In CBCI 7.0 / BCI GPG 7.0, the Analysis practice (PP3) clearly separates two techniques: Business Impact Analysis (BIA) and Risk Assessment. The BIA estimates the impacts of disruption over time to determine response/recovery priorities and resource requirements, while risk assessment analyses relevant risks to prioritised activities (i.e., threats, vulnerabilities, points of failure).
A Products & Services BIA is a strategic-level BIA used to understand which products and services matter most, the impacts if they are disrupted, and therefore supports decisions such as prioritisation and even clarifying/adjusting BCMS scope at a high level. It can also be used when major operational change occurs to re-check disruption impacts and priorities.
However, identifying the likelihood and consequences of specific threats is the role of risk assessment, not the Products & Services BIA. The question’s wording (“likelihood and consequences of specific threats”) matches risk assessment language, so option D is the one the Products & Services BIA would NOT be used for.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit