Skip to content

Term of the Week: Business Impact Assessment (BIA)

What is it?

A systematic process by which an organization gathers information about its essential business functions and processes and evaluates the potential impact to the organization if those functions and processes were interrupted or otherwise adversely affected. Also referred to as a business impact analysis.

Why is it important?

This term is important because it helps organizations prioritize the allocation of time and resources to prevent, manage, and recover from incidents that affect critical business operations and assets. A business impact assessment also provides information to help create an incident response plan and a business continuity plan.

Why does a business professional need to know this?

Conducting a business impact assessment (BIA) can help you see how security and risk management relates to the critical functions and overall mission of your organization. Security must support those functions and that mission.

Implementing security controls and managing cybersecurity risks costs time, money, and resources. A business impact assessment helps business professionals balance priorities and apply resources where they can have the greatest effect.

A business impact assessment is critical to both the risk management program and the business continuity plan, which enable an organization to assess and manage risks to critical assets and functions and recover and continue business operations when those assets and functions are negatively affected.

Essential questions that must be answered as part of the BIA include the following:

  • What information systems and functions are critical to the mission of the organization?
  • What do those systems and functions depend on?
  • If those systems and functions are impaired or interrupted, how quickly must they resume before the organization incurs a significant loss or unacceptable business impact?

Business professionals must work with cybersecurity professionals to help identify security risks to the organization’s business operations and information systems. A business impact assessment can help prioritize efforts to mitigate the potential impact of those risks to the organization.

About William McBorrough

Photo of William McBorrough

William J. McBorrough is the co-founder of and CEO at MCGlobalTech, a Washington DC-based information security management consulting firm. For more than 19 years, Mr. McBorrough has demonstrated success as an administrator, engineer, architect, consultant, manager, and practice leader, developing cost-effective solutions to support the strategic and operational goals of client organizations in the areas of enterprise information security risk management, IT governance, security organization development and management, and government information assurance and compliance.

Term: Business Impact Assessment



Twitter: @infosec3t



Leave a Reply