Risk AssessmentBusiness and IT Impact Analysis Questionnaire


BIA compliant with ISO 27000 Series, Sarbanes Oxley,
PCI-DSS, and HIPAA

The role of IT in many organizations has evolved from supporting the business to enabling the business - a shift that requires IT to transition from being mostly tactical and cost focused to being an enabler of the overall strategy and value focused. IT organizations that have successfully made this change have done so by among other things transitioning their culture from a reactive operationally focused caretaker of assets to a proactive strategically focused enabler of business value. This culture of performance and value ensures that IT’s human capital is aligned with the strategic goals and motivated to execute. Cultural change is typically a messy and lengthy process, but it must and can be done.

Order Risk AssessmentChange History BIASample BIA Risk Assessment

Understanding how your business works -- which processes must interlock and be continuously available to sell, produce and support your clients -- is the foremost goal of a business impact analysis.

The Risk Assessment - Business and IT Impact Analysis Questionnaire identifies:

  • The most critical business processes across your entire enterprise
  • The maximum outage that a business process can sustain before it severely impacts the well-being of your company
  • The financial, productivity and personal impacts of an extended business disruption
  • An assessment of short-term business impacts and permanent business losses
  • The priority of business process recovery
  • The most vital records to protect and their required vintage for your business operations to resume successfully
  • Diverse tactics to balance recovery costs with different risk thresholds.

This Business and IT Impact Analysis Questionnaire has been designed by one of Industry's most experienced application assessment consultants.  This Questionnaire has been used in over 500 assessment, DRP and business impact projects in the past four years.  Included is a Risk Ranking definition.  The Word version of the questionnaire is automated with check boxes that can be updated in Word.

The Questionnaire (Form) is a 23 pages in length and contains the following:

  • Facilities / Business Function / Application
  • Sarbanes-Oxley Compliance
  • ISO 27000 series (formerly) 17799 Compliance
  • HIPAA Compliance
  • COBIT Compliance
  • PCI-DSS Compliance
  • US State mandated Compliance (New York, California, and Massachusetts)
  • System of Internal Controls
  • User Environment
  • Processing Environment
  • Historical Information
  • Operating Environment
  • Criticality of Application
  • Database / File Name
  • Documentation
  • Security
  • Application Support and Maintenance
  • Resource Usage
  • Hardware Requirements by Department
  • Backups

Order Risk AssessmentChange History BIASample BIA Risk Assessment