ISO/TS 22317:2021
Security and resilience — Business continuity management systems — Guidelines for business impact analysis
This document gives guidelines for an organization to implement and maintain a formal and documented business impact analysis (BIA) process appropriate to its needs. It does not prescribe a uniform process for performing a BIA.
This document is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors. The guidance can be adapted to the needs, objectives, resources and constraints of the organization.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$343.00 NZD
|
|
| HardCopy |
$389.00 NZD
|
|
| Networkable PDF |
Price varies
|
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Prerequisites
4.1 General
4.2 Context and scope
4.2.1 Context
4.2.2 Scope
4.3 Roles and responsibilities
4.3.1 General
4.3.2 BIA leader
4.3.3 Activity owners
4.4 Commitment
5 The BIA process
5.1 Fundamentals
5.2 Plan BIA
5.3 Agree approach for undertaking BIA process
5.3.1 Understand impacts
5.3.2 Define impact types and criteria
5.3.3 Define time frames
5.3.4 Define methodology
5.4 Determine products and services’ priorities with top management
5.4.1 Overview
5.4.2 Inputs
5.4.3 Product and service priority determination
5.4.4 Outcomes
5.5 Determine the prioritized activities
5.5.1 Overview
5.5.2 Inputs
5.5.3 Identify activities
5.5.4 Set RTO for the activities
5.5.5 Define the prioritized activities
5.5.6 Results
5.6 Identify resources and other dependencies
5.6.1 Identify resource and other dependency requirements
5.6.2 Resource requirements
5.7 Analyse and consolidate BIA results
5.8 Obtain top management approval for BIA results
6 Review BIA
6.1 Review BIA process and methodology
6.2 Review BIA results
Annex A (informative) BIA within the BCMS of ISO 22301:2019
Annex B (informative) BIA information collection methods
Annex C (informative) Other uses for the BIA process
Annex D (informative) Examples for performing a BIA
Bibliography
Previous versions
Keep me up-to-date
Sign up to receive updates when there are changes to this standard
Related Information
Similar Standards
-
AS/NZS 5050(Int):2020
Managing disruption-related risk -
AS/NZS IEC 31010:2020
Risk management - Risk assessment techniques -
AS/NZS IEC 31010:2020 A1
Risk management - Risk assessment techniques
-
AS/NZS IEC 62198:2015
Managing risk in projects - Application guidelines
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Prerequisites
4.1 General
4.2 Context and scope
4.2.1 Context
4.2.2 Scope
4.3 Roles and responsibilities
4.3.1 General
4.3.2 BIA leader
4.3.3 Activity owners
4.4 Commitment
5 The BIA process
5.1 Fundamentals
5.2 Plan BIA
5.3 Agree approach for undertaking BIA process
5.3.1 Understand impacts
5.3.2 Define impact types and criteria
5.3.3 Define time frames
5.3.4 Define methodology
5.4 Determine products and services’ priorities with top management
5.4.1 Overview
5.4.2 Inputs
5.4.3 Product and service priority determination
5.4.4 Outcomes
5.5 Determine the prioritized activities
5.5.1 Overview
5.5.2 Inputs
5.5.3 Identify activities
5.5.4 Set RTO for the activities
5.5.5 Define the prioritized activities
5.5.6 Results
5.6 Identify resources and other dependencies
5.6.1 Identify resource and other dependency requirements
5.6.2 Resource requirements
5.7 Analyse and consolidate BIA results
5.8 Obtain top management approval for BIA results
6 Review BIA
6.1 Review BIA process and methodology
6.2 Review BIA results
Annex A (informative) BIA within the BCMS of ISO 22301:2019
Annex B (informative) BIA information collection methods
Annex C (informative) Other uses for the BIA process
Annex D (informative) Examples for performing a BIA
Bibliography