The latest business continuity news from around the world

An overview of ISO 22317, the business impact analysis Technical Specification

Jacque Rupert served on Technical Committee 292 and participated in the development effort of the new ISO 22317 Technical Specification. In this article she provides an outline of what’s in ISO 22317 and how it can be used.

The International Organization for Standardization (ISO) Technical Committee (TC) 292, the committee responsible for writing security, resilience, and business continuity standards, recently released ISO 22317 – Societal Security – Business Continuity Management Systems – Business Impact Analysis, the first and only international standard solely addressing the business impact analysis (BIA).

There are a few important points to understand before reading ISO 22317:

  • Over the past two years, participants from over a dozen countries contributed to the development of the ISO 22317 standard.
  • ISO 22317 is a Technical Specification, which means that it provides detailed technical content on how to implement a BIA process, but it is not auditable.  Said another way, organizations cannot certify their BIA to ISO 22317.  However, organizations can use ISO 22317 as guidance on how to effectively implement or mature a BIA process.
  • ISO 22317 complements (and does not contradict) ISO 22301 and ISO 22313 by building on the high-level content within these existing standards.  However, ISO 22317 can be used as a standalone document by organizations that do not use ISO 22301 or ISO 22313 content but seek guidance on how to perform the BIA process.

The value of ISO 22317

ISO 22317 defines a flexible BIA process that can be used by organizations, large or small, in any industry.

Specifically, ISO 22317:

  • Provides a new, enhanced BIA definition that is more clear with less jargon;
  • Offers a BIA value proposition for organizations struggling to gain buy-in;
  • Identifies the prerequisites that the organization should have in place before starting the BIA;
  • Outlines a detailed process for how to effectively perform the BIA;
  • Proposes the outcomes of the BIA (including outcomes of each step of the BIA);
  • Provides options for different information collecting methods, along with a pros and cons analysis of each method;
  • Describes other uses for which organizations may choose to use the BIA.

Altogether, ISO 22317 will help organizations effectively perform one of the most challenging elements of the business continuity life-cycle (the BIA) in a way that produces accurate and useful business continuity requirements, leading to focused, pragmatic strategy identification and plan development.

Obtain the Technical Specification.

The author

Jacque Rupert is a Managing Consultant with  Avalution Consulting.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.