Business impact analysis
Can one rely on the results of business impact analysis without performing a risk assessment
Assign topic to the user
ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I assume you're asking this question in the context of ISO 22301, the business continuity standard.
Both risk assessment and business impact analysis are mandatory according to ISO 22301, however they do not depend on each other - in practice, they are independent analysis.
These articles will help you with details:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
- Can ISO 27001 risk assessment be used for ISO 22301? https://advisera.com/27001academy/blog/2013/03/11/can-iso-27001-risk-assessment-be-used-for-iso-22301/
Comment as guest or Sign in
Dec 19, 2019