GV.OC-04.008

Has your organization conducted a business impact analysis to identify critical assets and operations and assess the potential impact of their loss?

Explanation

A business impact analysis (BIA) helps organizations identify which assets and operations are essential to their mission and understand the consequences if these were compromised or unavailable. This analysis forms the foundation for prioritizing security controls, resource allocation, and recovery strategies based on business criticality rather than technical considerations alone. Evidence of fulfillment could include a documented BIA report that identifies critical assets/operations, quantifies potential impacts (financial, operational, reputational), assigns criticality ratings, and outlines dependencies between systems and business functions.

Implementation Example

Determine (e.g., from a business impact analysis) assets and business operations that are vital to achieving mission objectives and the potential impact of a loss (or partial loss) of such operations

ID: GV.OC-04.008

Context

Function: GV: GOVERN
Category: GV.OC: Organizational Context
Sub-Category: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub