Who uses ISO 22317
If an organization performs dozens of BIAs annually, it may be worthwhile to buy the standard and use it to help identify ways to improve the BIA process. The ISO offers the 27-page standard for purchase on its website and it is available in hard copy and downloadable versions. ISO publications are subject to a customer license agreement. ISO 22317 is intended for use by employees responsible for the BIA process.
If an organization is subject to regular audits, it may be important to demonstrate that BIAs are conducted in compliance with a global standard. This is also important if an organization has adopted ISO 22301 as its BCMS standard.
If an organization conducts only a few BIAs during the year, it's advisable to maintain the current process, if possible.
The ISO states that the standard is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors.
Sections of the BIA standard
ISO 22317 sets the stage for a business impact analysis by identifying how BIAs fit into an overall business continuity program or BCMS. The first major section in the BIA standard, "Prerequisites," underscores the importance of senior management support for the BIA process and offers direction for setting the BIA scope, content, participants, resources and objectives.
The next major section, "Performing the business impact analysis," breaks down the BIA process into its component parts and activities, which include project planning and management, product and service prioritization, process prioritization, activity prioritization, analysis and consolidation, and obtaining top management endorsement of BIA results.
The final primary section of ISO 22317, "BIA process monitoring and review," underscores the importance of BIAs in the overall BCMS, their relevance to the business, the need to integrate BIA concepts with business activities, and the importance of periodic BIA reviews and updates.