Having compiled and agreed the register of risks that may have an adverse affect on the company's resources, the next stage of work is to conduct a Business Impact Analysis (BIA).

The BIA is a management level analysis which identifies the impacts of losing company resources. The BIA measures the effect of resource loss and escalating losses over time in order to provide senior management with reliable data upon which to base decisions on risk mitigation and continuity planning.

1. Business Impact Assessment

The Business Impact Analysis (BIA) provides a quantified and prioritised analysis of how the risks identified in the Risk Assessment could affect the organisation's operations and what capabilities would be required to manage them.

The steps in this BIA process are:

• Engaging the management and staff
• Confirming the critical business functions
• Identifying the key resources
• Establishing the interdependencies, internal and external
• Determining the disruption impacts
• Identifying the maximum acceptable outage times and recovery objectives
• Identifying alternate workarounds and processes
• Confirm current levels of preparedness

2. Reaction to a Crisis Event

The reaction to an adverse event can be considered as three overlapping phases;

Emergency Response - this is primarily directed towards the protection of people and assets and stabilization of the business. For example, your fire evacuation procedure may be part of this.

The time between what you consider to be the longest time the business can be out of action (MAO) without acceptable damage, and the time that it is actually possible to achieve recovery of critical processes (RTO) is your danger area.