Follow The Business Continuity Institute

​Death of the Business Impact Analysis?

Blog post   •   Aug 24, 2016 16:01 BST

What’s in a name? Acronyms, common parlance, methodologies, business name... all very useful things as they enable us to identify objects, process and aid communication.

The downside of these particular benefits in communication and identification are that they also provide boundaries which may in themselves be restrictive. And once this becomes ingrained in the business psyche, it is very difficult to disentangle.

Let’s take the humble Business Impact Analysis. Acknowledged by professionals as a key element in the end to end process of building a robust business continuity structure, it is a process; a step that has evolved over time from best practice and for very good reason. As such is it is now viewed as a distinct object, something that forms part of a wider process, is undertaken at a given point in that process, connects with other elements and is readily identifiable as such.

But some of our clients are starting to look at this particular element from another perspective. Question - if it is but one part of a BC work-flow process, why should it be undertaken often in glorious isolation? Isn’t the BC structure simply a process of gathering data, making value judgements to corporate methodologies based on the information revealed and then create an output in a form and format that can be used by individuals at time of need?

So, this data capture process can start at risk assessment, follow with impact analysis and then move on to the plan development and testing. Why should this not be done in one fluid workflow process as a single ‘entity’ rather than discrete sections? Why do we have this specific entity called a plan which may contain such a huge amount of information that it only confuses at time of need? Why does the BIA often form an entirely separate and disconnected entity, often languishing and forgotten, even though all parts of the structure are supported by the same data – indeed, clarity and accuracy of data is an absolute pre-requisite to an effective continuity programme. Why can’t we create our own break-points in the work-flow process and define access permissions/user controls to our own corporate methodologies, to suit our own internal best practices whilst maintaining consistency with external standards and best practice?

The answer is that yes, you can. For some this leap of faith makes sense and is embraced. For others, it is a bridge too far, at this point in time at least. ClearView enables clients to have single-entity management of process and some of our largest clients have recognised that this makes absolute sense. This is particularly appropriate for large, complex organizations where there are a large number of stakeholders, each with individual touch-points and requirements. So, for these organizations, there is no concept of a separate BIA per se. There is a single information capture process, the output of which is a simple, clear list of actions and key reference data/communication items that can be tested rigorously and which supports effective incident and crisis management through a range of devices.

In this new world, I see the information that I need to see and want to see. I am involved in the parts of the end to end process where I add value or need to make decisions. With a flexible role-based permissions structure I can create reports, undertake gap analysis, monitor compliance, view dependencies, manage and manipulate data in all parts of the BCM progamme. I see simple, clear outputs that help me at the real time of need during an incident.

And the counter side of this is that I don’t have to wade through information that I don’t need or want to see just because it is bound up in a huge unwieldy document or in different reference documents in disparate locations. Indeed, I don’t have the fear that information is inaccurate because it is drawn from multiple sources and then replicated in isolation, rather than originating from golden sources and being managed centrally. And I know that all of this information in a single entity means that it is actively managed in its entirety i.e. the BIA is not left, unloved, in isolation waiting for the next overdue review. And, of course, I don’t have to be either sitting in front of my desk or laptop or happen to be carrying a printed paper version of a plan when there is an incident because this is the way that it has always been done.

So, is this the death of the BIA? Well, let’s say a technological reincarnation …..

ClearView Continuity, provider of an award-winning Business Continuity Management software platform, are Platinum Sponsors of the BCI World Conference where you can visit them on Stand 43 to find out more of the software and arrange a demonstration. The BCI World Conference and Exhibition takes place on the 8th and 9th November at the Novotel London West Hotel. The largest business continuity conference and exhibition in the UK, BCI World has a packed programme as well as an exhibition hall promoting all the BC products and services you need. Don't miss out, book your place today.

Comments (0)

Add comment

Comment