riscAnalysis™
RISC · Risk Intelligent Supply Chain
riscAnalysis™ is the Business Impact Analysis workspace in the RISC family from e|Resilient. Inventory critical activities, quantify recovery objectives (RTO, RPO, MBCO, MTPD), map the dependency chain — and produce the BIA report that becomes the foundation every other continuity decision rests on.
The RISC family. The lowercase “risc” prefix is shared across our tools and originates with riscManager.com™, our Risk Intelligent Supply Chain platform. riscAnalysis™ sits at the foundation of the family — the BIA whose recovery objectives drive every other workspace, including riscScope™'s threat-level controls and riscManager.com™'s supply chain recovery posture.
Why It Exists
Every continuity plan rests on a BIA that doesn't exist.
Ask a continuity team what their RTO is for order-to-cash and you'll usually get a number. Ask them how the number was derived and you'll usually get silence. The BIA — the analysis that's supposed to justify every recovery objective in the plan — is the document every audit asks for and almost nobody can produce.
The reason is simple: doing BIA properly is tedious. It means cataloging every critical activity, capturing four recovery objectives per activity with rationale, mapping dependencies in four directions (people / technology / suppliers / facilities), and keeping it all consistent as the business changes. Without a workspace built for it, the work falls back to spreadsheets that decay within months of the consultant leaving.
riscAnalysis™ is the workspace that makes the BIA continuously maintainable. Capture the analysis the way ISO 22301 §8.2.2 expects to see it, surface the gaps as the business changes, and produce the report that holds up under scrutiny — every refresh cycle, not just at kickoff.
What It Does
The three jobs every defensible BIA has to do.
ISO 22301 §8.2.2 reads as three sentences, but each one hides weeks of analysis. riscAnalysis™ structures the capture so the output meets the standard without the months-long binder build that usually accompanies it.
- 🎯
Critical activity inventory
BIA starts with knowing what actually matters. riscAnalysis™ structures the discovery so every revenue-generating, compliance-bound, and customer-facing process gets captured — not just the ones leadership remembers in the workshop.
- Activity catalog organized by department, function, or value stream
- Criticality tier classification (Tier 1 / Tier 2 / Tier 3 / Non-critical)
- Process owners, deputies, and escalation paths captured per activity
- Plain-language process descriptions readable by non-practitioners
- ⏱
Recovery objectives, quantified
The four numbers every continuity program needs and most cannot defend: RTO, RPO, MBCO, MTPD. riscAnalysis™ captures them per activity with the impact-over-time analysis that makes them defensible to an auditor.
- RTO — Recovery Time Objective (how fast must it resume)
- RPO — Recovery Point Objective (how much data loss is acceptable)
- MBCO — Minimum Business Continuity Objective (degraded but acceptable)
- MTPD — Maximum Tolerable Period of Disruption (when does it become existential)
- 🔗
Dependencies mapped
An activity doesn't fail in isolation — it fails because something upstream failed. riscAnalysis™ captures the dependency chain so recovery planning targets the actual constraints, not just the visible process.
- People dependencies — roles, headcount, named successors
- Technology dependencies — applications, infrastructure, data feeds
- Supplier dependencies — vendors, contracts, sole-source flags
- Facility & equipment dependencies — sites, machinery, utilities
How It Works
Five steps from kickoff to BIA report.
Auto-saved at every input. Resume from any device. Multi- tenant: each client gets an isolated workspace.
- Step 1
Configure the engagement
Set the client organization, BIA cycle (initial / annual refresh / post-incident review), scope boundaries (whole company / business unit / site), and the lead analyst. Multi-site engagements roll up per-site BIAs into a consolidated view.
- Step 2
Discover the activities
Walk through each function and capture the critical activities with process owners, descriptions, and supporting evidence. Bulk-import from existing org charts or process inventories via CSV — no greenfield list-building required if the data already exists.
- Step 3
Quantify the recovery objectives
For each activity, capture the four recovery objectives with their underlying rationale and the impact-over-time analysis. The workspace flags inconsistencies (e.g., an RTO shorter than the dependency's RTO) so the numbers stay defensible end-to-end.
- Step 4
Map dependencies and gaps
Link each activity to the people, technology, suppliers, and facilities it depends on. The workspace surfaces gaps automatically — activities with no documented backup, dependencies with no recovery strategy, RTOs that conflict with current capability.
- Step 5
Generate the BIA report
Output is a complete BIA report ready for ISO 22301 §8.2.2 documentation — prioritized activity register, recovery objectives table, dependency analysis, gap summary, and recommendations. Print to PDF for the engagement deliverable, export to CSV for downstream planning.
What You Get
The BIA report — and the live workspace behind it.
The BIA report is the deliverable. The workspace is what keeps it accurate between refresh cycles. Both ship from the same source of truth, so the report your auditor sees and the dashboard your continuity team works from never drift apart.
- Prioritized critical activity register with criticality tier, owner, and recovery objectives — defensible to a board, auditor, or customer due-diligence team
- RTO / RPO / MBCO / MTPD captured per activity with impact-over-time analysis underneath each number
- Complete dependency map: people, technology, suppliers, facilities — with sole-source flags surfaced inline
- Gap analysis: activities without documented backups, dependencies without recovery strategies, RTO conflicts across the chain
- BIA report formatted to ISO 22301:2019 §8.2.2 documentation requirements, print-ready PDF
- CSV export of the full activity register and dependency map, ready to feed into continuity planning
- Year-over-year comparison view — overlay multiple BIA cycles to see whether the program is maturing
How to Get Access
Two paths in.
riscAnalysis™ lives inside the e|Resilient client workspace. Most clients reach it through a paid engagement; companies that want to run their own BIA can license it stand-alone.
Path 1 · Bundled
Included in every paid engagement
Every e|Resilient client engagement includes access to riscAnalysis™ as part of the client workspace. Your consultant runs the BIA alongside riscScope™, supply chain mapping, and continuity planning — no separate purchase, no separate platform.
Path 2 · Stand-alone
For companies running their own BIA
If you have an in-house continuity function and want a purpose-built BIA workspace rather than a spreadsheet, riscAnalysis™ is available as a stand-alone subscription. You run the analysis yourself; we're available for methodology questions and an optional practitioner review.
Stop building plans on top of a BIA that doesn't exist.
Schedule a 30-minute consultation. We'll show you the workspace, walk through the methodology, and figure out which access path fits your situation.