# Business Impact Analysis (BIA) Backlink: [[Domain 1 - Index]] **Definition:** Structured assessment to determine critical processes, dependencies, and acceptable downtime to inform continuity strategies. ## Key Facts - Identifies MTD/MAO, RTO, RPO per process. - Analyzes financial, life safety, regulatory, reputational impacts. - Maps dependencies: people, tech, facilities, suppliers. - Prioritizes recovery sequence and resources. - Validates with leadership; update after changes/incidents. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Choose metrics and priorities in DR scenarios - Distinguish MTD vs. RTO vs. RPO >[!note] **Mnemonic** - “Impacts drive Objectives.” ### Example Q: Process has MTD 24h, RTO 8h. Meaning? A: Must recover within 8h to avoid unacceptable 24h impact. ## Revision Checklist - [ ] Define MTD/MAO, RTO, RPO - [ ] List 4 impact types - [ ] Identify dependencies - [ ] Tie outputs to DR choice ## Related [[Recovery Objectives (RTO, RPO, WRT, MTD)]] · [[Disaster Recovery Strategies (Hot/Warm/Cold)]] · [[Business Continuity Planning (BCP) Overview]] · [[Asset Valuation]] · [[Service Level Agreements and Contracts]] #cisSP #domain-1 #concept