Business Impact Assessment

1. Criticality

2. Time objectives

3. Impact scenarios

4. Asset dependencies

Step 1: Define how critical this process is to your organisation. Criticality determines priority in business continuity planning.

Process criticality

Critical

High

Medium

Low

Process type

Operations

Support

Regulatory

Step 2: Set recovery targets. These drive your continuity plan and trigger warnings when impact scenarios or asset RTOs fall outside safe limits.

RTO

Recovery time objective

RPO

Recovery point objective

MTPD

Max tolerable disruption

Step 3: Define what happens at each time threshold. Scenarios whose threshold is under the process RTO show a warning — impact hits before you can recover.

Minor order delaysOperational1hLow

Warehouse picking stopsOperational4hMedium

CHF 50K revenue loss, SLA breachFinancial1dHigh

Contract penalties, regulatory reportLegal1wCritical

Step 4: Select assets this process depends on and set each asset's criticality. Assets whose RTO exceeds the process RTO show a warning — they can't recover fast enough.

SAP S/4HANAERPCriticalRTO 2h

Azure SQL clusterDatabaseHighRTO 8h

EDI gatewayIntegrationMediumRTO 1h

VPN concentratorNetworkLowRTO 30m