ISO has published an updated version of ISO/TS 22317, ‘Security and resilience - Business continuity management systems - Guidelines for business impact analysis’. The new ISO/TS 22317:2021 replaces ISO/TS 22317:2015, which has now been withdrawn.
ISO/TS 22317:2021 gives guidelines for an organization to implement and maintain a formal and documented business impact analysis (BIA) process appropriate to its needs. It does not prescribe a uniform process for performing a BIA.
According to ISO/TS 22317:2021 the key differences in the updated version are:
- The document has been updated to align with ISO 22301:2019;
- The document structure has been updated to improve the description of the business impact analysis process;
- More focus has been placed on the BIA process and less on the business continuity programme;
- BIA and the BIA process have been clearly differentiated;
- BIA process roles have been consolidated to BIA leader and activity owners;
- The section ‘Initial BIA considerations’ has been removed and the guidance redistributed;
- The section ‘Strategy selection’ has been removed as it is part of ISO/TS 22331;
- The annex on terminology has been removed;
- The annex on BIA information collection methods has been enhanced;
- A new annex with examples for performing a BIA has been included.