Members of the board need to be aware of the organization’s information assets and their criticality to ongoing business
operations. The board should periodically be provided with the high-level results of comprehensive risk assessments and
business impact analyses (BIAs), which identify how quickly essential business unit and processes have to return to full
operation following a disaster event. A result of these activities should include board members identifying the key assets
they want protected and verifying that protection levels and priorities are appropriate to a standard of due care.