BUSINESS
IMPACT
In this section, we take the potential risks that were identified during our analysis and work to predict the consequences of disruption to a business function and gather information needed to develop recovery strategies. We will then review this information to determine financial impact and formulate a Business Continuity Plan.
Evaluate Exposure
Taking the potential risks identified earlier, we will evaluate what the potential effects on business operations would be if those risks were realized. These would be things like Financial, Life/Safety, Regulatory, Legal/Contractual, Reputation dnd so forth. Then they get quantified in terms of lost productivity, system downtime, inaccessibility, etc.
Assess Financial Impact
Based on the previous actions, we now know what the probable risks are and what the business impact would likely be. In this activity, we will estimate the financial impact of these events. The value of this activity is awareness and prioritization. Using this information to communicate to the business what the financial exposure is helps to justify the time and resources needed to prepare. This information can also be used to prioritize which of the risks should be focused on first based on the magnitude of impact.
Document Findings
At this point we will formally document the risk, exposure and financial impact and use the documentation for internal (and external if necessary) about the true nature of business risk, areas of exposure and the quantified impact of emergency events. These conversations provide a basis for decisions and actions moving forward.
Develop Plan
The Business Continuity Plan (BCP) is the documentation of the strategy to mitigate and respond to the threats and risks facing your organization, with an eye on ensuring that personnel and assets are protected and able to function in the event of a disaster. The plan itself is the culmination of all the previous work and serves to define potential risks, determine how those risks will affect operations, guide the implementation of safeguards and procedures designed to mitigate those risks, testing those procedures to ensure they work, and periodically reviewing the plan to make sure that it is relevent.