Business Impact Analysis (BIA)

General Information

A business impact analysis (BIA) is the first process of business continuity planning. Fundamentally, the business impact analysis allows us to learn how the college functions on a day-to-day basis — or during ‘business as usual’.   The data collected during the BIA process allows us to analyze the potential risks (or vulnerabilities) to our critical processes as well as evaluate how a disruption could impact the college. The BIA is the nucleus of business continuity planning.

During a business impact analysis (BIA), the impacts of a disruption on critical processes are identified. The BIA findings are intended to assist management in evaluating critical issues and determining priorities, such as:

• What are the priorities for the resumption of operations among Central Piedmont’s critical processes?
• How soon must time-sensitive operations resume avoiding significant adverse impacts to Central Piedmont and your students/faculty/staff?
• What specific resources are required to support time-sensitive operations?
• What are the supporting applications and dependencies, the key third parties, and associated vital records?
• What is the potential for financial and operational impacts after an interruption or disruption?

The BIA provides a snapshot of operations at a specific point in time. The information collected through this process is intended to help management identify what the Departments/function consider is the maximum amount of time their critical processes can be inoperable.

Essential Components of the BIA

• Critical business process
• Vital records
• Internal and external dependencies 
• Human capital requirements 
• Technology requirements 
• Process recovery

Data collection methods include stakeholder interviews, BIA questionnaire forms, and workshops.  The following sources were considered during the BIA process:

Data Collection

• Vision, Mission and Value Statements
• Organizational Chart
• Compliance Mandates
• All Hazards Emergency Response Plan
• Disaster Recovery Plan (Information Technology)

Approach

1. Identify and confirm each department/function that will need a BIA.
2. Update and incorporate the collected information.
3. Conduct stakeholder interviews to confirm critical information.
4. Confirm, validate/gather critical information, and communicate with department/function.
5. Collate the mitigation strategies (i.e., site, systems, people, relationships), and identify and communicate any gaps (e.g., lack of workaround).
6. Review, discuss, and confirm the technology requirements with ITaRS.
7. Develop the draft BCP in consultation with key personnel.
8. Align and integrate with the overall emergency response structure (e.g., AHERP and DRP)
9. Develop a process to measure the performance of the BCP as a result of incidents.
10. Identify the requirements for implementing through exercising and training.