Good afternoon. Trust you are good. I want to pick your quick thought on some business continuity matters.
In the BIA process for every department, does this represent the BIA for the information security department?
From your question I’m understanding that in your scenario you have a specific business unit responsible for information security in the organization, and that you performed a BIA for each department in the organization.
Considering that, please note that a BIA will give you information about impact on business continuity specifically for the scope where it is applied (i.e., the BIA for a department will give you information about that specific department only).
So, to have information about business continuity impact on the information security department, you need to perform a BIA on this department. The BIA in each department needs to be performed using the same methodology, i.e. the same set of rules so that the results are comparable.