TABLE OF CONTENTS In Chapter 30, you learned about risk management and the process for assessing risks. In this chapter, we turn our attention to the process of business impact analysis. Risk assessment looks at the various threats your company faces; business impact analysis looks at the critical business functions and the impact of not having those functions available to the firm. These two assessments look at the company from two different angles. The risk assessment starts from the threat side, and the business impact analysis starts from the business process side. When you're managing general business risk, you might actually start with the business impact analysis. However, in planning for business continuity as an outgrowth of disaster recovery, it makes more sense to understand the full picture regarding risks and threats and then look at business impact. However, if you have a methodology you use that starts with business impact analysis, that's fine. Both outputs from the risk assessment and the business impact analysis phases are used as input to the mitigation strategy development. As long as you have those ready before you start the mitigation phase you should be all set. Figure 31.1 depicts where we are in the planning process thus far.
You can see, in Figure 31.2, that we'll be focusing on the third and final segment of the risk assessment phase introduced in Chapter 30 (refer to Figure 30.2 in Chapter 30 for the full diagram). In this chapter, we're...
