identify and prioritize critical business functions as well so you can
               define which functions you want to restore after a disaster or failure

               and in what order.

               To achieve this goal, the DRP team must first identify those business
               units and agree on an order of prioritization, and they must do
               likewise with business functions. (And take note: Not all critical
               business functions will necessarily be carried out in critical business
               units, so the final results of this analysis will very probably comprise a

               superset of critical business units plus other select units.)
               If this process sounds familiar, it should! This is very like the

               prioritization task the BCP team performs during the business impact
               assessment discussed in Chapter 3. In fact, most organizations will
               complete a business impact assessment (BIA) as part of their business
               continuity planning process. This analysis identifies vulnerabilities,
               develops strategies to minimize risk, and ultimately produces a BIA

               report that describes the potential risks that an organization faces and
               identifies critical business units and functions. A BIA also identifies
               costs related to failures that include loss of cash flow, equipment
               replacement, salaries paid to clear work backlogs, profit losses,
               opportunity costs from the inability to attract new business, and so
               forth. Such failures are assessed in terms of potential impacts on
               finances, personnel, safety, legal compliance, contract fulfillment, and

               quality assurance, preferably in monetary terms to make impacts
               comparable and to set budgetary expectations. With all this BIA
               information in hand, you should use the resulting documentation as
               the basis for this prioritization task.

               At a minimum, the output from this task should be a simple listing of
               business units in priority order. However, a more detailed list, broken
               down into specific business processes listed in order of priority, would

               be a much more useful deliverable. This business process–oriented list
               is more reflective of real-world conditions, but it requires considerable
               additional effort. It will, however, greatly assist in the recovery effort—
               after all, not every task performed by the highest-priority business unit
               will be of the highest priority. You might find that it would be best to
               restore the highest-priority unit to 50 percent capacity and then move

               on to lower-priority units to achieve some minimum operating