Skip to content

Business Impact Analysis (BIA) in BCM – Overview & Getting Started🔗

UI Note

In the platform, the tile label "Business Impact Analysis" (English) is used.

The Business Impact Analysis (BIA) is the core of the BCM module. It answers the question:

Which processes are critical, and how severe are the impacts if they fail over a certain period of time?

The BIA in the BCM module is typically structured into four steps:

  1. BIA Pre-filtering – initial classification of processes and pre-selection of what should be considered.
  2. BIA Configuration (House Rules) – definition of time horizons, damage scenarios, and assessment scales.
  3. BIA Assessment – detailed assessment of the impact of a failure per process.
  4. Target/Actual Comparison & Reporting – comparison of defined objectives with the current implementation status.

Depending on the system configuration, the tiles may be named, for example:

  • "BIA – Pre-filtering"
  • "BIA – Configuration"
  • "BIA – Assessment"
  • "BIA – Target/Actual Comparison"

Prerequisites🔗

For the BIA to be used effectively, the following should be in place beforehand:

  • Processes should be maintained in the My Organisation area,
  • Relevant assets and service providers should be linked to processes,
  • The scope in BCM should be defined and linked (see Scope).

The better this foundation is maintained, the more meaningful your BIA results will be.

BIA Pre-filtering – What Is Actually Considered?🔗

In the BIA Pre-filtering you make an initial decision about which processes are BCM-critical:

  • For each process you answer simple questions (e.g. regulatory relevance, customer relevance, security requirements).
  • Based on these answers, a process is flagged as critical or non-critical.
  • You can adjust the classification manually if you have a different professional assessment.

The goal is to focus on the truly relevant processes in the detailed BIA.

BIA Configuration – Your House Rules🔗

In the BIA Configuration you define the ground rules for your assessment:

  • Damage potentials (e.g. low, medium, high, very high)
  • Time horizons (e.g. 2h, 4h, 8h, 24h, 3 days, 7 days)
  • Damage scenarios (e.g. financial impact, legal impact, reputational damage, security relevance)

This configuration then serves as the "house rule" for all BIA assessments and is reflected in the matrix or chart views.

Details can be found in BIA – Configuration.

BIA Assessment – Impacts and Objectives per Process🔗

In the BIA Assessment things get concrete:

  • For each process you assess how a failure develops over time across the defined scenarios.
  • You derive recovery objectives (e.g. RTO, MTPD, emergency operating level).
  • Dependencies (assets, service providers, upstream processes) become visible and can be marked as SPOF.

You document the assessments per process — in a professionally understandable and auditable manner.

More details in BIA – Assessment (Processes & Objectives).

Target/Actual Comparison & Reporting🔗

In the Target/Actual Comparison you compare the target values defined in the BIA with the current implementation status:

  • Which processes have defined RTO/MTPD values?
  • Where do appropriate strategies and plans already exist?
  • Where are gaps that need to be closed through measures or projects?

This view is particularly suited for:

  • Management reports,
  • BCM programme steering,
  • Preparation for audits and certifications.

Details can be found in BIA – Target/Actual Comparison & Reporting.

Interaction with Risk Management and Strategies🔗

The results of the BIA serve as:

  • Input for BCM risk management (prioritisation of risks and measures),
  • Foundation for strategies and plans (which process needs to be operational again by when),
  • Reference point for audit management and reporting.

This makes the BIA the connecting element between inventory, BCM risks, and concrete emergency and recovery strategies.