BIA ISO 22301

Please note that when performing BIA your focus is on the impact of interruption, considering the worst-case scenario, not on what can cause it.

Considering that, you should perform a BIA considering the interruption of customer service at all service points. During this BIA, you can organize the required resources for recovery according to each individual service point for better understanding of individual needs.

The identification of which risks can cause the interruption is used in another phase of the process (risk assessment, which should not be mixed with BIA), when you define controls to treat relevant risks (e.g., firefighting system, antimalware software, information backup, alternative providers, etc.)

These articles will provide you a further explanation about performing BIA:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/ 

These materials will also help you regarding BIA:
- Implementing Business Impact Analysis according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/