Redefining the BIA
By Geary Sikich
If we agree on the basic premise that business continuity can be defined as sustaining what is critical to the enterprise’s survivability during periods of discontinuity; then we must recognize that the activity known as the business impact assessment / analysis (BIA) needs to be redefined.
The BIA, as currently practiced does not necessarily achieve the following:
I posit a two-phase BIA framework consisting of a pre-event general analysis and a post-event identification and assessment of business impacts and potential consequences for the enterprise.
Events are nonlinear and therefore carry uncertain outcomes. As a result, traditional pre-event BIAs are of little value when conducted using concepts such as mission critical, recovery time objectives, recovery point objectives, etc. Events evolve; the elements of randomness and nonlinearity create opaqueness (opacity: the quality of being difficult to understand or explain) that a traditional BIA underestimates.
Pre-event general analysis: points and questions to address in a BIA
Post-event impact and consequence analysis: points and questions to address in a BIA
The second phase BIA focuses on the evolving situation (nonlinearity, uncertain outcomes, etc.) – identification and assessment of business impacts and potential consequences for the enterprise as they are unfolding. We rarely make a credible attempt to identify post-incident impacts and consequences in any significant detail. So, re-entry, recovery, restoration and resumption of operations are often skimmed over or ignored in the traditional BIA process.
Below are key areas for an ‘active analysis’ framework:
Each of these elements would be constantly assessed as part of an ‘active analysis’ post-event BIA framework to determine the potential impact of loss or degradation to the enterprise and its networks. The above is an example and is not meant to be exhaustive. In the post-event environment you will have to be creative and you will have to be responsive.
When it comes to building your BIA program, focusing on survivability is the right approach, provided you have thoroughly done your homework and understand what survivability means to the organization. Post-event opacity will produce numerous situations that challenge survivability. Just looking in the rearview mirror of the traditional BIA can result in confusion, chaos and unintended consequences.
About the author
Geary is well-versed in contingency planning, risk management, human resource development, ‘war gaming,’ as well as competitive intelligence, issues analysis, global strategy and identification of transparent vulnerabilities.
A well-known author, Geary’s books and articles are readily available on Amazon, Barnes & Noble and the Internet.
MAKE A COMMENT
Apgar, David, Risk Intelligence – Learning to Manage What We Don’t Know, Harvard Business School Press, 2006.
Davis, Stanley M., Christopher Meyer, Blur: The Speed of Change in the Connected Economy, (1998).
Jones, Milo and Silberzahn, Philippe, Constructing Cassandra: Reframing Intelligence Failure at the CIA, 1947–2001, Stanford Security Studies (August 21, 2013) ISBN-10: 0804785805, ISBN-13: 978-0804785808
Kami, Michael J., “Trigger Points: how to make decisions three times faster,” 1988, McGraw-Hill, ISBN 0-07-033219-3
Klein, Gary, “Sources of Power: How People Make Decisions,” 1998, MIT Press, ISBN 13 978-0-262-11227-7
Sikich, Geary W., Graceful Degradation and Agile Restoration Synopsis, Disaster Resource Guide, 2002
Sikich, Geary W., "Integrated Business Continuity: Maintaining Resilience in Times of Uncertainty," PennWell Publishing, 2003
Sikich, Geary W., "Risk and Compliance: Are you driving the car while looking in the rearview mirror?” 2013
Sikich, Geary W., "Risk and the Limitations of Knowledge” 2014
Tainter, Joseph, “The Collapse of Complex Societies,” Cambridge University Press (March 30, 1990), ISBN-10: 052138673X, ISBN-13: 978-0521386739
Taleb, Nicholas Nassim, “The Black Swan: The Impact of the Highly Improbable,” 2007, Random House – ISBN 978-1-4000-6351-2, 2nd Edition 2010, Random House – ISBN 978-0-8129-7381-5
Taleb, Nicholas Nassim, Fooled by Randomness: The Hidden Role of Chance in Life and in the Markets, 2005, Updated edition (October 14, 2008) Random House – ISBN-13: 978-1400067930
Taleb, N.N., “Common Errors in Interpreting the Ideas of The Black Swan and Associated Papers;” NYU Poly Institute October 18, 2009
Taleb, Nicholas Nassim, “Antifragile: Things that gain from disorder,” 2012, Random House – ISBN 978-1-4000-6782-4
•Date: 10th February 2014 • US/World •Type: Article • Topic: BC general