Business Impact Analysis Survey: Long Version Template

Business Impact Analysis Survey

In the dynamic landscape of modern business, understanding and mitigating potential risks is paramount. A Business Impact Analysis Survey stands as a linchpin in fortifying organizational resilience.

Key Components of a Business Impact Analysis Survey

1. Identification of Critical Business Functions
At the core of a Business Impact Analysis Survey is identifying critical business functions. These are the heartbeat of an organization—the tasks that, if disrupted, could have a cascading impact on the entire operation.

2. Assessment of Impact and Downtime Tolerance
Once critical functions are identified, the next crucial step is a meticulous assessment of their impact and downtime tolerance. How long can an organization be without these functions before experiencing irreversible damage?

3. Dependencies Mapping
A BIA Survey is not a standalone exercise—it’s a holistic journey. Mapping dependencies across processes, systems, and external factors provides a comprehensive view of the intricate ecosystem within which a business operates.


Due to HIPAA Security Rule regulations, the organization must implement Contingency Planning Practices to protect ePHI (electronic Protected Health Information). To accomplish this undertaking, the organization will complete several steps to identify critical business functions, processes, and applications that process ePHI and to understand the potential impact on the business if a disruptive event occurs.

The first step of implementing the Contingency Program for the organization is to conduct a Business Impact Analysis (BIA).  This questionnaire will help each business unit identify its critical business functions and recovery requirements as well as estimate the impact of a disaster (or prolonged outage) on the business unit.  Once the survey is completed, the BIA Project team will review the data, analyze and create a prioritized recovery strategy to present to senior management.

For this BIA, answer each question based on the “worst-case scenario”.  This means your workplace and all records; files and equipment in it are inaccessible.  The priority of this questionnaire is to identify any business process or application that currently contains ePHI.  However, please answer all questions regardless of ePHI status.  By completing all questions to the best of your knowledge, a recovery strategy that best meets the need of the business can be established.

Some questions will be directly related to a specific process whereas other questions are of the business unit in general. Some sections contain an additional “Notes” area to amplify or explain your responses.  While this is not a requirement, it can be useful in helping the Project Team understand the nature of your business unit operations.

Table of Contents: Business Impact Analysis Survey Template



  • Respondent Information
  • Business Unit / Department Information
  • ePHI (electronic Protected Health Information)
  • Service Providers
  • Business Unit Vulnerability
  • Recovery Complexity


  • Process Identification
  • Process Criticality & Frequency
  • Processing Periods
  • Process Unavailability Impact
  • Process Deferrable
  • Manual Work – Around Procedures for Processes
  • Alternate Facilities / Work-load shifting
  • Backlog Work 


  • Internal Received Dependencies (Same Company)
  • Internal Sent Dependencies (Same Company)
  • External Received Dependencies (Outside Provider)
  • External Sent Dependencies (Outside Provider)


  • Software Resources
  • Specialized Supplies and Clerical Type Resources
  • Equipment Resources
  • Manpower Resources
  • Reports


  • Financial Impact
  • Customer & Operational Impact
  • Legal & Regulatory Impact


To view a specific section of this document, please contact us at or call us at (515) 865-4591.