24 lines
No EOL
1.8 KiB
Markdown
24 lines
No EOL
1.8 KiB
Markdown
# Business Impact Analysis (BIA)
|
||
|
||
Business Impact Analysis (BIA) is an activity within the proces of Business Continuity Planning ([BCP](../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)).
|
||
|
||
The goal of a Business Impact Analysis (BIA) process is
|
||
|
||
A Business Impact Analysis (BIA) examines the potential impacts of disruptions, such as financial losses, reputational damage, regulatory penalties, and operational continuity.
|
||
The outcomes help to prioritize business activities and resources to enable the resumption of product and service delivery after a (major) disruption[^1].
|
||
|
||
Guidelines and tooling:
|
||
- [Guidelines for business impact analysis ISO 22317](../Standards/ISO27x/about/ISO%2022317%20Guidelines%20for%20business%20impact%20analysis.md)
|
||
- [Assessing reputational risks](../Various/Assessing%20reputational%20risks.md)
|
||
- [BIA Workshop](../Standards/ISO27x/Implementation%20Products/BIA%20Workshop.md)
|
||
- [TLP impact matrix](Data%20classification/Traffic%20Light%20Protocol%20TLP.md)
|
||
- Afhankelijkheid tussen systemen/voorzieningen?
|
||
- Resource Breakdown Structure (RBS)
|
||
- Fishbone Diagram (Ishikawa/Cause and Effect): Useful for identifying root causes of dependencies and resource constraints in processes.
|
||
|
||
ISO 27001 Controls:
|
||
- [5.29:](../MoCs/ISO_27002_2022_5.29_MoC%20Information%20security%20during%20disruption.md) Information security during disruption
|
||
- [5.30:](../Information%20Security/ICT%20readiness%20for%20business%20continuity.md) ICT readiness for business continuity
|
||
- [5.9:](../MoCs/ISO_27002_2022_5.9_MoC%20Inventory%20of%20information%20and%20other%20associated%20assets.md) Inventory of information and other associated assets – regarding assets marked Critical on the Availability aspect
|
||
|
||
[^1]: See [Disaster Recovery Planning](Disaster%20Recovery%20Planning.md) |