When fire engulfed OVHcloud’s Strasbourg data center on March 10, 2021, it destroyed servers hosting 3.6 million websites and triggered a $10 million class action lawsuit from more than 140 clients.
Many of those clients had no documented business impact analysis in place. They could not identify which systems were mission-critical, which dependencies would cascade, or how long their operations could survive without those services.
Key Takeaways
| A BIA template for business impact analysis should map every critical process to its Maximum Tolerable Period of Disruption (MTPD), Recovery Time Objective (RTO), and Recovery Point Objective (RPO) before defining recovery strategies. |
| Use the five-category impact scoring framework in this BIA template to quantify financial, operational, regulatory, reputational, and customer impacts on a consistent 1-5 scale. |
| ISO 22301:2019 Clause 8.2.2 requires organizations to conduct a documented business impact analysis that identifies critical activities and their dependencies before developing continuity plans. |
| The Excel-based BIA template in this guide includes five worksheets: Process Inventory, Impact Scoring, RTO/RPO Calculator, Dependency Map, and Executive Summary Dashboard. |
| 98% of organizations report single-hour downtime costs exceeding $100,000, making a structured BIA template essential for prioritizing recovery investments. |
| Review and update your business impact analysis template at least annually and after any significant organizational, technological, or regulatory change. |
The result: permanent data loss, months of disruption, and business failures that a structured BIA template would have flagged as unacceptable single-point-of-failure risks.
A BIA template for business impact analysis is the foundational document that transforms continuity planning from guesswork into data-driven recovery prioritization.
Business impact analysis identifies which processes matter most, quantifies what it costs when they fail, and defines how fast they must recover. Without a structured BIA template, organizations make recovery investments based on opinion rather than evidence.
According to the Allianz Risk Barometer 2026, business interruption remains the top global risk for the fifth consecutive year, yet fewer than 35% of organizations maintain a current, documented business impact analysis template.
This guide provides a complete BIA template with step-by-step instructions, an Excel framework with five integrated worksheets, worked examples for RTO/RPO/MTPD calculations, and a dependency mapping methodology.
Whether you are building your first business impact analysis template from scratch or refreshing an existing one, every section includes actionable detail aligned to ISO 22301:2019 and NIST SP 800-34 requirements.
What a BIA Template Covers: Business Impact Analysis Fundamentals
ISO 22301:2019 Clause 8.2.2 requires organizations to establish a documented process for analyzing the impact of disruption over time, identifying activities that support products and services, and determining the timeframes within which those activities must be resumed.
A well-designed BIA template operationalizes these requirements into a repeatable, auditable process.
The five core impact categories that every business impact analysis template must assess are financial impact (revenue loss, recovery costs, penalties), operational impact (process throughput, service delivery, workforce productivity).
Regulatory and compliance impact (license conditions, reporting obligations, contractual SLAs), reputational impact (customer trust, brand perception, media exposure), and customer or safety impact (service availability, health and safety, vulnerable populations).
Each category requires its own scoring criteria and escalation thresholds.
Within the business continuity management lifecycle, the BIA template sits at Stage 2 (Analysis), following risk assessment and preceding strategy development.
The outputs of your business impact analysis template directly feed into recovery strategy selection, resource allocation, and BCP development. Without a rigorous BIA, continuity plans address the wrong priorities.
The Ready.gov BIA guide reinforces this by positioning BIA as the mandatory first step before any recovery planning begins.
BIA Template vs. BCP vs. DRP: Understanding the Relationship
| Document | Purpose | Key Output | When Used |
|---|---|---|---|
| BIA Template | Identify critical processes, quantify disruption impact, set recovery targets | Prioritized process list with RTO/RPO/MTPD and dependency map | Before any continuity or recovery planning begins |
| BCP | Define strategies and procedures to maintain operations during disruption | Recovery strategies, communication plans, resource requirements | During and after a disruption event |
| DRP | Restore IT systems, applications, and data after an incident | Technical recovery procedures, failover processes, backup schedules | When IT infrastructure is disrupted |
For a deeper comparison, see our guide on disaster recovery vs. business continuity planning and the FFIEC Business Continuity Management handbook.
BIA Template Step 1: Scope and Planning
Effective use of a BIA template starts with defining clear boundaries. Scope determines which business units, processes, and systems your business impact analysis will cover.
A common failure is trying to assess everything simultaneously, which dilutes focus and extends timelines beyond the 6-12 week window where executive attention holds.
Start by identifying which parts of the organization generate the most revenue, serve the most customers, or carry the highest regulatory exposure.
The planning phase produces three deliverables: a project charter signed by executive sponsorship, a stakeholder map identifying process owners who will provide data, and a communication plan that sets expectations for interview scheduling and data collection timelines.
The BCP risk assessment process should be completed before or in parallel with the BIA to ensure threat scenarios inform impact analysis. Reference COSO ERM guidance for integrating risk assessment outputs into BIA scope decisions.
BIA Template RACI Matrix
| Activity | BIA Lead | Process Owners | IT/Infra Team | Executive Sponsor |
|---|---|---|---|---|
| Define BIA scope | R | C | C | A |
| Approve project plan | I | I | I | R/A |
| Conduct interviews | R | R | C | I |
| Score impacts | R | A | C | I |
| Set RTO/RPO/MTPD | R | A | R | I |
| Map dependencies | R | C | R | I |
| Approve final BIA report | R | I | I | A |
BIA Template Step 2: Critical Process Identification and Data Collection
The data collection phase is where your BIA template captures the raw information needed for impact analysis. Two methods dominate: structured interviews with process owners (higher quality, more time-intensive) and self-service questionnaires (faster, lower quality without validation).
Best practice is to combine both: distribute a pre-interview BIA questionnaire to collect baseline data, then conduct 60-90 minute interviews to validate responses, probe dependencies, and capture institutional knowledge that questionnaires miss.
Your business impact analysis template questionnaire should cover: process description and purpose, upstream inputs and downstream outputs, peak activity periods and seasonal variations, staffing requirements (minimum and normal), technology dependencies (applications, infrastructure, data).
Third-party vendor dependencies, regulatory or contractual requirements, manual workaround availability and duration, and financial impact per hour/day/week of disruption.
See how to perform a business impact analysis for detailed questionnaire guidance and the CMS BIA Process and Template for a government-standard approach.
Sample Process Inventory for the BIA Template
| ID | Process Name | Business Unit | Criticality Tier | Peak Period | Preliminary RTO |
|---|---|---|---|---|---|
| P-001 | Payroll Processing | Finance/HR | Mission Critical | Month-end | 4 hrs |
| P-002 | Customer Order Fulfillment | Operations | Mission Critical | Q4/Holiday | 2 hrs |
| P-003 | Financial Reporting | Finance | Business Critical | Quarter-end | 24 hrs |
| P-004 | IT Service Desk | IT | Business Critical | Continuous | 4 hrs |
| P-005 | Email and Communication | IT | Business Critical | Continuous | 8 hrs |
| P-006 | Claims Processing | Operations | Mission Critical | Post-event | 4 hrs |
| P-007 | Regulatory Reporting | Compliance | Business Critical | Quarterly | 24 hrs |
| P-008 | Supply Chain Management | Procurement | Business Operational | Continuous | 48 hrs |
| P-009 | HR Recruitment | HR | Administrative | Q1/Q3 | 168 hrs |
| P-010 | Facilities Management | Operations | Business Operational | Continuous | 72 hrs |
| P-011 | Customer Onboarding | Sales | Business Critical | Continuous | 24 hrs |
| P-012 | Accounts Payable | Finance | Business Operational | Month-end | 72 hrs |
Business Impact Analysis Template: Impact Scoring Framework
The impact scoring framework is the analytical engine of your BIA template. For each critical process identified in Step 2, score the impact of its disruption across all five categories using a consistent 1-5 scale.
This structured approach replaces subjective “high/medium/low” assessments with quantified, comparable scores that drive resource allocation decisions. ISO 31000 risk management principles require that impact assessment be systematic, structured, and based on the best available information.
The scoring matrix below defines what each level means for each impact category. When completing your business impact analysis template, score each process at peak disruption (worst realistic scenario, not best case).
Interview process owners with specific prompting: “If this process were completely unavailable for 24 hours during your busiest period, what would be the financial impact?”
This specificity prevents the understatement bias that undermines many BIA efforts. For additional context on impact quantification, see business continuity risk assessment approaches and Deloitte enterprise risk services.
Five-Category Impact Scoring Matrix for BIA Template
| Score | Financial | Operational | Regulatory | Reputational | Customer/Safety |
|---|---|---|---|---|---|
| 1 – Minimal | <$10K loss | Minor delay, workaround available | No regulatory impact | No external awareness | No customer impact |
| 2 – Low | $10K-$100K | Reduced throughput <24 hrs | Internal policy breach | Limited local awareness | Minor inconvenience |
| 3 – Moderate | $100K-$500K | Service degradation 1-3 days | Reportable incident | Industry media coverage | Service disruption to segment |
| 4 – High | $500K-$5M | Critical function unavailable 3-7 days | Regulatory investigation | National media coverage | Widespread service loss |
| 5 – Catastrophic | >$5M loss | Complete operational failure >7 days | License revocation / prosecution | Sustained reputational damage | Safety incident / harm |
To calculate the composite impact score for each process in your BIA template, weight each category according to your organization’s risk appetite: Financial (30%), Operational (25%), Regulatory (20%), Reputational (15%), Customer/Safety (10%).
The weighted score = (Financial x 0.30) + (Operational x 0.25) + (Regulatory x 0.20) + (Reputational x 0.15) + (Customer/Safety x 0.10). Processes scoring above 3.5 are classified as Mission Critical; 2.5-3.5 as Business Critical; below 2.5 as Business Operational or Administrative.
Downtime Cost Escalation: Why BIA Template Prioritization Matters
Figure 1: Business disruption costs escalate exponentially with duration. A BIA template quantifies these costs per process, enabling data-driven recovery investment decisions.
BIA Template Step 3: RTO, RPO, and MTPD Determination
Three metrics form the recovery backbone of every business impact analysis template. Understanding and correctly calculating each one is essential for translating BIA scores into actionable recovery targets.
The BCM Institute guide to validating RTO and RPO provides the definitive methodology for these calculations, and your BIA template should include dedicated fields for each.
| Metric | Definition | How to Determine |
|---|---|---|
| MTPD | Maximum Tolerable Period of Disruption: the time beyond which the organization’s viability is irrevocably threatened | Board-level decision based on financial reserves, contractual obligations, regulatory requirements, and market dynamics |
| RTO | Recovery Time Objective: the target time within which a process must be resumed after disruption | Derived from MTPD with safety margin. RTO must always be less than MTPD. Set through BIA interviews and management validation |
| RPO | Recovery Point Objective: the maximum acceptable data loss measured in time before the disruption | Determined by data criticality, transaction volume, and backup frequency. RPO of 4 hours means max 4 hours of data loss is tolerable |
The critical relationship: MTPD > RTO > actual recovery time. If your MTPD for payroll processing is 48 hours, your RTO should be no more than 24 hours (providing a 50% safety margin), and your tested recovery capability must achieve restoration within that 24-hour window.
Your BIA template should capture all three metrics for every critical process. For related guidance on how these metrics feed into continuity plans, see phases of business continuity planning and the NIST Cybersecurity Framework Recover function.
Recovery Tier Classification in the BIA Template
| Tier | RTO | RPO | MTPD | Example Processes | Recovery Strategy |
|---|---|---|---|---|---|
| Tier 1: Mission Critical | 0-4 hrs | 0-1 hr | < 8 hrs | Payment processing, patient records, trading systems | Hot standby, real-time replication |
| Tier 2: Business Critical | 4-24 hrs | 1-4 hrs | 8-48 hrs | Email, ERP, financial reporting, customer service | Warm standby, 4-hour snapshots |
| Tier 3: Business Operational | 24-72 hrs | 4-24 hrs | 2-7 days | Supply chain, facilities, accounts payable | Cold standby, daily backup |
| Tier 4: Administrative | 72-168 hrs | 24-48 hrs | 7-30 days | HR recruitment, internal training, archiving | Manual workaround, weekly backup |
RTO and RPO Targets by Business Function Tier
Figure 2: Recovery Time Objectives and Recovery Point Objectives vary dramatically by function tier. Your BIA template must capture these differences to avoid under- or over-investing in recovery capabilities.
Dependency Mapping in Your Business Impact Analysis Template
Dependency mapping is the most frequently underestimated component of a BIA template. The OVHcloud incident demonstrated this clearly: organizations that understood their infrastructure dependencies could activate alternate hosting within hours, while those without dependency documentation took weeks to recover.
A business impact analysis template without dependency mapping is incomplete because disruptions rarely affect processes in isolation; they cascade through interconnected systems, vendors, and workflows.
Your BIA template should map four categories of dependencies for each critical process: internal dependencies (upstream processes that feed inputs and downstream processes that consume outputs), technology dependencies (applications, databases, network infrastructure, cloud services), vendor and third-party dependencies (outsourced functions.
SaaS platforms, payment processors, logistics providers), and workforce dependencies (key person risks, minimum staffing levels, skill concentrations). For dependency identification techniques, see risk identification tools and techniques and the BCI Horizon Scan Report for emerging dependency risks.
Sample Dependency Matrix for the BIA Template
| Critical Process | Internal Dependencies | Technology Dependencies | Vendor Dependencies | Workforce Dependencies |
|---|---|---|---|---|
| Payroll Processing | HR data, time and attendance, GL posting | HRIS, payroll application, banking API | Payroll SaaS vendor, bank, tax filing service | 2 payroll specialists (min), 1 HRIS admin |
| Customer Orders | Inventory, pricing, credit check | ERP, e-commerce platform, warehouse system | 3PL provider, payment gateway, shipping carrier | 5 order processors, 2 warehouse staff |
| Financial Reporting | GL close, AP/AR reconciliation, intercompany | ERP, consolidation tool, reporting platform | External auditor, tax advisor, XBRL service | Controller, 2 senior accountants |
BIA Template: Typical 10-Week Project Timeline
Figure 3: A comprehensive BIA template implementation typically takes 8-12 weeks. Rushing data collection (weeks 2-4) is the primary cause of BIA quality failures.
BIA Template Excel Framework: Field-by-Field Guide
This section provides the specification for building a complete business impact analysis template in Excel. The framework uses five integrated worksheets, each serving a distinct purpose in the BIA process.
You can build this from scratch or adapt the NIST SP 800-34 BIA template as a starting point. For spreadsheet-based risk assessment approaches, see business continuity risk assessment XLS and the Gartner security and risk management framework.
Five-Worksheet BIA Template Excel Structure
| Worksheet | Purpose | Key Fields | Formulas/Validation |
|---|---|---|---|
| 1. Process Inventory | Catalog all business processes with ownership and criticality tier | Process ID, Name, Business Unit, Owner, Tier, Peak Period, Headcount | Dropdown validation for Tier (1-4), auto-generated Process ID |
| 2. Impact Scoring | Score each process across five impact categories on 1-5 scale | Process ID (linked), Financial, Operational, Regulatory, Reputational, Customer/Safety scores | Weighted composite = F*0.30 + O*0.25 + R*0.20 + Rep*0.15 + C*0.10 |
| 3. RTO/RPO Calculator | Calculate and validate recovery targets for each process | Process ID (linked), MTPD, RTO, RPO, Recovery Strategy, Tested (Y/N), Last Test Date | Conditional formatting: RED if RTO >= MTPD, AMBER if RTO > 75% of MTPD |
| 4. Dependency Map | Document all dependencies for each critical process | Process ID (linked), Internal Deps, Tech Deps, Vendor Deps, Workforce Deps, Single Points of Failure | Conditional formatting: RED for any identified single point of failure |
| 5. Executive Dashboard | One-page summary for management review and board reporting | Top 10 critical processes, RTO compliance %, dependency risk heatmap, trend vs. prior BIA | VLOOKUP from other sheets, sparklines for trend, traffic-light conditional formatting |
Data validation is critical for maintaining BIA template data quality. Set dropdown lists for all categorical fields (Business Unit, Criticality Tier, Recovery Strategy).
Use conditional formatting to flag inconsistencies: any process where RTO exceeds MTPD (invalid), any Tier 1 process without a tested recovery plan (gap), and any process with no identified workaround lasting more than 4 hours (vulnerability).
These automated checks prevent the data quality erosion that makes BIA templates unreliable over time.
Comparing Process Impact Profiles in the BIA Template
Figure 4: The BIA template impact scoring radar compares two critical processes across all five categories. This visualization helps management understand why different processes require different recovery strategies.
Business Impact Analysis Template: From BIA to BCP
A business impact analysis template is only valuable if its outputs drive real continuity planning. The transition from BIA to BCP follows a logical sequence: the BIA identifies what matters and how fast it must recover; .
The BCP defines how to achieve those recovery targets. Each Tier 1 and Tier 2 process in your BIA template should have a corresponding recovery strategy documented in the BCP, with assigned owners, resource requirements, and tested procedures.
The NHS ransomware attack in August 2022 illustrates this connection. A major software provider was compromised, and front-line healthcare staff reverted to pen and paper for months because the BIA had not identified the depth of dependency on that single vendor, and consequently the BCP had no recovery strategy for that scenario.
Organizations that had mapped vendor dependencies in their business impact analysis template and built alternative procedures recovered in days rather than months. See business continuity plan case studies for more examples.
Your BIA template should include a formal review schedule: annual full refresh, interim updates after significant organizational changes (M&A, new systems, regulatory changes), and post-incident reviews that validate whether your impact assumptions held.
The business continuity management guide covers the full Plan-Do-Check-Act cycle for maintaining BIA currency. For testing recovery capabilities against BIA targets, see how to test business continuity plans and BCP test reporting.
Frequently Asked Questions: BIA Template and Business Impact Analysis
What is a BIA template and why is it needed for business impact analysis?
A BIA template is a structured document or spreadsheet that guides organizations through the process of identifying critical business processes, quantifying the impact of their disruption, and setting recovery time objectives.
A BIA template is needed because without a standardized approach, organizations assess impact inconsistently across departments, miss critical dependencies, and set recovery targets based on opinion rather than data.
ISO 22301:2019 Clause 8.2.2 requires a documented business impact analysis process as a prerequisite for developing continuity strategies.
How long does it take to complete a business impact analysis template?
A comprehensive BIA template implementation typically takes 8-12 weeks for a mid-size organization (500-5,000 employees). Week 1 covers scope and planning, weeks 2-5 cover data collection through interviews and questionnaires, weeks 5-7 cover impact scoring and RTO/RPO determination, weeks 7-9 cover dependency mapping, and weeks 9-12 cover report writing and executive approval.
Smaller organizations can complete the process in 4-6 weeks; larger enterprises may need 16 or more weeks for multi-divisional coverage.
What is the difference between RTO, RPO, and MTPD in a BIA template?
MTPD (Maximum Tolerable Period of Disruption) is the outer boundary: the time beyond which the organization’s survival is threatened. RTO (Recovery Time Objective) is the target time to resume the process, always shorter than MTPD to provide a safety margin.
RPO (Recovery Point Objective) is the maximum acceptable data loss measured in time. For example, a payroll system might have MTPD of 48 hours, RTO of 24 hours, and RPO of 4 hours, meaning it must be restored within 24 hours with no more than 4 hours of data loss.
How does a BIA template relate to ISO 22301 certification?
ISO 22301:2019 Clause 8.2.2 requires organizations to establish a documented process for analyzing the impact of disruption on prioritized activities.
A well-designed BIA template directly satisfies this requirement by providing the structured documentation that auditors look for: critical activity identification, impact assessment over time, recovery time objectives, and dependency mapping.
Organizations seeking ISO 22301 certification must demonstrate that their business impact analysis is current, comprehensive, and integrated with their business continuity management system.
Should the business impact analysis template be in Excel or a GRC platform?
Excel-based BIA templates work well for organizations with fewer than 100 critical processes and straightforward dependency chains. They are low-cost, highly customizable, and familiar to most stakeholders. GRC platforms (ServiceNow, Fusion Risk Management, Castellan) are preferable when you have 100 or more processes, need real-time dependency monitoring, require automated workflow routing for approvals, or must maintain audit trails for regulatory compliance.
Start with Excel to establish the methodology, then migrate to a platform when scale demands it.
How often should you update a business impact analysis template?
Review your BIA template annually at minimum, with interim updates triggered by significant changes: mergers or acquisitions, new system deployments, major vendor changes, regulatory updates, or organizational restructuring.
Post-incident reviews should also validate BIA assumptions. If an actual disruption occurs and recovery times differed from BIA predictions, update the template immediately. ISO 22301 requires periodic review as part of the management review process (Clause 9.3).
What are the most common mistakes when completing a BIA template?
The five most common BIA template mistakes are: underestimating financial impact because process owners downplay costs to avoid recovery investment; assessing at too high a level (department vs. process) which misses critical granularity; ignoring vendor dependencies which become single points of failure; treating the BIA as a one-time project rather than a living document; and failing to validate RTOs through actual recovery testing.
Each of these mistakes has caused real-world recovery failures when incidents occurred.
What data should be collected for each process in the BIA template?
For each process, your business impact analysis template should capture: process name and description, process owner and business unit, upstream and downstream dependencies, technology and application requirements, minimum staffing needs, peak activity periods.
Financial impact per hour and per day of disruption, regulatory or contractual recovery requirements, existing manual workarounds and their sustainable duration, and vendor dependencies with SLA details. This data set enables accurate impact scoring and recovery target determination.
Common BIA Template Pitfalls
| Pitfall | Root Cause | Remedy |
|---|---|---|
| Assessing at department level, not process level | Scope defined too broadly during planning | Map individual processes within each department; a department is not a unit of recovery |
| Process owners understate financial impact | Fear of being assigned expensive recovery solutions | Use standardized cost formulas (revenue/hour, penalty schedules) rather than subjective estimates |
| Vendor dependencies not mapped | BIA questionnaire does not ask about third parties | Include dedicated vendor dependency section in every BIA template questionnaire |
| RTO set without testing | RTOs are aspirational rather than validated | Require at least annual recovery testing for all Tier 1 and Tier 2 processes; log results |
| BIA treated as one-time exercise | No review trigger or schedule defined | Build annual review into BCM calendar; add change-trigger updates to change management process |
| No executive sign-off on MTPD | MTPD set by operational staff without board input | MTPD is a risk appetite decision; require executive committee or board approval |
| Data quality degrades after initial BIA | No validation cycle or data owner accountability | Assign data stewards; automate reminders; tie BIA accuracy to process owner KPIs |
The Future of BIA Templates: 2026-2028 Trends
AI-Powered Business Impact Analysis Automation
By 2027, AI-driven BIA tools will automate the data collection phase that currently consumes 60% of BIA project time.
Machine learning models will analyze ERP transaction logs, ITSM ticket patterns, and financial data to pre-populate impact scores and dependency maps, reducing the BIA template process from 10 weeks to 3-4 weeks.
Human validation will still be required, but the baseline will be data-generated rather than interview-dependent. This shifts the BIA practitioner’s role from data collector to data validator and strategic analyst.
Real-Time Dependency Monitoring
Static dependency maps in traditional BIA templates become outdated within months as organizations adopt new cloud services, change vendors, and restructure teams.
Real-time dependency monitoring tools will continuously scan API connections, network traffic, authentication flows, and vendor health indicators to maintain a live dependency graph.
When a dependency changes, the BIA template automatically flags affected processes and recalculates recovery targets. Explore enterprise risk management frameworks for how this integrates with broader ERM architectures.
Regulatory Convergence: DORA, CPS 230, and SEC Rules
The EU Digital Operational Resilience Act (DORA), Australia’s CPS 230, and evolving SEC cybersecurity disclosure requirements are converging on a common expectation: documented, tested business impact analysis with quantified recovery targets.
By 2028, organizations operating across multiple jurisdictions will need BIA templates that simultaneously satisfy ISO 22301, DORA Articles 11-12, CPS 230 operational resilience requirements, and SEC Regulation S-K disclosure rules.
The BIA template of the future will include regulatory mapping fields that tag each process against applicable requirements. Check how to develop key risk indicators for connecting BIA outputs to ongoing KRI monitoring.
Build Your Business Impact Analysis Template Today
A well-executed BIA template for business impact analysis is the foundation of every effective continuity program. Use the step-by-step process, scoring frameworks, and Excel structure in this guide to build or refresh your organization’s BIA.
The investment of 8-12 weeks now prevents the months of unstructured recovery that organizations without a BIA template face when disruption strikes.
Need hands-on support building your business impact analysis template? Explore our services or contact us to discuss your specific continuity planning needs.
Further reading: Ransomware Business Impact Analysis: Linking Cyber Incidents to BIA and BCP
Chris Ekai is a Risk Management expert with over 10 years of experience in the field. He has a Master’s(MSc) degree in Risk Management from University of Portsmouth and is a CPA and Finance professional. He currently works as a Content Manager at Risk Publishing, writing about Enterprise Risk Management, Business Continuity Management and Project Management.