>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

BC-05Business Impact Analysis

>Control Description

Organization identifies the business impact of relevant threats to assets, infrastructure, and resources that support critical business functions. Recovery objectives are established for critical business functions.

Theme

Process

Type

Corrective

Policy/Standard

Business Continuity Policy

>Implementation Guidance

1. Design and document a process for conducting Business Impact Analysis to determine the criticality of business activities and associated resource requirements. 2. Ensure that BIA is conducted for all processes and assets to identify criticality. 3. Ensure that recovery objectives are established for critical processes.

>Testing Procedure

1. Inspect and validate whether a documented process exists for conducting Business Impact Analysis. 2. Inspect Business Impact Analysis to determine whether the threats to assets, infrastructure, and resources are identified and the recovery objectives are established.

>Audit Artifacts

E-BC-01
E-BC-02

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
2

ID.BE-5
PR.IP-9

ISO 27002:2022
1

5.29

FedRAMP Rev 5
3

CP-09
CP-02 (08)
CP-07 (03)

PCI DSS
1

10.7.3

HIPAA Security Rule
1

164.308(a)(7)(ii)(E)

SOC 2
1

CC7.5

BSI C5
4

BCM-02
BCM-03
BCM-04
OPS-08

TX-RAMP
1

CP-9

Ask AI

Configure your API key to use AI features.