Introduction

A Business Impact Assessment (BIA) articulates the component restoration priorities that an interruption in service may have on an information system, application, or network. If you have a group of systems that include Web servers, directory servers, application servers, file servers, firewalls, DNS servers, and authentication servers, and your facility suffered an unprecedented disaster, which one would you try to restore first? Do you know?

An interruption in service could be as minor as a power outage, or as catastrophic as a bomb. In either case, at that time you, the system, and network support group will have enough anxiety without having to think about which system to restore first. A BIA is all about removing some of that anxiety, so that systems administration staff can just go down a list of relative priorities and get to work without having to spend time figuring out which systems should be restored first. By planning for a recovery before you need to orchestrate one, you can more efficiently manage your recovery effort. Planning for a recovery up front also more effectively provides assurances for the continuity of your agency s mission.

In a C&A package, most of the time the evaluation team expects to see the BIA as one of the appendices of the Contingency Plan. When I write a Contingency Plan, I often like to have the BIA in front of me as a snapshot of what s important,...