RA and BIA in a single document
Assign topic to the user
Answer: I assume you are referring to place Risk Assessment and Business Impact Analysis in a single document. I would not recommend to place them in a single document for two reasons: the first, as you said, both may become large documents by themselves, making a single document unpractical to use; the second, and the most relevant reason, is that since they are used in different contexts, and for different purposes, documenting them togheter would mean that someone accessing one information (RA or BIA) would unnecessarily have access to the other, increasing risk of unauthorized information disclosure.
This article will provide you further explanation about risk assessment and business impact analysis:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/
These materials will also help you regarding :
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Comment as guest or Sign in
Nov 11, 2016