BusinessForward

Ryan Mulvaney, BusinessForward

As an IT leader it’s your responsibility to serve internal customers by enabling them to conduct business as usual.  But what is “usual” today?

Unlike the service-oriented posture of the past, you are most likely positioning yourself in a strategic way to provide the resources to innovate and stay relevant in the market. This can be a tall order at times, especially now with the landscape of lightening innovation and advances in technology.  There is no time to sit still and wait for your customers to call you in need.

Arguably, IT has become the most dynamic instrument of most companies. Infrastructure is the backbone of innovation. So it would stand to reason that ensuring seamless delivery in the event of a disaster would be a no-brainer. Yet despite this trend, organizations often cut corners when it comes to the due diligence around Business Continuity planning (BCP.) More specifically, they ignore the Business Impact Analysis (BIA), which is the logical first step in mapping responses to outage.

In my experience working with companies around the globe, this is a huge mistake. Time-pressed, resource-lean IT leaders have to understand these four reasons why investing in a BIA is a MUST:

1. You cannot support your customers if you do not understand what they need to stay functional.
2. It is very difficult to prioritize your BC/DR without a quantified impact guiding tough decisions.
3. You risk focusing too many resources on processes and technologies that are not critical.
4. There are many other uses for a BIA and the value and benefit created by them should motivate you to continuously maintain and update the document.

The BIA should not be solely be about recovery times and interruptions to the infrastructure or applications. The documentation for a BIA should be about the business and whatever needs to be addressed to make sure the organization is still functional in an emergent event.

We have tools to prioritize and communicate our plan. The conversation that you should be having with your business customers should focus on the impact to the business if functionality is lost. Quantifying this impact will go a long way during prioritization. Often these kind of conversations become political, where individuals with more clout than others will push to have their processes and applications rate at a higher priority. Here’s where your BIA serves an indisputable role. The hard data around productivity and financial impact remediates any power struggle.

The worst costs are costs that could have been avoided. We have seen many organizations spend excessive amounts of money backing up and focusing on systems with very low criticality. If you do not clearly understand the needs of the business you risk over-delivering in less important areas and under-delivering in the important ones.

This problem should stress three critical steps in creating your BIA:

• The first is the importance around engaging the business during your BIA efforts and truly gaining an understanding of their perspective around their needs and requirements
• The second is around focusing on the processes and not the tools, the criticality of the processes rarely changes while tools are re-purposed and used for different functions all of the time
• The third is the importance of keeping a BIA up to date, technology landscapes change all of the time and just because something was extremely critical the last time you conducted this exercise does not mean that it is still that critical

To me, the best part of the BIA is the ancillary benefit, in that it can be used for just about anything. As an IT organization its your job to serve and support your business customers-this is just the tool for you. Everything you do should be motivated by their needs and every decision you make should be guided by the potential impact to those needs. Whether you are creating a business continuity plan or you are switching ERP applications… Whether you are developing a disaster recovery strategy or moving to a cloud environment, you should have an understanding around how your actions can potentially impact the business. This is your responsibility and should be your focus.

The BIA should not be viewed as a tedious analysis and waste of time that is performed at the beginning of business continuity planning.

The BIA should not solely be looked at as a risk tool (even though it is a very important piece of risk assessment and mitigation.)

If used correctly the BIA can serve as a guideline for every decision you make and ensure that each decision ties to the needs and priorities of your customers. The analysis needs to be a living, breathing document that is forever changing and evolving just as the business does, just as your customers do and just as your technology landscape does.

Letting it go stale could result in making stale decisions.