Expert Advice Community

Guest

Which is first - BIA or risk assessment?

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Which is first - BIA or risk assessment?

I´ve got a question about the order between BIA and RIA, what is the correct order? In DRII is RIA process and then BIA but had read in others organization that is BIA first and then RIA.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

Guest
DejanK Jan 12, 2016

Answer: I assume that by "RIA" you refer to risk assessment. ISO 22301 is fine with both approaches - risk assessment first and BIA second, or the other way around.

My preference is to perform the risk assessment first because you will have a much better feeling about which incidents can happen (and therefore better assess the impact during BIA), but you can also use the list of assets you identified during your risk assessment as an input for BIA when you need to identify all the required resources.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics