•In this phase, identification of the potential impact ofuncontrolled non specific events on the institutions businessprocesses and outcomes. Consideration of all departments andbusiness functions not just data processing and estimation ofmaximum allowable downtime and acceptable level of data andfinancial losses.
•To perform this phase successfully, one should obtain anunderstanding of the organization, key business processes, andIT resource used by the organization to support the keybusiness process.
•The criticality of the information resources (e.g. applications,data, networks, system software) that support an organization’sbusiness processes must be established with seniormanagement approval.
•Approaches to perform a BIA
–Questionnaire
–Interview group of key users
–Discuss with IT staff and end users together