Register now or log in to join your professional community.
My Dear Friend,
sorry for not being able to answer you earlier,i was too busy
however your question reflects you do mix between a lot of things here
i see this question as if someone is trying offering you an apple and a watermelon and asking you which is the biggest fruit in its field between the2,
however i ll try to be short and to the point here to help you.
in your BCM you MUST do both BIIA and Threat evaluation, for all your business processes because with the outcome of both you will be able to make an informed and wise decision about something different in your BCM plane design which processes to totally offer in your DR site, which of them will be actively and continuously replicated and which will not affect the business much
BCM ideal objective is very simple replicate everything in more than1 site and recruit double capacity staff, and make real time copies this way you get zero interruption and business disturbance (strange but reality for some security reasons and some organisations due to secrecy reasons i can not disclose in here ) however this is not easy and is always very expensive so you must help management to make a decision and select between several options and lots of spectrum between online replication and paper replicas, your role is to help management to perform this in the least expensive and easy to manage way and to help your management justify the investment to the share holders you must analysis each of the business processes to give them a weight and consequently make a recommendation based on your organisation budget
for example do you need your DR site to be on a mountain? or in a secured vault against earthquakes and nuclear explosions?
how likely is this to happen for your organisation?
and how much impact is such an event on your business and customers?
there is a lot to consider but this issue is a research topic and a PhD Theses and i can write down books just to explain this
but hope those examples helps you to get an idea why your question was not relevant and why do we usually do both of them plus many other analysis techniques
if you needed more info mail me so u can get faster response
i rarely check spam folders unfortunately
I would say both, BIA will tell you what is your actual Recoery Time Objective, Recovery Point Objective and what are your vendors scores from this aspect and thrsat evaluation will show you how strong your resiliency planning is in terms of working and completing all your critical task activities without effecting the SLA or impact to customers from delivery of services.