Using the Business Impact Analysis

Hi all, I’m Tom Easthope, Sr. Program Manager on the Enterprise Business Continuity team at Microsoft. This blog entry is a companion to the video interview about a key component of our business continuity methodology – the Business Impact Assessment or BIA.

The BIA is a foundation tool in BCM program as it provides both qualitative and quantitative measures of impact to a company in the event of a business process disruption. The BIA is a key component of a BCM program as it creates a more holistic or “business driven” perspective which differentiates business continuity from the more IT centric disaster recovery processes. The BIA also creates an enterprise wide standard or common taxonomy across business units which help to align cross organizational collaboration activities as well facilitate reporting at an enterprise level.

At Microsoft, the BIA understandably is a key engagement point for our BCM program. Each BIA session is facilitated by a certified professional in our enterprise program office or in one of the “embedded” teams in our business units. Our BIA evaluates criticality along two dimensions:

1. Time

2. Impact across six categories: (Revenue, Customer Partner/Experience, 3rd Parties, Legal/Regulatory, Workforce and Brand/Shareholder)

The BIA and the larger BCM program are aided at Microsoft by several governance organizations that provide leadership on setting enterprise wide standards to providing feedback on the company implementation of the BIA. These groups provide organizational credibility; reflect ongoing commitment and accountability of results – all key criteria for any successful enterprise program.

One less obvious benefit of the BIA is that it serves as a great business justification tool. For example, in resource constrained situations such as the current economic environment, the BIA can be a great tool to align investment priorities with those organizational functions that are most critical to the business and its stakeholders.

For this reason it is important to keep BIA assessments current. The pace of business is accelerating and today’s emerging products or functions can quickly become tomorrow’s category leading product or primary cost cutting strategy. Only a current BIA can fundamentally integrate these emerging areas into the mainstream of a business continuity program and deliver on the organizational resiliency expectations of our customers and stakeholders.

In our next blog posting we’ll spend some time on the Technical Dependency Analysis function in our EBCM program that will compliment, my colleague, Kevin Harris’s video on the subject.

 

-Tom Easthope

Senior Program Manager, Enterprise Business Continuity

Microsoft Information Security