Practical, Cost Effective and award-winning

Business Continuity, Crisis Management & Information Security Solutions


0800 035 1231 (Mon to Fri 9am – 5pm)

Suite 3, The Cotton Mill, Torr Vale Mills, New Mills, Derbyshire, SK22 4HS, UK

Business Impact Analysis

Business Impact AnalysisThe Business Impact Analysis (BIA) is one of the most important, and least well understood, stages of the Business Continuity Management Lifecycle. Cambridge Risk Solutions can demystify the process and ensure that your Business Continuity programme is built on a solid foundation.

The Business Impact Analysis, together with the Risk Assessment, informs the Business Continuity strategy and provides the basis for developing detailed plans; specifically it:

  • Identifies the activities that support the organisation’s key products and services;
  • Identifies impacts resulting from the disruption to these activities and determines how these vary over time;
  • Establishes the maximum tolerable period of disruption for each activity;
  • Identifies all dependencies relevant to the critical activities including suppliers and outsource partners;
  • Sets Recovery Time Objectives; and
  • Estimates the resources required for resumption.

Identifying Activities

The first stage of the Business Impact Analysis involves identifying all the activities that are necessary to deliver the organisation’s key products and services to customers or service users. Organisations usually have a good understanding of their core processes (eg manufacturing operations) but often overlook the crucial administrative and ‘back office’ functions that support these.

Estimating Impacts

Impacts can be felt in a number of ways, including:

  • Direct and indirect costs;
  • Damage to the reputation of the organisation; and
  • Legal or regulatory impacts.

The impact of the loss of each of the activities identified above needs to be estimated as a function of time.

Planning for Recovery

Estimating the impacts over time leads to a natural prioritisation of activities from which it is possible to start planning for recovery. The final stage of the Business Impact Analysis consists of calculating the resources (including people, equipment, IT systems and workspace) required to recover each activity to an adequate level within an appropriate timescale to avoid serious, long-term damage to the organisation.

Follow the link to see a Business Impact Analysis case study.

Get In Touch

We are always happy to answer any questions you may have, please either contact us by telephone, or by filling in the form below.

Please ensure that you do not divulge any sensitive data as this webpage is not secure.

When we decided to go for accreditation to BS25999, we knew we would need outside help. We chose Cambridge Risk because they represented the best balance of professionalism and pragmatism.

more testimonials

  • Business Continuity Planning

    Effective planning that takes into account risk evaluation and business impact analysis, supported by clear and concise crisis management. We work with you to develop user-friendly plans.

  • Business Impact Analysis

    The Business Impact Analysis (BIA) is one of the most important, and least well understood, stages of the Business Continuity Management Lifecycle; we can assist with your BIA.

  • Training and Exercising

    No Business Continuity Management programme is effective without a significant element of training. Moreover, ongoing Crisis Management training and exercising is key. We can provide objective training and exercising.

  • Risk Evaluation and Control

    Risk evaluation and treatment provide a process to identify, prioritise and managing your risks. Cambridge Risk Solutions can assist with risk management for business operational and information security risks.

  • Statement of Applicability

    Which controls do you need to have in place? How do you link your risk assessment process into your SoA? How do you ensure that you have effective controls in place? We can assist with your SoA.

  • Integrated Management Systems

    Management Systems assist with your on-going management, maintenance and continual improvement. We work with you to develop a fully integrated management system, enabling certification to ISO 22301 and ISO 27001.