Expert Advice Community

Guest

BIA or RA

  Quote
Guest
Guest user Created:   May 18, 2021 Last commented:   May 18, 2021

BIA or RA

Thank you Dejan for addressing my question during this webinar.

My confusion is which one comes first BIA or RA. Also, how can the results of the RA be used in the BIA?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 18, 2021

Actually, there is no definitive order to perform Risk Assessment (RA) and Business Impact Analysis (BIA), and the choice for one or another will depend on your expectations:

  • By doing BIA first you will have a prioritized list of processes and services that can impact the most of your business in case of disruptive incidents, then you can go to assess the most relevant risks for the most critical processes and services.
  • By doing risk assessment first you will have a prioritized list of risks your organization is most exposed to, i.e., the most potential disruptive incidents, then you can go to assess the impact on business regarding the processes and services affected by those risks.

Particularly, we prefer to do a risk assessment first, because this way you will have a better impression of which incidents can happen (which risks you’re exposed to), and therefore be better prepared for doing the business impact analysis (which focuses on consequences of those incidents).

For rating critical services considering the results of a risk assessment, you can consider the value of the risks, or the number of risks, associated with a specific service. For example, you can have a service with two high risks associated with it and other with ten medium risks associated with it. Considering your context, in terms of risks maybe the second service is more critical.

These articles will provide you a further explanation about risk assessment and BIA:

These materials will also help you regarding risk assessment and BIA:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 18, 2021

May 18, 2021

Suggested Topics

Guest user Created:   Jul 20, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about BIA form

Bills Created:   May 25, 2021 ISO 27001 & 22301
Replies: 3
0 0

BIA and Risk Assessement