Integrated Risk and Business Impact Analysis: A Kind of Support for ISO 22301

Abstract

This paper focuses on introducing a kind of framework, technical tool, method, platform to risks, and business impact analysis and evaluation based on ISO 22301 –Societal Security Business Continuity Management Systems – requirements. This technical tool is created for three reasons. Firstly, it is created to handle those weak points that are restricting a deep, honest, and completely true to reality risk analysis. Secondly, to provide supports, identifying the possible business impacts, as factors that are able to affect the business continuity of a company. Thirdly, to create a common platform supplemented with visualizing the results of these two different analysis. This paper is aimed at highlighting the advantages of this technical tool and the eliminated weaknesses, while explaining the methodology and logical way of the platform. This technical tool has been introduced to some companies and is used to evaluate their real status. Arising from the aforementioned, this paper also show some usage results. According to the first test in a real environment, this technical tool proved to be more effective for decision makers than the well-known similar methods. The most useful part seems to be the visualization and the provided flexible framework of the tool. This fact encourages further tests and improvement.