Cyber Security

BIA (Business Impact Analysis)

A Business impact analysis (BIA) differentiates critical (urgent) and non-critical (non-urgent) organization functions/activities. A function may be considered critical if dictated by law.

For each function, two values are assigned:

  • Recovery Point Objective (RPO) – the acceptable latency of data that will not be recovered. For example, is it acceptable for the company to lose 2 days of data? The recovery point objective must ensure that the maximum tolerable data loss for each activity is not exceeded.
  • Recovery Time Objective (RTO) – the acceptable amount of time to restore the function.
Related Articles