ISO/TS 22317 (International Organization for Standardization Technical Standard 22317)
What is ISO/TS 22317?
ISO/TS 22317 is the first formal standard to address the business impact analysis process. It sets out the principles of the business impact analysis and offers guidance for organizations of all sizes to implement and maintain a BIA process.
It was created by the International Organization for Standardization (ISO). The most recent edition of the standard is ISO/TS 22317:2021.
Who uses ISO/TS 22317?
If an organization performs dozens of BIAs annually, it might be worthwhile to buy the standard and use it to help identify ways to improve the BIA process. ISO offers the 36-page standard for purchase on its website. It is available in hard copy and downloadable versions. ISO publications are subject to a customer license agreement. ISO/TS 22317 is intended for use by employees responsible for the BIA process.
If an organization is subject to regular audits, it might be important to demonstrate that BIAs are conducted in compliance with a global standard. This is also important if an organization has adopted ISO 22301 as its business continuity management system (BCMS) standard. If an organization conducts only a few BIAs during the year, it's advisable to maintain the current process.
ISO states that the standard is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors.
Sections of the BIA standard
ISO/TS 22317 sets the stage for a business impact analysis by identifying how BIAs fit into an overall business continuity plan or BCMS.
The first major section in the BIA standard, "Prerequisites," underscores the importance of senior management support for the BIA process and offers direction for setting the BIA scope, content, participants, resources and objectives.
The next major section, "The BIA Process," breaks down the process into its component parts and activities, which include project planning and management, product and service prioritization, process prioritization, activity prioritization, analysis and consolidation, and obtaining top management endorsement of BIA results.
The final primary section of ISO/TS 22317, "Review BIA," underscores the importance of reviewing the results of the BIA, as well as the overall process and method for conducting BIAs at the organization. Additional annexes in the standard discuss information collection methods, other uses for the BIA process and examples of BIAs organizations might perform.