Business Impact Analysis

IT 360 helps you identify the critical functions of your business without which your organization would have a critical impact. Our Business Impact Analysis helps you identify what they are and educate you how your organization will be impacted.

In our Analysis a function may be considered critical if the implications for stakeholders of damage to the organization resulting are regarded as unacceptable. A function may also be considered critical if dictated by law. For each critical (in scope) function, two values are then assigned:

  • Recovery Point Objective (RPO) – the acceptable latency of data that will be recovered
  • Recovery Time Objective (RTO) – the acceptable amount of time to restore the function

The Recovery Point Objective will ensure that the Maximum Tolerable Data Loss for each activity is not exceeded. The Recovery Time Objective will ensure that the Maximum Tolerable Period of Disruption (MTPD) for each activity is not exceeded.

Next, the impact analysis results in the recovery requirements for each critical function. Recovery requirements consist of the following information:

  • The business requirements for recovery of the critical function, and/or
  • The technical requirements for recovery of the critical function

Recovery requirement documentation

After the completion of the analysis phase, the business and technical plan requirements are documented in order to commence the implementation phase. A good asset management program can be of great assistance here and allow for quick identification of available and re-allocatable resources. For an office-based, IT intensive business, the plan requirements may cover the following elements which may be classed as ICE (In Case of Emergency) Data:

  • The numbers and types of desks, whether dedicated or shared, required outside of the primary business location in the secondary location
  • The individuals involved in the recovery effort along with their contact and technical details
  • The applications and application data required from the secondary location desks for critical business functions
  • The manual workaround solutions
  • The maximum outage allowed for the applications
  • The peripheral requirements like printers, copier, fax machine, calculators, paper, pens etc.