Business Continuity Management System (BCMS) Business Impact Analysis (BIA) Understanding the Business Impact Criticality / Materiality

Business continuity plan involves the employment of time and resources in analysing the functions within the organization, and thus assess their criticality. First of all, it is crucial to analyse critical and essential functions of the business.

Criticality and Materiality are a term haphazardly used in business. How is this measured and how does this make that everyone knows and understand the importance of Criticality and Materiality.

There is the possibility of delaying the process of dealing with necessary and desirable functions until later stages of business recovery.

Understanding Business Impact Criticality / Materiality

There are four (4) Criticality Impacts which needs to be addressed. These four criticality functions are described below:

Mission-Critical Functions

This includes the functions within the organization that play the greatest role on operations and potential for recovery.

The functions that must be present in order for the business to continue existing are the mission-critical functions. One possible way for organizations to make their members focus on mission-critical functions is to ask them what are the three to five things that such members would do if their department encountered a business disruption.

By following such a method, a clear view of the mission-critical business functions in each department is provided. For instance, from an IT perspective, the network system or application outage are the

mission-critical functions that if damaged would place the existence of the organization in a high danger predicament. The recovery time provided for such mission-critical functions is very low, usually expressed in hours.

Vital (Essential) Functions

There are certain functions that are extremely important but should be addressed immediately after the mission-critical functions. For instance, the payroll may be considered vital or essential, which is not necessarily the one function that can bring the business immediately back up after disruption, but it is vital for the capacity to function after the disaster recovery stage.

Note:

There are organizations that do not distinguish between mission-critical and vital or essential function. Those particular organizations are not forced into using this category. They may end up with just three categories: mission-critical, important and minor.

Important Functions

Such functions do not stop the business from operating in the near term, but if not present in the long-term, may have impact on the way the organization preforms as a whole. For instance, from IT perspective, important functions are e-mails, internet access, or databases that are employed to support business functions. The tolerable time for such functions to recover is usually measured in days or weeks.

Minor Functions

Minor business processes are not usually required in the near-term and during business operations recovery; however, they need to be recovered over the longer term.

Minor functions can disappear after certain disruptions, and the organizations do not need to get worried if this happens. In the eyes of many, business disruptions can positively impact these minor business functions, as they may be revised and improved after a disruption.

The Way forward: For Professionals, By Professionals

Crest Advisory Africa (Pty) Ltd is an internationally recognised and accredited Training, Advisory Services and Management System Certification (MSC) entity specialising in Management Systems, whether ISO (Internationally), to King IV or Sorbian Oxley (SOX).

CAA is a Platinum Accredited Partner of the Professional Evaluation and Certification Board (PECB), based in Canada, under licence of the International Accreditation Service (IAS) (California). This Elite status and accreditation represent the professionality CAA addresses every assignment.

We provide all the various end to end services to drive business, which includes a variety of Management System Toolkits, specifically designed for each standard.

Contact Crest Advisory Africa (Pty) Ltd

CAA can be contact on:

Email Nico@crestadvisoryafrica.com Nico Snyman
Mobile 0764034307 Nico Snyman
Telephone: Office 010 447 3540  

Table of Contents

About the Author

Nico Snyman
Founder and CEO at Crest Advisory Africa (Pty) Ltd Nico Snyman is the Founder and Chief Executive Officer (CEO) of Crest Advisory Africa (Pty) Ltd since June 2014, based in Johannesburg, South Africa. Nico has an MBA, specializing in Total Quality Management (TQM) and is an internationally Certified Management System Auditor with PECB. Nico is also a PECB-certified Senior Lead Auditor for 19 ISO standards. With over 35 years of experience in various disciplines, Nico has a vast subject matter expertise (SME) base across various industries, from government, corporate, regulators, banks, mines, medical schemes, etc. He served as a Brigadier in the South African Police Service (SAPS), an Executive on the biggest global project between 2007 and 2011, the Gautrain Project, and as an Executive, was instrumental to the establishment of the Bombela Operating Company (BOC) between 2009 and 2013.