By Jeff Fetherolf Business Impact Analysis (BIA) A process of having the business process owners, business subject matter experts, etc. identify the criticality of a business’ processes by assessing its Financial and operational / Intangible impacts as a result of unavailability. While completing a BIA for each business process these individuals will also identify the Applications and that support each business process. Application Impact Analysis (AIA) A process of having the an Information Technology (IT) individual assess the criticality, priority, etc. of an Application. Cost Benefit Analysis (CBA) The process of evaluating the Total Cost of Ownership (TCO) against the amount of Risk Reduction. 30 Days 07 Days 04 Days 03 Days 02 Days 24 Hours 08 Hours 02 Hours 04 Hours Recovery Time Time of Disaster 05 Min 15 Min 30 Min 45 Min 60 Min Recovery Time Objective (RTO): Organization’s Acceptable Amount of IT Absence Recovery Time Achievable (RTA): Based on Resources, Processes, etc., the true / realistic recovery time of the organization Time of Disaster 02 Hours 60 Min 45 Min 30 Min 15 Min 05 Min 24 Hours 08 Hours 04 Hours 02 Days 03 Days 04 Days 07 Days 30 Days Recovery Point Objective Recovery Point Objective (RPO): Organization’s Acceptable Amount of Data Loss Recovery Point Achievable (RPA): Based on Resources, Processes, etc., the true / realistic recovery point of the organization Process Mapping Data Mapping Business Impact Analysis Storage Mapping Asset Mapping • Identify each Department’s Business Processes • Identify the criticality of each Business Process • Identify the interdependencies between Business Processes and Departments • Identify the Data Elements (Variables) for each Application • Identify how the Data Elements are utilized with each Business Process • Identify how each Department utilizes the Data Elements • Identify the Criticality & Sensitivity of the Data Elements • Identify the required Storage to support the Recovery Time Objective requirements of the Business • Identify the location of the Critical and Sensitive Data • Identify, using Cost Benefit Analysis, the need to segregate Data by Tier • Identify the Hardware and Software (HW/SW) for each Application • Identify HW/SW utilized by each Business Process • Identify the criticality of HW/SW • Business Impact Analyses provide Business Processes’ and Applications’ Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) • Business Impact Analyses can also create a bridge between Business Processes, Data Elements, Storage, and Assets