Guest user Created: Aug 17, 2017 Last commented: Aug 17, 2017

Risk assessment and business analysis impact

In your template for BIA methodology you say “Business impact analysis is performed after the risk assessment has finished, so that the information about required resources can be gathered during risk assessment.” I have always done the BIA first and then risk assessment against the assets identified in the critical activities. Does sequence matter, either one can be done anytime?&quest;

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 17, 2017

Answer: Risk Assessment and Business Impact Analysis can be performed in any sequence, and ISO 22301 allow both approaches. We recommend performing the risk assessment first because this way you will have a better impression of which incidents can happen, which will make easier to focus on the most impacting ones during the Business Impact Analysis.

This article will provide you further explanation about risk assessment and business analysis impact:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

This material will also help you regarding risk assessment and business ana lysis impact:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 17, 2017

Expert Advice Community