SA TS ISO 22317:2017

Technical Specification

UPDATE AVAILABLE

[Superseded]

Societal security — Business continuity management systems — Guidelines for business impact analysis (BIA)

Adopts ISO/TS 22317:2015 which provides guidance for an organization to establish, implement, and maintain a formal and documented business impact analysis (BIA) process. This Technical Specification does not prescribe a uniform process for performing a BIA, but will assist an organization to design a BIA process that is appropriate to its needs.

Published: 25/09/2017

Pages: 27

Table of contents

Cited references

Content history

Table of contents

Header

About this publication

Preface

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Prerequisites

4.1 General

4.2 BC programme context and scope

4.2.1 BC programme context

4.2.2 Scope of the BC programme

4.3 BC programme roles

4.3.1 BC programme roles and responsibilities

4.3.2 BIA process-specific roles and competencies

4.4 BC programme commitment

4.5 BC programme resources

5 Performing the business impact analysis

5.1 General

5.2 Project planning and management

5.2.1 General

5.2.2 Initial BIA considerations

5.3 Product and service prioritization

5.3.1 Overview

5.3.2 Inputs

5.3.3 Outcomes

5.4 Process prioritization

5.4.1 General

5.4.2 Inputs

5.4.3 Outcomes

5.5 Activity prioritization

5.5.1 Overview

5.5.2 Inputs

5.5.3 Information collection

5.5.3.1 Activity detail

5.5.3.2 Resource requirements

5.5.3.3 Interdependencies

5.5.4 Outcomes

5.6 Analysis and consolidation

5.6.1 Overview

5.6.2 Inputs

5.6.3 Methods

5.6.4 Outcomes

5.7 Obtain top management endorsement of BIA results

5.7.1 General

5.7.2 Inputs

5.7.3 Methods

5.7.4 Outcomes

5.8 After the BIA — Business continuity strategy selection

6 BIA process monitoring and review

Annex A

Annex B

B.1 Business impact analysis terminology mapping

Annex C

C.1 Business impact analysis information collecting methods

C.2 Documentation review

C.3 Interview

C.4 Survey/Questionnaire

C.5 Workshops

C.6 Scenario-based exercise

Annex D

D.1 The collection of information useful for plan development and incident response

D.2 Increasing the efficiency of the organization

D.3 To explore alternative strategic planning options

D.4 To assist with longer term strategy decision-making

D.5 Project BIA

D.6 Business impact analysis as a risk analysis

Bibliography

Cited references in this standard

Content history

SA TS ISO 22317:2022

[Current]

ISO/TS 22317:2015

[Superseded]

DR SA TS ISO 22317:2017