Guest
Is the risk assessment done before the BIA?
In your experience is the risk assessment done before the BIA or after? Is it important which is done first?
Assign topic to the user
Expert
Dejan Kosutic
Jan 03, 2017
Answer: ISO 22301 (and most of other business continuity methodologies) allow you to do it either way, and the truth is - I don't think there is a huge difference. My personal preference is to do the risk assessment first, because then you'll have a better impression of which incidents can happen while doing your business impact analysis.
You'll learn more here: Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
Comment as guest or Sign in
Jan 02, 2017
Jan 02, 2017
Jan 02, 2017