A business impact analysis is an integral part of any Risk Assessment activity, the impact levels for the assessment parameters of Confidentiality, Integrity and Availability are determined based on an analysis of the responses received from a Business Impact Analysis Questionnaire.

Business Impact Analysis (BIA) is a vital step towards understanding the risk posture that a potential threat and vulnerability impacts the confidentiality, integrity and availability of specific information assets. BIA involves a series of meetings with various asset owners and administrators to discuss understand and evaluate security risks. During such meetings various questions and discussion takes place and the various attendees will be involved in rating asset criticality. The end product is a detailed report that identifies the risk impact on the organization legal, business or availability.

A Business Impact Analysis (BIA) questionnaire is administered to gather the required information with respect to the financial impact to the client in the case of compromise to the security of the systems under review.

During this phase, ratings are assigned to impact parameters that would have an impact on the business of the organization based on the responses received from the business owners.

The end product is a report that clearly identifies the impact of threats and vulnerabilities for the assets under assessment.