ISO publishes a revised Technical Specification for business impact analysis (BIA)
ISO continues to develop its series on Business Continuity Management Systems with updated guidelines for implementing and maintaining a business impact analysis (BIA) process consistent with the requirements in ISO 22301:2019 Business Continuity Management Systems
Uxia Fernandez led the work on behalf of ISO/TC 292 Working Group 2 Continuity and organizational resilience.
"In my opinion, the BIA is the cornerstone of the business continuity management system, so it's worth spending time on defining the approach to be followed. To do so, I recommend using ISO/TS 22317:2021 as it describes a complete and straightforward BIA process, aligned with the requirements of ISO 22301:2019 and includes useful examples.
I would like to thank all the members of the project team for their involvement and effort throughout these months, sometimes attending meetings in very challenging time frames.
I hope the final document meets the expectations of the practitioners who use it!”
Fiona Raymond-Cox, an expert from the project team has commented:
“If there is any doubt how to perform a BIA, this will be the Technical Specification (TS) for you! It describes the 7 steps for implementing an effective process for planning and conducting a BIA, then reporting on the results. The Annex contains guidance on data collection methods, how that data may be used for other purposes – e.g. process improvements, identification of risk, etc., as well as three examples for performing a BIA. I recommend the TS as an invaluable tool for all business continuity practitioners”.
Read more about ISO TS 22317:2021
ISO/TS 22317:2021 Security and resilience – Business continuity management systems – Guidelines for business impact analysis, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.