An impact assessment is the systematic evaluation of possible consequences of a planned change, project, or data processing operation. The term is used in two contexts: as a Data Protection Impact Assessment (DPIA under GDPR) and as a general impact analysis in risk and change management.
In change management, an impact assessment evaluates which systems, processes, and people are affected by a planned change and what risks arise. The goal is to identify unintended effects before implementation. ISO 27001 requires assessment of changes (A.8.32) — the impact assessment is the methodological tool for this purpose.