Business Impact Analysis/Business Continuity Management
Continuity management is the process by which plans are put in place and managed to ensure that IT Services can recover and continue should a serious incident occur. It is not just about reactive measures, but also about proactive measures - reducing the risk of a disaster in the first instance.
In addition to being required by some of our federal laws, Continuity management is so important that many organizations will not do business with IT service providers if contingency planning is not practiced within the service provider’s organization. It is also a fact that many organizations that have been involved in a disaster where their contingency plan failed, ceased trading within 18 months following the disaster.
Continuity management is regarded as the recovery of the IT infrastructure used to deliver IT Services, but many businesses these days practice the much further reaching process of Business Continuity Planning (BCP), to ensure that the whole end-to-end business process can continue should a serious incident occur.
Continuity management involves the following basic steps:
Prioritizing the businesses to be recovered by conducting a Business Impact Analysis (BIA)
Performing a Risk Assessment (aka Risk Analysis) for each of the IT Services to identify the assets, threats, vulnerabilities and countermeasures for each service.
Evaluating the options for recovery
Producing the Contingency Plan
Testing, reviewing, and revising the plan on a regular basis