Business Continuity Management System (BCMS) Business Impact Analysis (BIA) Understanding the Business Impact Criticality / Materiality

Business continuity plan involves the employment of time and resources in analysing the functions within the organization, and thus assess their criticality. First of all, it is crucial to analyse critical and essential functions of the business.

Criticality and Materiality are a term haphazardly used in business. How is this measured and how does this make that everyone knows and understand the importance of Criticality and Materiality.

There is the possibility of delaying the process of dealing with necessary and desirable functions until later stages of business recovery.

Understanding Business Impact Criticality / Materiality

There are four (4) Criticality Impacts which needs to be addressed. These four criticality functions are described below:

Mission-Critical Functions

This includes the functions within the organization that play the greatest role on operations and potential for recovery.

The functions that must be present in order for the business to continue existing are the mission-critical functions. One possible way for organizations to make their members focus on mission-critical functions is to ask them what are the three to five things that such members would do if their department encountered a business disruption.

By following such a method, a clear view of the mission-critical business functions in each department is provided. For instance, from an IT perspective, the network system or application outage are the

mission-critical functions that if damaged would place the existence of the organization in a high danger predicament. The recovery time provided for such mission-critical functions is very low, usually expressed in hours.

Vital (Essential) Functions

There are certain functions that are extremely important but should be addressed immediately after the mission-critical functions. For instance, the payroll may be considered vital or essential, which is not necessarily the one function that can bring the business immediately back up after disruption, but it is vital for the capacity to function after the disaster recovery stage.


There are organizations that do not distinguish between mission-critical and vital or essential function. Those particular organizations are not forced into using this category. They may end up with just three categories: mission-critical, important and minor.

Important Functions

Such functions do not stop the business from operating in the near term, but if not present in the long-term, may have impact on the way the organization preforms as a whole. For instance, from IT perspective, important functions are e-mails, internet access, or databases that are employed to support business functions. The tolerable time for such functions to recover is usually measured in days or weeks.

Minor Functions

Minor business processes are not usually required in the near-term and during business operations recovery; however, they need to be recovered over the longer term.

Minor functions can disappear after certain disruptions, and the organizations do not need to get worried if this happens. In the eyes of many, business disruptions can positively impact these minor business functions, as they may be revised and improved after a disruption.

The Way forward: For Professionals, By Professionals

Crest Advisory Africa (Pty) Ltd is an internationally recognised and accredited Training, Advisory Services and Management System Certification (MSC) entity specialising in Management Systems, whether ISO (Internationally), to King IV or Sorbian Oxley (SOX).

CAA is a Platinum Accredited Partner of the Professional Evaluation and Certification Board (PECB), based in Canada, under licence of the International Accreditation Service (IAS) (California). This Elite status and accreditation represent the professionality CAA addresses every assignment.

We provide all the various end to end services to drive business, which includes a variety of Management System Toolkits, specifically designed for each standard.

Contact Us

Enquire Now

Want to know more? Contact us today for any questions.

We will use this information to contact you about this enquiry only and not for marketing purposes.


Table of Contents

Enquire Now

Interested in this course? Let's help you get started.
We will use this information to contact you about this enquiry only and not for marketing purposes.
Click here to download this article.

More Quality Articles

What is risk? There’s a lot of research into all types of risk, but in my experience, I have found that most people and organisations don’t completely gras…
There are 7 Critical Steps to Pass Audits. Carina takes your through these steps.
Introduction Enterprise Risk Management (ERM) is describing a Risk Matrix (ERM Risk Matrix) as a tool for ranking and displaying risks by defining ranges for consequ…
What is a Compliance Management System (CMS)? For organizations seeking growth and long-term success, adhering to compliance obligations is not an option, is a must…
What is ISO 18788? ISO 18788 specifies the requirements and provides guidance for organizations that conduct or contract security operations.Moreover, it provide…
Information Security Management Network segregation is the tool used for dividing a network into smaller parts which are called subnetworks or network segments. Yo…
Information Security Management The popularity of the terms “data controller” and “data processor” has sharply increased in recent years. In part because of the sig…
The ability to predict what the future holds and choosing effectively among varying alternatives lies at the centre of contemporary societies and organizations. Ri…
“Food Safety” refers to the prevention, elimination and control of foodborne diseases at the stage of consumption. In a globalized world, the impact of food safety ha…
Six Sigma Benefits Reducing Waste Improving Time Management Increase Customer Loyalty Boost Employee Motivation Higher Revenues and Lower Costs Six Sigma has prov…
As the threat of energy-resource depletion has emerged, the global demand for energy is increasing constantly. Provided that billions of people still have no access…
Is your Business protected against a breach of data and software? Are you Internationally Certified to be able to prevent hackers from stealing your organization’s v…
The education industry has gone through tremendous changes over the last decades in terms of educational opportunities, teaching methods, availability of reading…
The Three P(’s)illars of Sustainability The concept of the “triple bottom line” was firstly introduced in 1994 by John Elkington, with the idea of organizations pre…
A politically inclined attack or just a ‘simple’ lack of security awareness? Whatever the case, the cyber-attack that hit Marriott was huge. This was the joint second…