Request a Demo

The Noggin Platform

The world’s leading platform for integrated safety & security management.

Learn More
Find Your Solution
  • Crisis management Crisis Management
  • Emergency Management Emergency Management

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Safety Management Safety Management
  • Employee Health & Wellbeing Employee Health & Wellbeing
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Asset Management Asset Management
  • Contractor Management Contractor Management
  • Visitor Management Visitor Management
  • Emergency Management Emergency Management

All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.

Learn More
Request a Demo

Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.

Learn More
Request a Demo

A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Physical Security Physical Security
  • Cyber Security Cyber Security
  • Visitor Management Visitor Management
  • Critical Infrastructure Protection Critical Infrastructure Protection
  • Emergency Management Emergency Management
  • Governance Risk & Compliance Governance, Risk & Compliance
  • Asset Management Asset Management
  • Contractor Management Contractor Management

Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.

Learn More
Request a Demo

Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo
  • Business Continuity Planning Business Continuity Planning
  • Crisis Management Crisis Management
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Continuity of Operations Continuity of Operations (COOP)

Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.

Learn More
Request a Demo

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.

Learn More
Request a Demo
A guide to developing your covid-19 return to work plan
Whitepaper

Developing Your COVID-19 Return to Work Plan

Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More
Whitepaper

How to Make the Business Impact Analysis Work for Your Company

Noggin

Business Continuity Software

Published May 19, 2021

What’s the point of the business impact analysis, and what goes wrong with the process?

Even before the pandemic, the business risk picture had been deteriorating. What can businesses do? Be prepared for the worst; and at the core of that effort lies the business impact analysis.

The business impact analysis gives organisations an intimate understanding of how their core business processes would be impacted by crises, disasters, or disruptions, offering insights into what’s needed to develop organisational resilience in the face of uncertainty and disruption.

All too often, though, businesses fail to properly conduct the business impact analysis. Why’s that? Well, for one, the analysis itself can be time-consuming.

Performed without the right approach and business continuity management software systems, the business impact analysis can also feel academic, abstract, or worse, a wasteful exercise with little real-world impact.

Indeed, conducting a business impact analysis isn’t exactly easy. But it’s nonetheless critical to organisational resilience. As a result, certain jurisdictions (federal, state, and local) mandate that businesses, especially in critical infrastructure sectors, develop robust business continuity plans (BCPs) and procedures as well as are able to produce evidence of proper documentation under audit. The business impact analysis also features prominently in international best-practice standards, like ISO 22301, which provides guidance on business continuity management.

The case for undertaking a business impact analysis is clear. But the question we answer here is, how to make the exercise actionable and achievable in your business?

The business impact analysis is fundamental to data-driven business continuity management

A diagnostic of a business’s internal dependencies and vulnerabilities, the business impact analysis provides the analytical baseline for developing business continuity plan materials, and battle-readying continuity management systems and processes. In essence, it acts as the dashboard for asset protection and recovery action prioritisation, keeping everyone from the CEO to the doorman on the same page, should disruption occur.

A good business impact analysis:

  • Offers senior management a bird’s eye view of prioritised business activities, i.e., those that generate the most money or benefits to the organisation
  • Shows how badly those activities would be impacted by a disruption
  • Provides insight into the pathways by which impact would possibly take place.

It is these interdependencies that the business impact analysis is particularly focused on identifying and quantifying, with the analysis itself serving as a necessary prerequisite for an informed prioritisation of assets to protect and the relevant recovery actions to initiate in the case of an emergency.

So how do organisations identify these interdependencies, and what’s the best way to quantify the risks inherent in them? Well, developing a business impact analysis often takes the form of workshops or questionnaires.

Interviewed staff from across the organisation identify internal and external dependencies critical to their unit’s operations, before quantifying the business impact that will happen if these operations are halted.

Such analysis is oriented towards critical indicators that sum up the ‘breaking point’ of a business’s operations: the maximum amount of damage an operation can sustain before the business is functionally dead in the water (maximum acceptable outage) and the resources that would be required to return operations back to normal (recovery strategies).

This entire process should surface recovery requirements that are then used to develop strategies, solutions, and plans for each of the business’s unique vulnerabilities. For example, if a data centre estimates that any data losses of greater than four hours would mean the end of the business, but data backups entail significant costs, the analysis might inform plans for data backups every hour rather than every second.

At the end of the day, a business impact analysis can be described simply as a stock-taking exercise of where a business’s vulnerabilities are, as well as a quantification of how bad things would have to get before the whole business got dragged under water.

Challenges to developing an effective business impact analysis

The business impact analysis enables senior management to proactively set tangible, business-unit-specific targets, so as to ensure organisational resilience. But without the right approach, system, and procedures, the process gets overly complicated.

It’s often reported that the alphabet soup of business continuity management acronyms and jargon can feel academic, abstract, and divorced from immediate business realities.

Compounding the challenge is the overwhelming amount of information to be sifted through and curated. At times, the analysis required can also be site-dependent rather than unit-dependent, which requires different approaches and visualisation capabilities.

What’s more, the data-capturing process, if done manually, is extremely labour-intensive. Which makes it rife with opportunities for error. In fact, even if manual data collection goes flawlessly, senior management may still decry information overload.

These challenges can lead organisations to cut corners on the business impact analysis process. That’s particularly dangerous given the dynamic pace of change across the economy. Those changes can leave organisations blindsided in emergency situations.

In 2012, for example, Hurricane Sandy revealed how disaster recovery needs to be constantly adapted to new environmental realities. During and after the storm, areas that had never been flooded found themselves underwater for the first time, causing outages of far longer than the 48 hours that many local utilities had considered the upper limit in their disaster plans and exercises.

How technology can streamline the business impact analysis process

How then to get the benefits of pragmatic business continuity management (more broadly) and business impact analyses (specifically) without wading through the morass? Invest in flexible innovations that conform to the specifics of your organisation but evolve as those dynamics change.

Digital technology, especially, can streamline parts of the business impact analysis, leaving continuity professionals more capacity to focus on the most important parts of their job, i.e., embedding resilience into their organisation’s culture and activities.

For one, next-generation business continuity software, like Noggin Continuity, simplifies the varied requirements of performing a business impact analysis into a streamlined, user-friendly process.

What, exactly, can you get? Such software solutions have the tools to simplify the most onerous parts of the business impact analysis process. The tools themselves limit the time and effort required from users, reduce the potential for error, and streamline workflows – all in the service of improved organisational resilience, compliance, and preparedness.

That’s not all. Such solutions provide the tools needed to effectively assess the risk of business disruption and attendant impacts, coordinate response to disruptions, and manage incidents, including the following:

  • Automated workflows save time and effort: Assign and track business impact assessment and risk management activities for your organisational unit owners. Ensure timely notifications about critical events to staff and stakeholders via email, SMS, or in-app.
  • Customisable and best-in-industry resources out of the box. The system is designed with C-level executives, continuity professionals, and business unit managers in mind, with features relevant to different industries and user persona types, as well. The flexibility allows all kinds of users to report and manage business continuity incidents and issues within a single platform.
  • High-quality data collected and easily turned into actionable insights. Unit specific dashboards and resources include well-formatted forms, lists, and processes with text guidance for proper use across different units to produce consistent and unbiased responses. These responses are then automatically harmonised into a global dashboard, giving executives the data driven insights they need to set actionable priorities with confidence.
  • Streamlined compliance with international standards like ISO 22301. Audit logging of changes and approvals of plan template and recovery strategies. Get notifications for when exercises are due. Visualise all upcoming and recently completed exercises with action dashboards, as well as gaps in process or areas for improvement to identify high-risk activities with no recovery plans and strategies.

Finally, a pragmatic business impact analysis will give organisations the intimate understanding of core business processes they need to ensure resilience faced with inevitable disruption. But without the right plan of attack and underlying streamlined systems, the exercise can easily become cumbersome and overly academic.

Fortunately, simplifying the business impact analysis so it makes sense for your business is possible. Business continuity management functionality, like powerful workflows, gives organisations the tools they need to simplify the most onerous parts of the process, limiting time and effort required by users, and ensuring resilience, compliance, and preparedness.

Such functionality also helps organisations make the crucial transition from continuity events to crises. To learn more about the case for a flexible business continuity system that scales with crisis, download our guide, When Business Continuity Events Become Crises.

DOWNLOAD THE GUIDE

New call-to-action