Documentation - BIA
During a business impact analysis (BIA), the relevant information systems of the organization are mapped. The way a system is important for the organization is determined for each system. Discuss the impact on the organization in the event of a problem with the availability, integrity and/or confidentiality of the system and the information stored therein.
The system owner is the best person to determine the classification of the information stored in a system. This requires that an owner is designated for each information system.
In the ideal situation, the BIA is done outside the risk analysis and the organization already has an overview of all information systems and in what way they are important for the organization. This step is then no more than copying the required information from the central information system overview. Unfortunately, reality often shows otherwise.
In this step you do not have to limit yourself to the information systems that fall within the scope of an initial risk analysis. Preferably, enter all information systems that may fall within the scope of a future risk analysis. Choosing the scope of a risk analysis is done in a different step.