Recovery PointRecovery Point Recovery TimeRecovery Time
Storage Management Costs
• “An Enterprise Spends $3 Managing Storage For Every $1 Spent On Storage Hardware”
0%
20%
40%
60%
80%
100%
Time
IT B
udge
t
Hardware
Software
Labor
Gartner, Nov 2001
What is Business Impact Analysis?
• A technique for identifying both tangible and intangible impacts on a business process, function or department usually over time, based on given criticalities.
• It provides senior management with the information to devise a recovery strategy and recovery prioritization.
• Provides supporting data to define an appropriate DR program budget.
Business Impact Analysis
• Identifies who and what are vital to the business’s survival.– Internal – suppliers, customers, shareholders, IT
systems, manufacturing processes.– External – government departments, regulators, trade
bodies, competitors, pressure groups.
• Evaluates recover priorities and time scales.– Criticality of each function to business survival.
• Assesses the potential cost of disaster.– Direct and indirect costs of loss of service capability.
Business Impact Analysis
• Identifies the high risk areas of the existing infrastructure– Single points of failure– Recovery time limitations
• For IT systems in particular:– Identifies the business critical applications and the
systems they run on.– Identifies the areas of vulnerability within the
environment.
Business Impact Analysis
• Focuses on the delivered service:– Business applications: CRM, order processing, dispatch, billing
etc.– Internal applications: pay roll, HR etc.– Communications: e-mail, web sites etc.
• IT may have become the business.• How does not having the capability affect the
business?– Is the application critical to the business?– Is the function duplicated elsewhere– What viable alternatives exist?
Costs of a Disaster• Loss of vital records• Fee collection• License issuance• Welfare delivery• Child protection• Police protection• Brand image recovery• Loss of share value • Loss of interest on overnight
balances; cost of interest on lost cash flow
• Delays in customer accounting, accounts receivable and billing/invoicing
• Loss of control over debtors• Loss of credit control and
increased bad debt.• Delayed achievement of
benefits of profits from new projects or products
• Cost of replacement of buildings and plant
Costs of a Disaster (cont’d)• Loss of revenue for service
contracts from failure to provide service or meet service levels
• Lost ability to respond to contract opportunities
• Penalties from failure to produce annual accounts or produce timely tax payments
• Where company share value underpins loan facilities, share prices could drop and loans be called in or be re-rated at higher interest levels.
• Cost of replacing equipment• Cost of replacing software• Salaries paid to staff unable to
undertake billable work• Salaries paid to staff to recover
work backlog and maintain deadlines
• Cost of re-creation and recovery of lost data
• Loss of cash flow• Interest value on deferred
billings
Costs of a Disaster (cont’d)
• Penalty clauses invoked for late delivery and failure to meet Service Levels
• Loss of customers (lifetime value of each) and market share
• Loss of profits• Additional cost of credit through
reduced credit rating• Recruitment costs for new staff
on staff turnover
• Training / retraining costs for staff
• Fines and penalties for non-compliance
• Liability claims• Additional cost of advertising,
PR and marketing to reassure customers and prospects to retain market share
• Additional cost of working; administrative costs; travel and subsistence etc.
Disaster Costs Summary
Lost Revenue• Direct Loss
• Compensatory Payments
• Lost Future Revenues
• Investment Loss
Productivity Loss• Number of Fully Burdened
Employee impacted
Damaged Reputation • Customer, Suppliers,
Partners, Banks, Financial Markets
• Credit Ratings
Delayed Collections• Billing Losses
• Missed Discounts
Extra Expense• Cost to Recover
• Overtime Expense
• Increased Fraud Risk
• Increased Error Rate
• Travel Expenses
• Temporary Employees
Penalties • Contractual
• Regulatory
• Legal
DRI International
Disaster Recovery Benefits
• Reducing legal liability
• Minimizing potential economic loss
• Decreasing potential exposure
• Reducing the probability of a disaster occurrence
• Reducing disruption to normal operations
• Ensuring organizational stability
• Ensuring orderly recovery
Disaster Recovery Benefits
• Minimizing insurance premiums
• Reducing reliance on key personnel
• Increasing asset protection
• Ensuring safety of personnel and customers
• Complying with legal, statutory, and regulatory requirements
Business Impact Analysis Benefits
• Helps business and IT identify and prioritize critical systems and applications as they support business functions.
• Helps identify and define recovery priorities.• Determines the cost of downtime which will
help define a reasonable DR budget.• Provides hard data to present to management
to justify the DR budget.
What about my Y2K plans?
• It’s 3 years old now.• Your business priorities have changed.• Your environment has changed.
– More systems, more data, more sites, more critical applications, more services to provide.
– Fewer people who generally have less time to take systems down for maintenance and system administration.
– Your support environment may have well changed too.
What about my Y2K plans?
• Y2K plans generally did not address cost issues of an outage.
• Y2K plans do not provide the necessary prioritized cost justification data (that a Business Impact Analysis would) in order for senior management to make informed decisions on implementing disaster recovery technologies.
Business Impact of No BIA
• “CIOs who fail to conduct a business impact analysis risk over-committing or under-investing resources in disaster prevention and contingent recovery operations. ”
META Group
Bottom Line
• “Savvy CIOs address disaster recovery requirements by leading with a business impact analysis to balance risks with the cost of disaster prevention/mitigation controls and contingent solutions.”
