Critical functions Identification
Identify your organization's critical functions and what's needed to keep them running or restore them quickly. Think about the scope of your business continuity program and the potential impact of a disruption on these functions over time.
Resources and Requirements
What resources and requirements are necessary to maintain your essential operations? Consider:
- People and their skills
- Facilities
- Supplies and equipment
- Information
- Technology (systems, applications)
- Vendors of goods and services.
Business Impact Analysis
Business continuity professionals use a technique called business impact analysis (BIA) to identify business continuity requirements. BIA can capture varying levels of detail, depending on the organization's needs and the stage of implementation of the program.
In a BIA:
- Identify the requirements to deliver the function
- Assess the impact of a disruption to the function and related timeframes:
- At what point would the impact be unacceptable (maximum tolerable period of disruption)?
- What is the recovery time objective?
- When do the identified requirements need to be available to achieve the RTO?
- Identify any other internal or external people, services, or suppliers that the function depends on
- Determine how critical the function is over time.
Risk Assessment
Carry out a business impact analysis that includes a risk assessment to identify and quantify the risk of disruption to the function, as well as the requirements it needs. Collaborate with your organisation's risk management team to implement the assessment. Remember to review any risks and mitigating measures your organisation has already identified.
Take an organisation-wide perspective when collating and reviewing the information from the analysis. Consider the interdependencies between functions, as well as the shared requirements across your organisation.