Checklist: Undertaking a business impact analysis
Undertaking a business impact analysis tasks
Gather relevant existing information, such as:
•
disruption scenarios;
•
emergency response management plan;
•
incident management plan;
•
pandemic plan; and
•
IT disaster recovery plan.
Consult key personnel and business units. Consider:
•
internal audit;
•
Information technology;
•
business areas;
•
risk management;
•
emergency response management;
•
building and facilities;
•
finance (and insurance);
•
occupational health and safety; and
•
external entities and organisations (for example, service providers, interdependencies, and
unions).
Evaluate the impacts of a loss of each critical process from the perspective of the entity’s
objectives. Consider:
•
financial;
•
customer service;
•
reputation;
•
legal/contractual;
•
regulatory;
•
work backlog;
•
health and safety;
•
environmental;
•
third party relationships and interdependencies; and
•
other categories (determined by the entity).
Identify interim processing procedures (alternative or manual processing) techniques to be
adopted during the recovery phase.
Determine the maximum tolerable period of disruption for each critical process.
Determine internal and external critical interdependencies.
Identify vital records.
Determine the recovery time objective for each critical business process and IT
system/application.
Completed
Yes/No
Undertaking a business impact analysis tasks
Determine the recovery point objective electronic data.
Estimate the time to overcome the backlog of work accumulated during a business disruption
event.
Obtain executive endorsement of the business impact analysis.
Completed
Yes/No