BIA – Business Impact Analysis – is fundamental not only to progress with ISO 27002 (ISO 17799), but for sound information security as well. Recognizing the potential impact of security threats is so often essential in actually dealing with the threats themselves.
To assist with this, The ISO 27000 Toolkit includes a leading BIA questionnaire. Again, this is more than just a questionnaire, however… it is color coded to allow easier identification of which impact groups are significant, and consequently, which require further assessment in terms of risk analysis.
This valuable item not only forms a framework for the business impact analysis exercise itself, but can save many hours of brainstorming effort.