Business Impact Analysis Flashcards
Define CBF
Business function that must be restored in the event of disruption.
It refers to the vital areas that are crucial to the survivability of organization.
Define BIA
Process of analyzing effect of interruptions to business operations or processes on business functions.
It identifies CBFs, qualify and/or quantify losses, determine tolerable downtime and minimum resources needed for recovery.
Define recovery time objective (RTO)
Maximum acceptable length of time that can elapse before the lack of business function severely impacts the organization.
Define recovery point objective (RPO)
Point in time which system and data must be recovered after a disaster.
Risk assessment vs business impact analysis
Risk assessment - identify risks and threats and recommend controls
BIA - identify CBF and evaluate impact of threats and exposures.
Reasons for conducting BIA
- provide business rationale
- present findings so management can provide directions for development of bcm
- communicate inherent vulnerabilities
- identify business processes and assets require highest level of protection
- provide info that identifies strategies and alternatives
- provide financial data to select appropriate levels of investment
- establish recovery objectives and timelines
Benefits of BIA
- improve organizational stability
- identify key personnel and lessen reliance on them
- protect assets and safety of employees and customers
- validate adequacy of insurance coverage
- provide orderly recovery of CBFs
- compliance with statutory requirements and lessen exposure to legal liabilities