll want to do is create your Disaster Recovery (DR) Plan. The DR Plan is a set of applications and processes that supports an organization’s ability to respond to a situation that could cause a business interruption.
The 5 key ingredients of a good Disaster Recovery Plan include:
- Define clear goals – Your BIA should have helped you find out just how much downtime your business could possibly tolerate. From there, you also want to take inventory of all software/hardware assets. Doing so will help you outline your goals and your needs and decide on a backup and recovery solution that best fits your business.
- Create scenarios – Based on the nature of your business, come up with a list of common “disaster” scenarios that could occur. Write out what might happen, how your company should respond, and all the necessary parties/steps that will be involved. These scenarios will lay the groundwork for your DR Plan.
- Allocate team roles – It’s not enough to have a plan if you don’t know who will put it into action! Be extremely clear about who is involved in each scenario, and make sure everyone is fully aware of their responsibility and ready to jump into action if necessary.
- Utilize a Disaster Recovery as a Service (DRaaS) solution – Having the best plan is just as important as having the best technology. At FlexManage, we offer our clients a DRaaS solution that combines Azure Site Recovery (ASR), Azure Backup, Azure ExpressRoute and System Center DPM that (together) is a best-in-class DR solution. You’ll want to find a really good Disaster Recovery as a Service provider that you can rely on.
- Get your people on board – So leadership is up-to-speed, but what about all the other employees at your firm? How will they know what to do in the event of a disaster? You must create communications to clearly explain protocol for all defined scenarios, answering questions like, “How should employees prepare before a hurricane hits?” or “How should employees communicate if systems go down?” Even going as far as to provide a comprehensive list of emergency numbers and websites would be a good idea.
CHECKLIST – How to tell if your business needs a Business Impact Analysis
Not sure if you should invest in a BIA or create a DR Plan? Use our short checklist to help you decide. Answering “yes” to one or more is a good indication that you should consider moving forward with a BIA or DR engagement:
- Have you recently lost a significant amount of data or productivity due an unplanned disaster, such as weather events or earthquakes, a critical system component failure, or an outside malware attack?
- Have you recently had changes to your business model and/or business applications at your organization?
- Have you recently had changes to key business leadership positions in your organization?
- Have you recently had changes to IT technical infrastructure?
What are the deliverables after a BIA or DR engagement?
Typically, after our firm performs a BIA or DR engagement with one of our clients, we offer them a number of deliverables to help them sleep better at night, knowing that they have a plan to keep them safe from any type of disaster.
- We provide a written report that identifies high-level gaps for the DR solution for each application reviewed.
- We create a prioritized list for improvements / remediation of the DR solution architecture and processes.
- We hand off a detailed, written Disaster Recovery Plan to cover all discussed applications.
Hopefully you now have a clear understanding of how the process works – start with the Business Impact Analysis, and then fortify with a solid Disaster Recovery Plan.
Stay tuned for the next blog post, which will break down Recovery Point Objective (RPO) and Recovery Time Objective (RTO), two of the most important measures of a successful Disaster Recovery Plan.
Want to learn more about potential risks to your business (and how to recover from them quickly)? Download our INFOGRAPHIC – 4 Essential Steps to Keep Your Business Safe from Disaster.