PRO+ Premium Content/E-Handbooks

It's hard to put together a valid business continuity plan until you know what capabilities are at risk and what the impact would be from losing those capabilities. Here's how you conduct a business impact analysis.

A business impact analysis identifies the impact of disasters on business operations, financial performance, reputation, employees, supply chains and support networks. The analysis should include potential financial loss and time required to recover from each type of disaster. After conducting the analysis, you can identify threats to your critical business operations and the likelihood each of those events will occur. When you've identified and analyzed your risks, you can come up with IT risk assessment strategies to address them.

IT risk assessment and business impact analysis requires knowledge of standards from the International Organization of Standards (ISO) and National Institute of Standards and Technology (NIST). These standards provide understanding of risk management principles, and guidance on using risk management techniques.

In this guide, you'll learn how to create and update risk analyses and risk assessments, how to develop an effective IT risk assessment analysis in a few, easy-to-follow steps and how risk analysis aids the disaster recovery planning process.