1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? a. Risk assessment (RA) is a structure discipline that must discover the threats, vulnerabilities, and values of an organization’s assets. A key factor in risk assessment is the determination of the likelihood of an adverse event affecting an Organization, process, or system. Risk assessment is a valuable tool to help the organization recognize itself threat environment and ensure that the steps are undertaken to minimize the resulting risks to an acceptable level. b. Business Impact Analysis (BIA) is the key to a successful BCP implementation. Understanding and standardizing Enterprise business process names is critical to the success of the BIA. The intent of the BIA process is to help the organization’s management appreciate the magnitude of the operational and financial impacts associated with a disaster or serious disruption. When they understand, management can use this knowledge to calculate the recovery time objective (RTO) for time-critical support services and resources. For most Organizations, these support resources include: Facilities - IT infrastructure (including voice and data communications networks) - Hardware and software - Vital records Data - Business partners The connection is made when each of the time-critical business processes is mapped to the above supporting resources.
2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? a. Disaster Recovery Plan (DRP) is plan for the intervention taken by an organization to minimize further losses brought on by a disaster and to begin the process of recovery, including activities and programs designed to restore critical business functions and return the organization to an acceptable condition. b. Business Continuity Plan (BCP) is an ongoing process