rsk-08-businessimpactanalysisbia.md

SCF - RSK-08 - Business Impact Analysis (BIA)

Mechanisms exist to conduct a Business Impact Analysis (BIA) to identify and assess cybersecurity and data protection risks.

Mapped framework controls

GDPR

• Art 35.11
• Art 35.1
• Art 35.2
• Art 35.3
• Art 35.6
• Art 35.8
• Art 35.9
• Art 36.3

ISO 27002

• A.5.30

SOC 2

• CC3.2
• CC5.2
• PI1.1

Control questions

Does the organization conduct a Business Impact Analysis (BIA) to identify and assess cybersecurity and data protection risks?