Analysis of business impact would be a crucial aspect of business continuity planning.
This step would be quantifying the data and would be getting into the real issues of potential losses, which could negatively impact your business. This particular step is used to understand the most critical impacts, as well as how to protect your data, processes, people, assets, communications, and the goodwill and reputation of the organization.
Organizations usually think of disaster recovery, when business continuity and the analysis of the business impact are a lot more focused on making sure that the business is kept operational and less focused on disaster recovery.
The analysis of business impact is also not focused just on the possible disasters but also on the possible critical discontinuities.
The primary elements of Business Impact Analysis would be identifying the critical business functions, establishing the maximum outage time, which is acceptable for each of the functions, and determining the impact of not being able to perform those functions. These could be measured using legal, financial, operations, regulatory, and customer service requirements.
As soon as the adequacy of the security and controls has been evaluated and the critical business functions, as well as the outage times, have been defined, the business continuity planner has to develop some level of understanding of the probability threats that are factored by the impact or severity and also to start developing an analysis of cost-benefit for the largest impact as well as the highest probability threats.