ISO/TS 22317:2015 Societal security - Business continuity managment systems - Guidelines for business impact analysis

This Technical Specification for business continuity management systems provides guidelines (based on good international practice) for performing a business impact analysis (BIA), which is a requirement of ISO 22301 (clause 8.2). It provides guidance for establishing, implementing and maintaining a formal and documented process for business impact analysis. It is applicable to all organizations, regardless of type, location, size and nature of the organization.

This business impact analysis standard provides a framework for determining continuity and recovery priorities, objectives and targets.

The purpose of the business impact analysis process is to analyze the consequences of a disruptive incident on the organization. The outcome is a statement and justification of business continuity requirements.

Organizations implementing ISO 22317 will reach the following benefits:

Endorsement or modification of the organization's BC programme scope;
Identification of legal, regulatory, and contractual requirements (obligations) and their effect on business continuity requirements;
Evaluation of impacts on the organization over time, which serves as the justification for business continuity requirements (time and capability);
Identification and confirmation of product/service delivery requirements following a disruptive incident, which then sets the prioritized timeframes for activities and resources;
Identification of, and establishment of, the relationships between products/services, processes, activities, and resources;
Determination of the resources needed to perform prioritized activities (e.g. facilities; people; equipment; information, communication and technology assets; supplies; and financing);
Understanding of the dependencies on other activities, supply chains, partners, and other interested parties; and
Determination of how up to date the information needs to be.

Brian Zawada (USA), the project leader responsible for writing ISO 22317, explains:

“This new technical specification summarizes the guidance necessary to identify appropriate business continuity requirements as part of a broader business continuity management system or program. Many organizations struggle with identifying when, and to what extent, activities and resources need to be available following a disruptive event. The ISO 22317 project team feels strongly that this new technical specification will help organizations identify business continuity requirements leading to the implementation of appropriate business continuity strategies.”

ISO/TS 22317:2015, Societal security - Business continuity management systems - Guidelines for business impact analysis (BIA), will within short be available from ISO national member institutes (see the complete list with contact details). It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.

Upcoming events

28 Feb, Zoom
Working Group 1

5 March, Zoom
Communication Group meeting

[tbd], 2024
11th ISO/TC 292 plenary meeting

Topics

Authenticity, integrity and trust for products and documents
Business continuity management
Community resilience
Crisis management
Emergency management
Event management
Organizational resilience
Protective security
Supply chain security
Terminology

This website has been developed by Swedish Civil Contingencies Agency in collaboration with ISO and Swedish Institute for Standards responsible for the ISO/TC 292 secretariat

An overview of ISO/TC 292 can also be found at the ISO webpage.

ISO

SIS