Most investments decisions are driven by the benefit and return we expect to get from the money we invest. There is either a business opportunity that we want to exploit or we want to increase our net gains by improving the efficiency and effectiveness of our operation.
As business operations start to become more reliant on IT services or even have IT being at core of their business, we need to start considering what if: … and prepare to deal with that.
- What if a critical IT service if not available for a day, a week or a month. Can your business survive that?
- What if key information is corrupted. Can your business recover from that?
- What if sensitive information is compromised. What do you lose?
In Opsasto we conduct a Business Impact Assessment (BIA) to understand the impact of a security or reliability risk occurring to the organisation and to understand the business value the new service can bring. Outcome of the Business Impact Assessment (BIA) are Criticality, Availability and Integrity (CAI) ratings for the service. The confidentiality, integrity and availability model (CAI triad) is widely recognized in information assurance models*. Opsasto uses these CAI ratings for operational readiness decisions. Great benefit of this approach is that by determining the strategic importance of the service in an early stage, subsequent decisions will be aligned with the strategic importance. You will be able to make better decisions, quicker. Some examples of decisions that can be easier made with the CAI ratings:
- No need to invest in high-availability for a service that can be unavailable for some weeks.
- Invest heavily in compliance and security controls when you operate in Europe and the service hold privacy sensitive information.**
- Is the service strategical for your business and do you expect you expect a high volume of development activities in the future? Invest in automated deployment, automated regression testing and continuous integration.
If digital is not yet of strategic importance for your organisation, it sure will be in the near future. However, not every digital service will be critical to your business’ operations. The Business Impact Assessment aligns the investment profile to the risk profile and ensures a fit-for-purpose budget estimate.