Compara mètodes
Revisa els mètodes seleccionats l'un al costat de l'altre; les files que difereixen es ressalten.
| Business Continuity Impact Analysis× | Semi-Quantitative Risk Matrix Analysis× | |
|---|---|---|
| Camp | Disaster Studies | Disaster Studies |
| Família | Process / pipeline | Process / pipeline |
| Any d'origen | 2019 | 2019 |
| Autor original≠ | Codified in ISO 22301 business continuity management; ISO/IEC 31010 | ISO/IEC 31010 (standardized practice); critical analysis by L. A. Cox |
| Tipus≠ | Impact-over-time analysis of disruption to organizational activities | Semi-quantitative consequence-likelihood rating and ranking pipeline |
| Font seminal≠ | International Organization for Standardization. (2019). ISO 22301:2019 Security and resilience — Business continuity management systems — Requirements. ISO, Geneva. link ↗ | International Organization for Standardization. (2019). IEC 31010:2019 Risk management — Risk assessment techniques. ISO/IEC, Geneva. link ↗ |
| Àlies | Business Impact Analysis, BIA, Continuity Impact Assessment, Disruption Impact Analysis | Risk Matrix Analysis, Consequence-Likelihood Matrix, Probability-Impact Matrix, Risk Rating Matrix |
| Relacionats | 3 | 3 |
| Resum≠ | Business continuity impact analysis, usually called business impact analysis or BIA, is the process of determining how the impact of disrupting an organization's activities grows over time and using that understanding to set recovery priorities and targets. Rather than asking what might go wrong — the job of risk assessment — the BIA asks what it would cost the organization if a given activity stopped, for an hour, a day, a week, and how quickly each activity must therefore be restored. ISO 22301, the international standard for business continuity management systems, makes the BIA a foundational requirement: it drives the recovery time objectives, recovery point objectives and resource requirements on which continuity plans are built. ISO/IEC 31010 situates impact analysis within the broader family of risk-assessment techniques. The BIA's distinctive contribution is its focus on time: impact is not a single figure but a curve that rises as a disruption lengthens. | Semi-quantitative risk matrix analysis rates each risk on ordinal likelihood and consequence scales and combines the two in a grid to assign a risk level that drives prioritization. It is the workhorse of practical risk management: ISO/IEC 31010 lists the consequence-likelihood matrix among its standard techniques precisely because it lets analysts compare many disparate risks quickly without the data demands of a full quantitative model. The 'semi-quantitative' label captures its hybrid character — ordinal categories such as 'rare' or 'catastrophic' are anchored to rough numeric bands, giving more discipline than a purely verbal judgment but far less than a probabilistic calculation. The method's popularity is matched by sharp critique: L. A. Cox's 2008 analysis in Risk Analysis showed that poorly designed matrices can rank risks incorrectly, compress very different risks into the same cell, and even perform worse than random, making careful scale design and consistency checks essential rather than optional. |
| ScholarGateConjunt de dades ↗ |
|
|