URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

Events

About Us

About URM

Overview

URM Core Values

Certifications

CSR

Testimonials

Partners

Our Partners

Become Partner

Subscribe to our mailing list

Consultancy

Information Security

ISO 27001 SOC 2 PCI DSS GC RTS SWIFT CSP NIST CMMC

Business Continuity

ISO 22301 Business Impact Analysis Plans Exercising

Data
Protection

GDPR Virtual DPO DSAR Redaction

Internal
Audit

Outsourced service Audit schedules Third party audit

Other
Standards ISO 42001

Cyber

Penetration Testing Infrastructure Web App and API Cloud Mobile App Business-Led

Cyber Essentials

Cyber Essentials Cyber Essentials Plus CE Assessment Cyber Advisor CE Certified via URM

Vulnerability Scanning

Vulnerability Scanning ASV Scanning

Social
Engineering

Social
engineering

Cyber Incident

cyber
Incident Exercising

Products

Abriska 27001 Information Security Risk Management FAQ

Abriska 27036 Supplier
Risk Management FAQ

Abriska 31000 Enterprise Risk Management FAQ

Abriska 19011 Audit
and Action Management FAQ

Abriska 22301 Business Continuity Management FAQ

Alurna
‍ONLINE Awareness Training FAQ PRICING

Training

Information
Security CISMP introduction to
ISO 27001 Migration to
ISO 27001:2022 transition to
ISO 27001:2022

Data Protection
and GDPR CDP DPIA DSAR DTIA

Risk
Management PCIRM

Other Standards introduction to ISO 42001

Schedule
‍Upcoming
Courses

Resources

About

About Overview URM’s Core Values Brief history certifications

Testimonials consultancy Cyber products Training

Partners Our Partners Become partner

Contact Contact URM Terms of business Privacy Policy Cookie Policy

Abriska 22301

Frequently Asked Questions

What is the purpose of a business impact analysis (BIA)
and risk assessment from a business continuity perspective?

ISO 22301, the International Standard for Business Continuity Management, aptly defines business continuity as the “capability of an organisation to continue the delivery of products and services within acceptable timeframes at pre-defined capacity during a disruption”. A critical component in fulfilling this capability and developing a sound business continuity management system (BCMS) is conducting a business impact analysis (BIA) and a risk assessment.

With a BIA, the organisation is seeking to identify the priorities for recovering disrupted activities (business processes) in terms of timescale, level of activity and required resources. The central concept of BIA is that recovery priorities should be based on the impact that would be sustained in the event of a business disruption.

With a risk assessment, the organisation is seeking to identify events that could cause a business disruption and then determine which of these are unacceptable and, therefore, areas where further treatment is required. These treatments include improving business continuity (BC) capabilities as well as other risk reduction measures, for example an IT risk could be reduced by implementing further redundancies within your own infrastructure or migrating to a Cloud IT infrastructure. The process should consider your organisation’s risk appetite, the basis of risk evaluation and acceptance decisions.

The outputs from the BIA and risk assessment provide the foundation for the development of response strategies and the BC plans designed to deliver the optimal resumption of activities.

What are the BIA and risk assessment requirements
of ISO 22301?

In addition to the existence of a BIA and risk assessment process, ISO 22301 specifically requires that:

The determination of risks requiring treatment is based upon their analysis and evaluation
The BIA includes a determination of the:
– ‘Maximum tolerable period of disruption’ (MTPD) for each activity
– ‘Prioritised timeframe’ for resuming disrupted activities
– Specified ‘minimum capacity’ of resumed activities
– Required resources for each activity and their interdependencies.

What role can business continuity BIA
and risk assessment software play?

BIA and risk assessment software can support the organisation by automating some of the processes involved in:

Identifying the organisation’s key products and services, critical activities and required resources interrelated areas, processes and resources. Specialist software will help replace multiple spreadsheets and supporting documents and can aggregate information from multiple sources
Identifying, analysing and evaluating the risks which could either cause a disruption or could affect the recovery of the organisation.

As such, specialist software can help you better understand what is critical to your business and to treat identifiable risks to improve your business continuity response.

‍

Download Abriska 22301 Product Sheet

We have been using Abriska to support us in carrying out the risk assessment that underpins our ISO27001 certification for some years now. It helps us to easily group and organise our assets, identify threats and vulnerabilities and determine justifiable risk scores. It centralises all of our risk assessment documentation and offers a range of useful extracts such as a statement of applicability and risk register that take much of the work out of the risk assessment process and allow us to focus on remediation.

Frontier Economics

Economic Consultancy