Training Module
Training Module

Business Impact Analysis (BIA) & Critical Activities

Understand ISO 22301-aligned business impact analysis, critical activity identification, and time-based recovery requirements

Understand

Implement

Manage

Audit

Training module overview

Many organisations treat BIA as a spreadsheet exercise: inconsistent criteria, unclear definitions of “critical”, and outputs that don’t translate into design choices or audit-ready justification. The result is friction between business and IT, continuity strategies that are disconnected from real impacts, and plans that are hard to maintain or defend.

This full-day ISO 22301 specialisation module focuses on the continuity-specific logic of BIA: defining impact criteria and evaluation scales, identifying critical activities and dependencies, and deriving time-based requirements (e.g., MTPD/MAO, RTO, RPO and resource needs) that can be handed over cleanly to continuity strategies and continuity plans. It stays within BIA scope: it does not teach continuity strategy design or plan/exercise development; those are handled in the dedicated ISO 22301 modules.

Many organisations treat BIA as a spreadsheet exercise: inconsistent criteria, unclear definitions of “critical”, and outputs that don’t translate into design choices or audit-ready justification. The result is friction between business and IT, continuity strategies that are disconnected from real impacts, and plans that are hard to maintain or defend.

This full-day ISO 22301 specialisation module focuses on the continuity-specific logic of BIA: defining impact criteria and evaluation scales, identifying critical activities and dependencies, and deriving time-based requirements (e.g., MTPD/MAO, RTO, RPO and resource needs) that can be handed over cleanly to continuity strategies and continuity plans. It stays within BIA scope: it does not teach continuity strategy design or plan/exercise development; those are handled in the dedicated ISO 22301 modules.

Target audience

  • Business continuity managers, coordinators, and implementers working with ISO 22301

  • Process owners and functional managers contributing to BIA decisions

  • IT service continuity / DR leads who need consistent business-driven time requirements

  • Internal auditors and assurance professionals auditing ISO 22301 BIA-related requirements (with audit craft assumed from the audit track)

  • Business continuity managers, coordinators, and implementers working with ISO 22301

  • Process owners and functional managers contributing to BIA decisions

  • IT service continuity / DR leads who need consistent business-driven time requirements

  • Internal auditors and assurance professionals auditing ISO 22301 BIA-related requirements (with audit craft assumed from the audit track)

Agenda

Role of BIA within ISO 22301 continuity design

  • What BIA must produce (and what it must not)

  • Interfaces: inputs from context/scope; outputs to strategies and plans

Defining impact criteria and evaluation logic (continuity-specific)

  • Impact dimensions (people, service, legal/contractual, financial, reputation) and calibration

  • Consistency rules: comparable scoring across functions, avoiding “special pleading”

Identifying activities and determining “critical”

  • Activity identification and structuring for analysis (services/products/process views)

  • Criticality decisions: thresholds, justification, and governance of disagreements

Dependencies and resource requirements

  • Upstream/downstream dependencies, suppliers, sites, information, and enabling services

  • Minimum resources for operation and recovery (people, facilities, technology, information)

Time-based requirements and recovery parameters

  • Deriving and documenting MTPD/MAO and recovery priorities

  • Deriving RTO/RPO needs and practical interpretation across business and IT

Documented outputs and traceability (implementation and audit use)

  • Typical ISO 22301 artefacts for BIA evidence and maintenance

  • Common pitfalls and what “good enough” looks like in practice (manager and auditor lens)

Technology as an enabler

  • Structuring BIA data for maintainability and change tracking

  • AI-assisted summarisation and consistency checks (supporting judgement, not replacing it)

Workshop (case-based)

  • Conduct a BIA on a Halderstone case: define criteria, identify critical activities, map dependencies, derive time requirements

  • Peer review and consolidation: resolving inconsistencies and documenting rationale

Role of BIA within ISO 22301 continuity design

  • What BIA must produce (and what it must not)

  • Interfaces: inputs from context/scope; outputs to strategies and plans

Defining impact criteria and evaluation logic (continuity-specific)

  • Impact dimensions (people, service, legal/contractual, financial, reputation) and calibration

  • Consistency rules: comparable scoring across functions, avoiding “special pleading”

Identifying activities and determining “critical”

  • Activity identification and structuring for analysis (services/products/process views)

  • Criticality decisions: thresholds, justification, and governance of disagreements

Dependencies and resource requirements

  • Upstream/downstream dependencies, suppliers, sites, information, and enabling services

  • Minimum resources for operation and recovery (people, facilities, technology, information)

Time-based requirements and recovery parameters

  • Deriving and documenting MTPD/MAO and recovery priorities

  • Deriving RTO/RPO needs and practical interpretation across business and IT

Documented outputs and traceability (implementation and audit use)

  • Typical ISO 22301 artefacts for BIA evidence and maintenance

  • Common pitfalls and what “good enough” looks like in practice (manager and auditor lens)

Technology as an enabler

  • Structuring BIA data for maintainability and change tracking

  • AI-assisted summarisation and consistency checks (supporting judgement, not replacing it)

Workshop (case-based)

  • Conduct a BIA on a Halderstone case: define criteria, identify critical activities, map dependencies, derive time requirements

  • Peer review and consolidation: resolving inconsistencies and documenting rationale

Course ID:

HAM-BIA-1

Audience:

Manager

Domain:

Business Continuity

Available in:

English

Duration:

7 h

List price:

CHF 550

Excl. VAT. VAT may apply depending on customer location and status.

Book

Book

Book

Check in-house options

Check in-house options

Check in-house options

What you get

Learning outcomes

  • Define continuity-relevant impact criteria and scoring scales that are comparable across functions

  • Identify and structure activities for BIA in a way that supports consistent decision-making

  • Determine critical activities using explicit thresholds and documented rationale

  • Map key dependencies and minimum resource needs that materially affect continuity requirements

  • Derive and document time-based recovery requirements (including MTPD/MAO, RTO, RPO) in a way usable by strategy and planning teams

  • Produce BIA outputs that are maintainable and defensible for internal assurance and audit purposes (without teaching audit technique)

  • Define continuity-relevant impact criteria and scoring scales that are comparable across functions

  • Identify and structure activities for BIA in a way that supports consistent decision-making

  • Determine critical activities using explicit thresholds and documented rationale

  • Map key dependencies and minimum resource needs that materially affect continuity requirements

  • Derive and document time-based recovery requirements (including MTPD/MAO, RTO, RPO) in a way usable by strategy and planning teams

  • Produce BIA outputs that are maintainable and defensible for internal assurance and audit purposes (without teaching audit technique)

Learning materials

  • Slide deck

  • Participant workbook

  • Certificate of completion

  • Slide deck

  • Participant workbook

  • Certificate of completion

Templates & tools

  • Impact criteria library (dimensions + example scales)

  • BIA worksheet (activity, impacts, assumptions, thresholds, rationale)

  • Critical activities register (with prioritisation fields)

  • Dependency mapping canvas (services, suppliers, sites, information, enabling functions)

  • Time requirements table (MTPD/MAO, RTO, RPO + interpretation notes)

  • Interview and validation guide (question set + consistency prompts)

  • Optional AI prompt set for summarising interviews and checking internal consistency (judgement retained)

  • Impact criteria library (dimensions + example scales)

  • BIA worksheet (activity, impacts, assumptions, thresholds, rationale)

  • Critical activities register (with prioritisation fields)

  • Dependency mapping canvas (services, suppliers, sites, information, enabling functions)

  • Time requirements table (MTPD/MAO, RTO, RPO + interpretation notes)

  • Interview and validation guide (question set + consistency prompts)

  • Optional AI prompt set for summarising interviews and checking internal consistency (judgement retained)

Prerequisites

This module assumes participants can work with management-system concepts and organisational process thinking. ISO 22301 clause knowledge is not required, but participants should be comfortable discussing service impacts, dependencies, and time constraints.

Helpful background includes:

  • Basic familiarity with process/service descriptions and ownership

  • Ability to discuss operational consequences of disruption (not risk methodology)

This module assumes participants can work with management-system concepts and organisational process thinking. ISO 22301 clause knowledge is not required, but participants should be comfortable discussing service impacts, dependencies, and time constraints.

Helpful background includes:

  • Basic familiarity with process/service descriptions and ownership

  • Ability to discuss operational consequences of disruption (not risk methodology)

Strongly recommended preparatory modules

System Foundations: Context, Stakeholders, and System Boundaries

Understand organisational context, stakeholders, and system boundaries

7 h

System Foundations: Context, Stakeholders, and System Boundaries

Understand organisational context, stakeholders, and system boundaries

7 h

System Foundations: Context, Stakeholders, and System Boundaries

Understand organisational context, stakeholders, and system boundaries

7 h

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.

7 h

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.

7 h

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.

7 h

Governance Foundations: Role Design, Decision Rights, and Escalation in Management Systems

Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems

7 h

Governance Foundations: Role Design, Decision Rights, and Escalation in Management Systems

Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems

7 h

Governance Foundations: Role Design, Decision Rights, and Escalation in Management Systems

Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems

7 h

Helpful preparatory modules

The modules below prepare for an optimal learning experience – but are not strictly necessary for participants to follow.

Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge

Fundamentals of documented information control, records, and knowledge capture for management systems

7 h

Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge

Fundamentals of documented information control, records, and knowledge capture for management systems

7 h

Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge

Fundamentals of documented information control, records, and knowledge capture for management systems

7 h

Continuous learning

Follow-up modules

Follow-up modules

After completion of this module, the following modules are ideal to further deepen the participant's competence.

After completion of this module, the following modules are ideal to further deepen the participant's competence.

View all modules

View all modules

HAM-RMF-1

Risk Management Foundations

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-RMF-1

Risk Management Foundations

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-RMF-1

Risk Management Foundations

Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-MMF-1

Monitoring & Measurement Foundations

Monitoring & Measurement Foundations: Collecting and Validating Performance Data Across the System

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-MMF-1

Monitoring & Measurement Foundations

Monitoring & Measurement Foundations: Collecting and Validating Performance Data Across the System

Domain

Text

Duration

7 h

List price

CHF 550

View module

HAM-MMF-1

Monitoring & Measurement Foundations

Monitoring & Measurement Foundations: Collecting and Validating Performance Data Across the System

Domain

Text

Duration

7 h

List price

CHF 550

View module

Office scene with people standing, walking and sitting

Ready to achieve mastery?

Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.

Contact us

Office scene with people standing, walking and sitting

Ready to achieve mastery?

Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.

Contact us

Office scene with people standing, walking and sitting

Ready to achieve mastery?

Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.

Contact us