Chapter 12. Mitigating Risk with a Business Impact Analysis

AN IMPORTANT PART of a business continuity plan (BCP) is a business impact analysis (BIA). The BIA is largely a data collection process. You can gather data through several methods. These include interviews, surveys, meetings, and more. After the data is collected, you can analyze it to determine which functions and resources are critical.

Once you've identified the critical functions and resources, you can identify acceptable outage times. The maximum acceptable outage (MAO) for a resource drives the recovery objectives. The two primary recovery objectives to focus on are recovery time objectives (RTOs) and recovery point objectives (RPOs).

Get Managing Risk in Information Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.