Expert Advice Community

Guest

BIA and risk assessment

  Quote
Guest
Guest user Created:   Mar 31, 2017 Last commented:   Mar 31, 2017

BIA and risk assessment

1 - The BIA includes a risk assessment?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 31, 2017

Answer: The risk assessment process is independent of the BIA process, but BIA can make use of the results of risk assessment to help improve the reliability of its results (by identifying the risks you’re most exposed you can focus on consequences of those incidents). You should note that ISO 22301 documentation toolkit does not include the risk assessment documents, but they can be purchased separately

2 - Should The BIA questionnaire be different for every business unit into the company?

Answer: The general framework of the questionnaire is the same (what are the critical processes, how long you can support an disruption of the process, in how much time you have to resume minimal and normal operations, etc.), but some questions may be adjusted accordingly each business unit (for example, a production unit may have specific questions about equipment, while research and development should add more questions related to information protection). You also should note that answers will be different from one department to another.

This article will provide you further explanation about BIA and risk assessment:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis//
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

These materials will also help you regarding BIA and risk assessment:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 31, 2017

Mar 31, 2017

Suggested Topics

Guest user Created:   May 20, 2020 ISO 27001 & 22301
Replies: 1
0 0

Business impact analysis

Guest user Created:   Apr 17, 2019 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment and BIA

Guest user Created:   Mar 13, 2019 ISO 27001 & 22301
Replies: 2
0 0

BIA and risk analysis