Hi, I would like to perform a BIA analysis based on the Advisera form. I have read your article - How to define activities when implementing business continuity according to ISO 22301. He's great and translates a lot. However, I have a problem with the approach to analysis in my case.
The company has a department which comprises 40 locations. They carry out the same activities but independently. An average of 100-150 people in one location.
1. Should I analyze the entire department at once and sum up the effects of losses (qualitative and financial) from all 40 locations?
2. Should I choose the largest location and analyze only one?
3. Or maybe I should complete 40 questionnaires?
I would like my approach to be in line with good business continuity practices.
How to conduct a risk analysis in this case? I understand that I need to analyze the risks for 40 locations?