Using Business Impact Analysis Results To Build Resiliency

In our first integrated business resiliency post, we talked about weaving resiliency into the fabric of your organization by following four principles of integrated business resiliency: prioritization, alignment, preparation and visibility. Let’s take an in-depth look at the first principle, prioritization —specifically at the important role the business impact analysis (BIA) plays in setting priorities.

The BIA is essential to business resiliency planning because it allows you to measure the relative importance of each business activity and its support functions (i.e., systems, facilities and information) based on its criticality to the organization. This criticality drives prioritization of resiliency efforts.

Criticality should be measured in terms of impact to the organization’s strategies, finances, compliance, and information integrity, among other factors.  Understanding these impacts makes it possible to see exactly where a business disruption, resulting from a natural disaster, a cyber attack or other extreme event, will pose the greatest threat to an organization. Once you know that, you can make well-informed decisions about priorities for business resiliency planning.

It’s important to understand that the BIA isn’t a one-time exercise; rather, it’s an ongoing, evolving activity that redirects recovery priorities as the organization’s objectives and strategies change. Organizations don’t stand still.  They change constantly, with mergers and acquisitions, new products and services, geographic moves and evolving strategies. That’s why the BIA is never merely a “check the box” activity performed only to satisfy auditors. To realize the greatest value from it, you need to use it as a (Read more...)

*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Patrick Potter. Read the original post at: