Expert Advice Community

Guest

multi location vs BIA and RA performing

  Quote
Guest
Ernst Created:   Jun 10, 2021 Last commented:   Jun 14, 2021

multi location vs BIA and RA performing

Hi, I would like to perform a BIA analysis based on the Advisera form. I have read your article - How to define activities when implementing business continuity according to ISO 22301. He's great and translates a lot. However, I have a problem with the approach to analysis in my case.

The company has a department which comprises 40 locations. They carry out the same activities but independently. An average of 100-150 people in one location.

1. Should I analyze the entire department at once and sum up the effects of losses (qualitative and financial) from all 40 locations?
2. Should I choose the largest location and analyze only one?
3. Or maybe I should complete 40 questionnaires?

I would like my approach to be in line with good business continuity practices.

How to conduct a risk analysis in this case? I understand that I need to analyze the risks for 40 locations?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 14, 2021

Hi, I would like to perform a BIA analysis based on the Advisera form. I have read your article - How to define activities when implementing business continuity according to ISO 22301. He's great and translates a lot.

However, I have a problem with the approach to analysis in my case.

The company has a department which comprises 40 locations. They carry out the same activities but independently. An average of 100-150 people in one location.

Should I analyze the entire department at once and sum up the effects of losses (qualitative and financial) from all 40 locations?
Should I choose the largest location and analyze only one?
Or maybe I should complete 40 questionnaires?
I would like my approach to be in line with good business continuity practices.

A good approach would be to group locations with similar characteristics (e.g., number of employees, geographic location, etc.) and use a single analysis, identifying in the questionnaire to which locations it is applied. In terms of resources, you need to specify the resources used by each location (using averaged data can lead to errors in resource estimation in the definition of business continuity plans).

For further information, see:

How to conduct a risk analysis in this case? I understand that I need to analyze the risks for 40 locations?

To perform risk analysis you can use the same approach for BIA, i.e., perform risk assessment over the groups you have identified.

This article will provide you a further explanation about risk assessment:

This material will also help you regarding risk assessment:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jun 10, 2021

Jun 14, 2021

Suggested Topics

Bills Created:   May 25, 2021 ISO 27001 & 22301
Replies: 3
0 0

BIA and Risk Assessement

Guest user Created:   May 18, 2021 ISO 27001 & 22301
Replies: 1
0 0

BIA or RA

Sam Created:   May 05, 2021 ISO 27001 & 22301
Replies: 1
0 0

BIA ISO 22301