π Business Impact Analysis (BIA)
1. Purpose and Scope
This Business Impact Analysis evaluates the critical business functions, systems, and vendors supporting Nemu Inc.βs client-facing services. It identifies potential impacts resulting from service disruptions and establishes Recovery Time Objectives (RTO), Recovery Point Objectives (RPO), and Maximum Allowable Downtime (MAD).
2. Impact Categories
The BIA evaluates the following impact areas:
- Operational Impact
- Financial Impact
- Client / Customer Impact
- Legal & Regulatory Impact
- Reputational Impact
Each category is rated as Low, Medium, High, or Critical.
3. Impact Rating Definitions
| Rating | Definition |
|---|---|
| Low | Minimal disruption; no SLA or compliance effect |
| Medium | Noticeable degradation; minor SLA impact |
| High | Significant operational disruption; possible contractual impact |
| Critical | Complete service outage; material financial, legal, or reputational impact |
4. Critical Business Functions Inventory
| Function | Description | Owner | Dependencies | RTO | RPO | MAD |
|---|---|---|---|---|---|---|
| Platform Operations | Core API, Realtime, App functions | CTO | Render, Supabase, Cloudflare | 4 hrs | 15 min | 8 hrs |
| Client Data Management | Storage, backups, database | Engineering Lead | Supabase Postgres, Storage | 4 hrs | 30 min | 12 hrs |
| Authentication & Access | Login, MFA, RBAC | Engineering | Auth provider | 2 hrs | 0 min | 4 hrs |
| Payments & Billing | Stripe subscription + payments | CFO / Billing Lead | Stripe | 24 hrs | 12 hrs | 48 hrs |
| Customer Support | Support response channels | Support Lead | Intercom / Email systems | 24 hrs | 8 hrs | 72 hrs |
5. Impact Assessment Summary
| Function | Operational Impact | Financial Impact | Client Impact | Regulatory Impact | Reputational Impact | Overall Impact |
|---|---|---|---|---|---|---|
| Platform Operations | Critical | High | Critical | Medium | High | Critical |
| Client Data Management | High | High | High | Critical | High | Critical |
| Authentication | High | Medium | High | Medium | High | High |
| Payments | Medium | High | Medium | Low | Medium | High |
| Support | Medium | Medium | Medium | Low | Low | Medium |
6. Recovery Prioritization
- Authentication & Access
- Platform Operations
- Client Data
- Payments
- Customer Support
7. Review and Approval
The BIA is reviewed annually during Business Continuity Planning and approved by executive management.
7. Compliance Mapping
- SOC 2: CC3.2
- ISO 27001:2013: A.8.2.1, A.17.1.1
Contact: support@mynemu.com
Β© 2025 Nemu Inc.. All rights reserved.
Last updated on