Scribd
Upload
2K views4 pages

ISO 22301 - Business Continuity Management Systems - The Business Impact Analysis (BIA)

The document summarizes key aspects of a Business Impact Analysis as outlined in ISO 22301 for Business Continuity Management Systems. It describes the prioritization of critical activities, defines types of impacts like financial and reputational, and establishes timeframes like Maximum Tolerable Period of Disruption, Recovery Time Objective, Minimum Business Continuity Objective, and Recovery Point Objective to measure impacts and recovery from disruptions. The document also references ISO/TS 22317 for more guidelines on conducting a Business Impact Analysis.

Uploaded by

Mohammed Osman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views4 pages

ISO 22301 - Business Continuity Management Systems - The Business Impact Analysis (BIA)

The document summarizes key aspects of a Business Impact Analysis as outlined in ISO 22301 for Business Continuity Management Systems. It describes the prioritization of critical activities, defines types of impacts like financial and reputational, and establishes timeframes like Maximum Tolerable Period of Disruption, Recovery Time Objective, Minimum Business Continuity Objective, and Recovery Point Objective to measure impacts and recovery from disruptions. The document also references ISO/TS 22317 for more guidelines on conducting a Business Impact Analysis.

Uploaded by

Mohammed Osman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Business Impact Analysis (BIA) Overview: Presents an introduction to Business Impact Analysis (BIA) within the framework of ISO 22301, highlighting its importance in continuity management.

ISO 22301 - Business Continuity Management Systems

- The Business Impact Analysis (BIA) -

BIA – should offer a good understanding of activities that require urgent action if
disrupted because failure to resume them quickly will have an unacceptable impact.

Prioritized (key, critical, vital) activities


ISO 22301 - Business Continuity Management Systems
- The Business Impact Analysis (BIA) -

Type of impact Details


Financial impact How much money is the company losing
Reputational impact Embarrassment for the company, brand
damage or a negative opinion towards the
organization
Legal and regulatory From fines up to withdrawal of license to trade
impact
Contractual impact Breach of contractual obligations and
associated consequences
Business objectives Failure to achieve objectives

Each organization defines what “unacceptable impact” means


ISO 22301 - Business Continuity Management Systems
- The Business Impact Analysis -

Maximum Tolerable Period of Disruption = timeframe within


MTPD which the impact of not resuming an activity would become
unacceptable

RTO Recovery Time Objective = timeframe for resuming prioritized


activities

MBCO Minimum Business Continuity Objective = minimum level of


product or service that is acceptable to the organization
ISO 22301 - Business Continuity Management Systems
- The Business Impact Analysis -

RPO Recovery Point Objective = maximum amount of data that the


company affords to lose

ISO/TS 22317 – Guidelines for Business Impact Analysis

You might also like