A business impact analysis (BIA) identifies, quantifies and describes the impacts on business processes if resources are lost. “Business process” is defined here as a set of activities that can accomplish business goals. The purpose of a BIA is to create a list of time-critical business processes and the resources to support them. It is vital not to confuse or equate this assessment with the significance or importance of a business process. It is perfectly possible for a business process to be very important for the company, yet have only low priority for disaster management in the event of an emergency.
Core objectives of a business impact analysis:
- To enable a company to prioritize its processes
- To assess the impacts if resources are lost in the process chain
- To estimate the time to recover processes after resources are lost
Risk appetite
The risk appetite of a company is taken into account by specifying individual thresholds for the impact categories, namely financial damage, legal, regulatory and contractual sanctions and reputational damage. A weighting factor can be applied to these categories for impacts which a company considers to be particularly unacceptable.
Basis for resilience – Identity and Access Management (IAM)
The dramatic increase in Identity and Access Management (IAM) initiatives in almost all industries over the last few years is confirmation that many companies are meanwhile using basic tooling as part of their risk reduction strategies. In this context, the ability to effectively implement a comprehensive IAM solution becomes a decisive success factor for any organization in a process of significant change.
Different factors obviously have to be considered when determining the criticality of business processes depending on the industry, for instance IAM in connection with security basics. IAM centrally manages a company’s identities as well as access rights to different systems and applications. User authentication and authorization are central IAM functions.
Identity and Access management is a generic term for all processes and applications that are responsible for administering identities and managing access rights to various applications, systems and resources special identity and access management architectures are used to ensure a simple and centrally administered solution comprised of multiple software components.
An IAM system can not only assign access rights to users but also revoke them again. Many systems work practically in real time when assigning access rights, and they enable rights management in real time with no waiting times for users. IAM systems generally have a self-service interface, via which users can personally request whatever access rights they need or change their password.
Rights are approved either automatically on the basis of predefined rules as well as existing user and role concepts or manually by an administrator. If the request and approval processes are automated, a human being can be made responsible for presenting information or for manual interventions. In many installations, the main identity and access management software works on dedicated hardware or on a virtual infrastructure that is provided for the IAM. It acts as a kind of broker between the IAM’s various components and can source information from different databases and directory services.
From core tasks to the benefits of identity and access management – you can read all of this in the soon-to-be sequel to this blog article.
By the way: Should you firmly anchor Plant Security in your company and make it fit for the future, as well as be looking for concentrated expertise in this area, you should definitely take a look here and register for our first Plant Security Convention on September 11 of this year in Basel.
