runbookify
← All plans
Compliance, Quality & Risk / Business Continuity & Emergency Preparedness

Business Impact Analysis (BIA) Collector: Find What Must Come Back First

Send a BIA questionnaire to every process owner, collect criticality, downtime impact, RTO/RPO, and dependencies, and roll it all up into a ranked recovery priority — with the continuity manager approving each tier before it's locked into the plan.

IntermediateA weekendBuilds onNext.jsSupabaseResend
What you'll build

A web tool where process owners submit a BIA questionnaire, AI rolls up a criticality ranking and flags inconsistent answers and risky dependency chains, your continuity manager reviews and approves each process's tier and RTO/RPO, and the tool publishes the BIA and exports it plus a prioritized recovery list as CSV.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A Supabase account (free)
  • A Vercel account (free)
  • A Resend account (free)
  • A list of your business processes and their owners
  • Your BIA questionnaire fields (criticality, impact-over-time, RTO/RPO, dependencies)
  • Claude Code or any AI coding agent

The problem this kills

A business impact analysis is the foundation of your whole continuity plan — and most teams run it on a tangle of emailed spreadsheets. You send a questionnaire to every process owner, chase the ones who don't reply, and then try to stitch dozens of inconsistent tabs into one ranked list of what has to come back first after a disruption.

It falls apart in predictable ways. One owner rates their process "critical" with a four-hour recovery time objective; the process it completely depends on is rated "low" with a three-day target. Someone claims a recovery point objective of zero data loss for a system that's backed up nightly. Two owners describe the same process under different names. By the time you've reconciled it all by hand, the data is stale and you're not sure the priority ranking actually holds together. You don't need to live in that spreadsheet, and you don't need to be a developer to replace it.

What you'll build

A simple internal web tool. You load your list of processes and owners, then send each owner a BIA questionnaire: how critical the process is, what the impact of downtime looks like as it stretches from hours to days to weeks, their recovery time objective (RTO) and recovery point objective (RPO), and the upstream processes, systems, people, and vendors they depend on. As responses come in, the tool rolls them up into a criticality ranking and runs sanity checks — flagging unrealistic RTOs, RPO claims the backups can't support, and dependency chains where a critical process leans on one rated low. Your continuity manager opens a review screen, challenges the inconsistent answers, and approves each process's criticality tier and RTO/RPO. Only then is the BIA published. The tool sends Resend follow-ups to owners who haven't responded, and exports the finished BIA and the prioritized recovery list as CSV.

What's inside the Implementation Plan

The downloadable plan is a step-by-step file you paste into an AI coding agent. It opens by interviewing you about your business — how you scope a "process," what your criticality tiers and impact categories are called, exactly how you express RTO and RPO, how many processes and owners you survey, your approval rules, and your messy edge cases — and then it tailors the data model, the questionnaire fields, the sanity checks, and every later step to your answers. This is not a generic template; the agent reflects a short spec back to you and waits for your thumbs-up before it builds anything. From there it walks the agent through loading processes and owners, sending the questionnaire, capturing responses, the roll-up and dependency-chain logic, the manager review-and-approve screen, publishing the BIA, the Resend follow-ups, and the CSV exports — each step with a ready-to-copy prompt. There's also a fallback so you can build the whole thing today even with no integration to a GRC or continuity platform.

The governance it includes (this is the point)

This is the backbone of your continuity program, so it ships with the controls a risk team needs: login so only your team can use it, row-level security so you only ever see your own organization's processes and responses, a complete audit trail of who submitted, edited, and approved which entries and when, a hard human-approval gate so no criticality tier or RTO/RPO is locked into the published BIA until the continuity manager signs off, and duplicate guards keyed on a process ID so the same process can't be entered or rolled up twice. Inconsistent answers and risky dependency chains are flagged for the manager to challenge instead of being silently averaged into the ranking.

Who it's for

Business-continuity managers, resilience leads, and risk teams who own the BIA and are tired of rebuilding it from a pile of spreadsheets every refresh cycle. If you can describe how your organization defines a critical process and decides its recovery target, you can build this.

You've got this — start with the plan, paste the first prompt, answer the interview, and you'll watch your prioritized recovery list assemble itself the same afternoon.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.