ABSTRACT
Without question, business continuity planning (BCP) is a business process issue, not a technical one. In
fact, business continuity planning is a business process in itself. We understand that each time-critical
business process and support component of the enterprise must play a part during the development,
implementation, testing, and maintenance of the BCP process, and it is the results of the business impact
assessment (BIA) that will be used to make a case for further action. With these thoughts in mind, the
objective of this chapter is to discuss the BIA and the importance of identifying enterprise business
processes and standardizing a business process naming convention to facilitate an efficient BIA process.
In the past, business continuity planning has often been thought of as focusing simply on the recovery of
computer systems, often referred to as disaster recovery planning. Evolving experience in the field of
continuity planning has led us to understand that recovery of only information technology (IT) does not
promise the survival of an organizational following a serious disruption or disaster. Indeed, speedy
recovery of an IT function is useful only if the organizational business units themselves are able to
continue to operate, even at reduced efficiencies. That is, they must be in a position to communicate with
customers or clients, business partners, vendors, and the like; to receive and enter orders; to produce and
deliver goods and services; and to collect and book revenue. The most efficient approach toward ensuring
enterprise continuity is to anticipate and prepare continuity plans that not only include the IT
infrastructure but also begin with and focus attention on the organization’s time-critical business
processes and the resources that support those processes.