Professional Documents
Culture Documents
Business Impact Analysis 2020
Business Impact Analysis 2020
Impact
Analysis
Business Name:
Date of Report:
Disclaimer
This template is provided by Safety Forward as general information about carrying out a
Business Impact Analysis. It is not intended to replace detailed guidance and planning
specific to you and your business/organisation. You should consider whether you need to
obtain this. To the extent permitted by law, Safety Forward excludes any liability arising
from the use of this template either in part/full.
Business Impact Analysis -V.1
Contents
Section 10 Recommendations
Page | 1
Business Impact Analysis -V.1
Date of Analysis:
Document Control
Date Revision/ Amendment Details & Reason Author
Signed
Page | 2
Business Impact Analysis -V.1
Page | 3
Business Impact Analysis -V.1
Structure Chart
*[Please insert current departmental/organisational structure chart, (if available) which shows a brief description of the position of this
Business in the departmental structure. The reason for gathering this information is that is ensures that information for a particular aspect of
your organisation is not forgotten in error as you go through the Business Continuity Planning process.]
Page | 4
Business Impact Analysis -V.1
[Information like this is useful because it can help identify alternative premises or ways of working that might be available to your organisation, particularly if it
operates from more than one building. If you have more than one site, you might want to think about multiple business continuity plans that are site-specific.]
1. Location
Details of
alternative working
arrangements that
are in place
2. Location
Details of
alternative working
arrangements that
are in place
3. Location
Details of
alternative working
arrangements that
are in place
Page | 5
Business Impact Analysis -V.1
Stakeholder Name Relationship to function (tick all that apply) Comments e.g. if
relevant for a
External
Internal
Board
Director
Accountant
Key suppliers
Key clients
Page | 6
Business Impact Analysis -V.1
Functions Involved
*[What functions in your business/service are involved in delivering this overall aim? What is the outcome/end result of the function being
delivered? Think of a function as being an aspect of your whole business that, combined with other functions enables the overall aim to be
achieved]
1.2 1 2 3 4 5
1.3 1 2 3 4 5
1.4 1 2 3 4 5
Page | 7
5
Function Ref No. Priority Rating 1 2 3 4
Low
High
Very Low
Moderate
Very High
Impact Assessment
Specific Impact Impact over time: Tick where & when Comments/justification
of Disruption you consider serious impact will occur (where an impact over time has been identified)
Business Impact Analysis -V.1
[Give some further information about why you have decided upon the’
[The categories here are just [The times below are just a suggestion and you will need to change
impact over time rating’ that you have assigned.]
suggestions and you will need them to meet your needs]
to change them to meet your
needs. What is useful is to
assess each function against
the same impact headings]
1 Day
3 Days
1 Hour
1 Week
3 Hours
1 Month
function/activity, complete additional continuation sheets for each function.]
Reputation
Negligible/None
Financial Loss
Legal
Issues/Regulatory
Impact
Customer/Client
Impact
*[This section asks you to describe the impact of not delivering each of the business functions you identified above. If your organisation has more than 1 critical
Page | 8
Business Impact Analysis -V.1
[For the different systems used by your organisation, it useful to consider the RPO. This describes the point in time to which data must be restored in order to be
acceptable to the owner(s) of the processes supported by that data. This is often thought of as the time between the last available backup and the time a
disruption could potentially occur. The RPO is established based on the agreed tolerance for loss of data or re-entering of data.]
Key
B Last back-up (generally the previous close of business)
R Replication (intraday)
K Last Keystroke (real-time)
F Functionality only (data backup not required)
Page | 9
Business Impact Analysis -V.1
Resource Requirements
*[This section asks you to list the resources required to restore a function against what you normally use. Then, when you are planning you can ensure that you
have available or can quickly obtain the resources that are needed to restore the function. It is useful to communicate any relevant findings of this section with IT
service providers (either internal or external) to help specify your technology requirements and the service levels you would expect in a recovery situation. You
can add/remove resource types according to the needs of your organisation.]
resource? Write the word
What kind of contingency
High
Impact upon the
function if this
unavailable
resource is
Medium
Low
1 Month
Requirement by timescale in the
1 Week
3 Days
event of a disruption
1 Day
3 Hours
1 Hour
Requirement
Normal
Specialist IT applications
Specialist equipment
Resource Type
frontline service)
Networked PC’ s
Internet Access
Mobile Phones
Work Vehicles
Office Space
Car Parking
Telephone)
Landlines
Laptops
Other
Staff
Data
Page | 10
Business Impact Analysis -V.1
Resource e.g.
specially trained
Back up
staff, a supplier, a
arrangements in Suggestions for
Name of Function Responsible Person piece of equipment
place (state whether improving resilience
etc that the function
formal or informal)
could not operate
without
E.g. telephone contact Joe Bloggs Switchboard System Recovery site options Enter into formal
centre identified agreement with recovery
site operator
Page | 11
Business Impact Analysis -V.1
[You may only wish to complete Section 8 and Section 9 if they are relevant to the structure of your organisation.]
Page | 12
Business Impact Analysis -V.1
High Risks: List the risks that have been identified as high for your organisation/ department
and how these have been managed or treated.
Your risk
Details of how the risk has been
register Description of risk
managed/treated
reference
Page | 13
Business Impact Analysis -V.1
What is the current position with business continuity planning within the organisation?
(e.g. plan up to date, needs revision etc)
What is the current position with business continuity plan testing within the organisation?
(e.g. date plan test carried out, recommendations implemented etc)
Page | 14
Business Impact Analysis -V.1
Once your BIA has been completed, it may be useful to agree the review process. Senior
Management should be involved in reviewing the BIA within a specific timescale. This
ensures that:
In the ‘sign-off’ stage of the BIA, IT requirements should also be discussed i.e. the required
timescales for recovery of key IT systems. Both the organisation and the IT provider need to
have a clear understanding of timescales and expectations so that a mutual agreement can
be developed.
Page | 15