ISO/TS 22317 - new Technical Specification for business impact analysis
ISO has published a Technical Specification addressing the design, implementation and continual improvement of a business impact analysis, as part of a business continuity management system or program. ISO/TS 22317 Societal security - Business continuity management systems - Guidelines for business impact analysis (BIA), will help public and private sector organizations, regardless of their size, location or activity, to become more resilient by establishing appropriate business continuity requirements.
Brian Zawada, the project leader responsible for writing ISO 22317, explains:
“This new technical specification summarizes the guidance necessary to identify appropriate business continuity requirements as part of a broader business continuity management system or program. Many organizations struggle with identifying when, and to what extent, activities and resources need to be available following a disruptive event. The ISO/TS 22317 project team feels strongly that this new technical specification will help organizations identify business continuity requirements leading to the implementation of appropriate business continuity strategies.”
The purpose of the business impact analysis process is to analyze the consequences of a disruptive incident on the organization. The outcome is a statement and justification of business continuity requirements.
Organizations implementing ISO/TS 22317 will reach the following benefits:
Endorsement or modification of the organization’s BC programme scope;
Identification of legal, regulatory, and contractual requirements (obligations) and their effect on business continuity requirements;
Evaluation of impacts on the organization over time, which serves as the justification for business continuity requirements (time and capability);
Identification and confirmation of product/service delivery requirements following a disruptive incident, which then sets the prioritized timeframes for activities and resources;
Identification of, and establishment of, the relationships between products/services, processes, activities, and resources;
Determination of the resources needed to perform prioritized activities (e.g. facilities; people; equipment; information, communication and technology assets; supplies; and financing);
Understanding of the dependencies on other activities, supply chains, partners, and other interested parties; and
Determination of how up to date the information needs to be.
Dr. Stefan Tangen, Convenor of the Communication Group of the ISO technical committee that developed the new standard, states:
“ISO/TS 22317 further expands our series of standards on Business Continuity Management. To conduct a business impact analysis is a requirement in clause 8 of ISO 22301 and this document will therefore become very valuable to organisations that are implementing BCMS"
ISO/TS 22317:2015, Societal security - Business continuity management systems - Guidelines for business impact analysis (BIA), is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, price 138 Swiss francs respectively through the ISO Store or by contacting the Marketing, Communication & Information department.