Assign topic to the user
From your question I’m understanding that in your scenario you have a specific business unit responsible for information security in the organization, and that you performed a BIA for each department in the organization.
Considering that, please note that a BIA will give you information about impact on business continuity specifically for the scope where it is applied (i.e., the BIA for a department will give you information about that specific department only).
So, to have information about business continuity impact on the information security department, you need to perform a BIA on this department. The BIA in each department needs to be performed using the same methodology, i.e. the same set of rules so that the results are comparable.
These articles will provide you a further explanation about performing BIA:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/
These materials will also help you regarding BIA:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/27001academy/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Implementing Business Impact Analysis according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar-on-demand/
Comment as guest or Sign in
May 06, 2022