Here are some suggestions to improve the response:- For the strategies not recommended, focus more on how they do not meet the RTO/RPO requirements of 1 week/1 day, rather than other drawbacks. For example, you could say "Cold site does not meet the RTO of 1 week as it could take up to 2 weeks" rather than discussing costs. - Provide more quantitative comparisons. For example, say "Replication/HA offers an RTO/RPO of less than 24 hours, which is below the requirements and unnecessary given the 1 week/1 day targets."- Be more concise. Some sections like describing the strategies not recommended could be shortened. - Consider adding a summary
The strategy recommends relocating the Legal department to an internal alternate facility in Dallas, TX in the event of a disaster affecting the main headquarters. This internal strategy would allow operations to resume within the target 1-week RTO by providing staff with pre-existing office infrastructure and equipment at a facility over 75 miles from headquarters. Choosing an internal location over a vendor facility reduces costs while still meeting the recovery needs of the Legal department.
Apply information from the Aquifer Case Study to answer the followin.docxarmitageclaire49
More Related Content
Similar to Here are some suggestions to improve the response:- For the strategies not recommended, focus more on how they do not meet the RTO/RPO requirements of 1 week/1 day, rather than other drawbacks. For example, you could say "Cold site does not meet the RTO of 1 week as it could take up to 2 weeks" rather than discussing costs. - Provide more quantitative comparisons. For example, say "Replication/HA offers an RTO/RPO of less than 24 hours, which is below the requirements and unnecessary given the 1 week/1 day targets."- Be more concise. Some sections like describing the strategies not recommended could be shortened. - Consider adding a summary
Similar to Here are some suggestions to improve the response:- For the strategies not recommended, focus more on how they do not meet the RTO/RPO requirements of 1 week/1 day, rather than other drawbacks. For example, you could say "Cold site does not meet the RTO of 1 week as it could take up to 2 weeks" rather than discussing costs. - Provide more quantitative comparisons. For example, say "Replication/HA offers an RTO/RPO of less than 24 hours, which is below the requirements and unnecessary given the 1 week/1 day targets."- Be more concise. Some sections like describing the strategies not recommended could be shortened. - Consider adding a summary (20)
Here are some suggestions to improve the response:- For the strategies not recommended, focus more on how they do not meet the RTO/RPO requirements of 1 week/1 day, rather than other drawbacks. For example, you could say "Cold site does not meet the RTO of 1 week as it could take up to 2 weeks" rather than discussing costs. - Provide more quantitative comparisons. For example, say "Replication/HA offers an RTO/RPO of less than 24 hours, which is below the requirements and unnecessary given the 1 week/1 day targets."- Be more concise. Some sections like describing the strategies not recommended could be shortened. - Consider adding a summary
1. Appendix6ApplicationsFunctionPlatform/LocationRockville,
MarylandClient Home OfficeJacksonville Technology/Image
CenterJacksonville Regional OperationsCorporate
FinanceHuman Resources &
FacilitiesMarketingOpsUnderwriting and
ReportingLocationMidrange, Mainframe, LAN Server, External
Provider or OtherExternal Provider/Svc BureauAudit
ServicesAccounts PayableEligibilityEligibility
ReconciliationsException ProcessingPayrollPlanning &
ReportingPurchasingTreasury ServicesHuman
ResourcesMail/RetrievalCorp. Trng. & Dev.FacilitiesAdmin
Svcs/Help Desk/Claims TeamImaging CenterOCR/RepairClaims
ScanningIncoming Mail PrepMail OutCustomer RelationsClaim
Pmt. ActivitiesCustomer Phone ContactUtilization
Mgmt.AccessDatabase
softwareRockvilleLAN4hB3dA3dB4hBADPPayroll
ProcessingRockvilleCloud Computing VendorX1wAAutoCAD
LiteBlueprint Reading SoftwareRockvilleLAN4hBBank of
MarylandRockvilleCloud Computing VendorXBRASSClaims
Clearing Info. For the Letter of
CreditJacksonvilleMidrange1dACASClaims Adjudication
SystemJacksonville40
Midrange4hB2wB1dA3dB1dB4hB1dB2dB2dB4hBCHSEligibilit
yJacksonvilleMidrange4hB1mBClaims EDIElectronic Data
InterchangeJacksonvilleMidrange2dBCRWCustomer Relations
WorkstationJacksonvilleLAN4hB2wB1dB4hBDisease
ManagementPart of PHCSUnknownCloud Computing
VendorXDRG PricingOver 65 w/o Medicare
InformationJacksonvilleCloud Computing
VendorX4hBEDIMImaging
SystemJacksonvilleOther4hB4hB4hBE-mail (MS
Exchange)Internal/External
CommunicationRockvilleLAN1mB2wB3dA1dA3dB4hB4hBFAC
ETSPre-CertificationJacksonvilleCloud Computing
2. VendorX4hBFileNet OCRSybase DB with Scanned
ImagesJacksonvilleLAN2dB2dBFirst Money MoverElectronic
Data Interchange (EDI) (ACH) with First Maryland
BankRockvilleCloud Computing
VendorX4hA1wA3dA1dAGoldman Sachs FILMInvestment
accountChicagoCloud Computing VendorX1dAHRISHuman
Resources TrackingRockvilleMidrange4hBKCMGSecurity/Help
DeskRockvilleLAN4hBKMSRockvilleUnknown3dBSharePointD
ocument ManagementRockvilleLAN3dAMAS 90Accounting,
Financial
InformationRockvilleLAN4hA3dA3dBMetraHealthMedicare
Claims Pricing/InformationJacksonvilleCloud Computing
VendorX4hBMulti-PlanSecondary PPO with Fee
SchedulesJacksonvilleCloud Computing VendorX4hBOffice
ProductsSpreadsheet/Word
ProcessingAllLAN1mB2wB3dA1dA4hB3dB1mB4hB1dB2dB2d
B1dBPCSPrescription Drug SystemJacksonville4
Mainframes4hBPHCS - OptimedPre-
CertificationJacksonvilleCloud Computing
VendorX4hBQDI/OCR/IndexingImaging - Paper Claims to a
CDJacksonvilleLAN2dBSales
ControlMarketingRockvilleMainframe1dBSAS
enterpriseStatistical
ReportingJacksonvilleMainframe4hB1dBScanning
SystemsScanning -
GeneralJacksonvilleOther2dBTSOSecurity/Help
DeskJacksonvilleMainframe4hBWachovia Dial-upEDI
functionsRockvilleCloud Computing
VendorX2wB1dAWorkflow RoutingClaims
RoutingJacksonville15 LAN4hB
&C&"Arial,Bold"&16Final--Appendix 2--RTOs and RPOs for
Applications by Department&R&8Page &P
&LNOTE: The number in each Cell represents the RTO; the
superscript represents the RPO as indicated below.&X
A&XRPO is 0.
&XB&XRPO is 1 day.
3. h = Hour; d = Day; w = Week; m = Month.
(c) Mary Sandy, CBCP, 2018
Sheet2
Sheet3
Homework #3 - Comment by Author: Gayle,As with your
HW2 submissions, this is OUTSTANDING WORK!!! I am
impressed as it almost sounds like you are a Business Recovery
professional!Additionally your writing style is businesslike and
professional.
Use this as a guideline to ensure that you DOCUMENT AND
ANSWER ALL OF THE ISSUES BELOW:
1. FORM # 58
2. DEPARTMENT NAME: Legal
3. LIST HARDWARE/SOFTWARE AND RTOS AND RPOS
INDICATED.
Software
Hardware
# Servers
RTO
RPO
Vantive
HP Integrity RX 7640 Midrange
2
1 Week
1 Day
4. RECOMMENDED STRATEGY AND STRATEGY NAME
Accessibility to key applications and data remains imperative to
4. ensure Legal Department efficacy and the survival of the
business in dynamic and highly competitive environments.
Given the mission-critical nature of the Legal Department and
the suggested Recovery Objective Time (RTO) of 1 Week,
Recovery Point Objective (RPO) of 1 day, and minimal
tolerance for data loss, this evaluator endorses the “Warm Site
Electronic Vaulting” approach to recovery and data.
5. DESCRIBE YOUR STRATEGY BY DOCUMENTING THE
FOLLOWING:
I. How Will Strategy Work:
Electronic Vaulting is a backup strategy involving the
electronic transfer of data to a backup site using batch
transmission. A copy of the data stored at the primary site is
forwarded electronically to an offsite server at an alternate
location.
The warm site provides restoration capabilities. Warm site
hardware, communications interfaces, operating system,
applications, and connectivity mimicking that of the
productions site, albeit on a smaller scale, are established in
advance at an alternate location. Software installation
commences at the time of disaster (ATOD), so there may be
some lag time, hence the one-week RTO.
Batch transmissions executed daily after the end of each
business day provide a 1-day RPO.
II. Vendor/Internal Strategy:
This student recommends that the client employ a disaster
recovery as service (DraaS) solution, using an external vendor
to house and maintain Warm Site operations and to perform
backups.
III. Justify Vendor/Internal Strategy:
5. The core functions of the company IT department embrace
governance (operational parameters for work units, business
rule integration, and subject matter domain expertise),
infrastructure (telephony, hardware, networks), and
functionality (application development, data maintenance, and
user support). The use of a third-party vendor will permit the
IT department to maintain a dedicated focus on these core
functions. Warm Site Electronic Vaulting eliminates time spent
to manage tape backups and associated offsite storage
complications.
A third-party vendor offers specialized expertise beyond the
current time-constrained capabilities of the company IT
department. The vendor will provide data encryption, in-flight
and at rest, to maintain an extra measure of security for
confidential Legal Department data. The vendor will also
implement automatic systems to monitor data health. The
vendor can also deliver a copy of Legal Department data to a
system on which the department could resume operations if
needed (additional cost may apply).
The cost of these services is negligible as compared to the
advantages gained. This strategy accommodates the Legal
Department RTO and RPO requirements sufficiently and
without excess.
6. STRATEGIES NOT RECOMMENDED AS COMPARED TO
RECOMMENDED STRATEGY:
I. Evaluate Strategies NOT Recommended:
We performed in-depth analyses and evaluations offering
consideration for other BCDR strategies before delivering our
recommendation.
Continuous Availability (with Hot site):
This approach offers the shortest timeframe for the restoration
of hardware and software, an RPO of 0. The replication of data
6. occurs continuously from the primary site to the hot site, and
failover occurs automatically upon detection of an anomaly.
This approach, the most costly, comes with susceptibility to
data corruption.
Continuous Availability is the costliest approach and far
exceeds the need of the Legal Department with an RPO of 1
day.
Replication/High Availability (with Hot site):
This strategy provides near-constant data synchronization,
delivering RPO and RTO of 24 hours or less, mitigating data
loss to the extreme. However, the manual failover to redundant
systems at the hot site does affect the RTO and issues with the
failover process could result in loss of transmission at the
predetermined intervals of synchronization. Manual failovers
are subject to human error. Furthermore, corruption of the
primary systems may cause corrupted replication.
Replication/High Availability is a very reliable but costly
approach, and that far exceeds Legal Department needs and
specified requirements. Comment by Author: While you are
correct about the cost, the emphasis should have been on the
RTO and/or RPO and whether it can meet their requirements or
not. Remember this when working on your Final Exam!
Remote Journaling (with Hot site):
This strategy is typically employed to support database systems,
offering an RTO and RPO of 1 day or less. The journaling
process performs error checking and registers only changes
made to the database designated for copying or mirroring to the
hot site. Error checking ensures database integrity. Possibility
for data loss exists during transmissions executed at the time of
a disaster. This option does not provide immediate restoration.
Though remote journaling does meet the Legal Department RTO
7. requirement, it exceeds the RPO needs thereby rendering this
option inconsistent and unnecessarily expensive.
Cold Site:
The Cold Site is a blank facility devoid of the hardware and
software. Cold sites do come prepared with installed electricity
and cabling, raised floors, and appropriate HVAC
infrastructure. At the time of failure, the client must acquire
the hardware, software and install both. Furthermore, the client
also holds responsibility for establishing a means to restore
backed-up data. This option necessitates an agreement with the
facility owner/provider.
The Cold Site approach proves unviable as an option for
mission-critical business functions like those within the Legal
Department. The RTO may be extended up to two weeks, an
unacceptable duration for the Legal Department with an RTO of
one week. The cost of this option is typically minimal as one
pays only for the facility long term, but one may be subject to
paying a premium in cases of regional disasters. Furthermore,
this strategy may be difficult to execute at the time of disaster
due to the complexities of procurement processes, hardware
availability during crises, and geographical implications.
Quick Ship—Purchase at Time of Disaster:
This high-risk strategy necessitates that all hardware and
software shipping occur at the time of disruption, and the
facility is also ATOD. The client must establish an agreement
with a hardware vendor in advance. This setup offers no
opportunity for the testing of recovery procedures. The
organization may encounter difficult securing equipment, as
many companies within the disaster zone may likely compete
for same.
RTO presents as extremely high at two weeks or more, beyond
the range of acceptability for the Legal Department.
8. Reciprocal Agreement:
The Reciprocal Agreement is typically a verbal arrangement
established between two organizations or two internal
departments located within a proximity of 75 to 100 miles from
the respective primary site. The agreeing entities maintain
similar environments, hardware, and software environments
while having surplus capacity and processing time. They agree
to use one another’s specified systems ATOD and to recover at
the other organization’s facility and to support critical business
functions during disruptions.
While there are no up-front costs associated with this strategy,
we do not recommend this approach for the Legal Department
for several reasons, specifically the following:
· Data confidentiality concerns arising from shared
environments
· Legal concerns associated with difficulties enforcing verbal
agreements
· The absence of RTO/RPO guarantees in this scenario
· Potential interference with operations
7. WRAP-UP OF ANALYSIS
I. Advantages and Disadvantages of Warm Site Electronic
Vaulting
Advantages of Warm Site Electronic Vaulting include
· Meets the Legal Department RPO and RTO requirements
within reasonable expense
· Alleviates the IT department from burdens associated with
time spent on tape backup procedures
· Replaces tape backups and eliminates tape transportation
· Eliminates offsite tape storage issues
Disadvantages of Warm Site Electronic Vaulting include :
· The batch data transmission process may cause data loss
· Data restoration requires specific hardware
9. · Additional bandwidth requirements may apply
· Increased RTO because data restoration depends on the vault
location, data volumes, and transmission speeds
· Requires researching vendors
· Requires a vendor contract and SLA
The importance of meeting the RPO/ RTO, tolerance for data
loss, and cost considerations drive this analysis and conclude
that Warm Site Electronic Vaulting is the most appropriate
strategy for the Legal Department.
Homework #4--Recommendation Outline
1. FORM # 58
Comment by Author: Gayle,This is extremely well done
except for a few issues which I marked.Your analysis shows
that you understand Work Area except in a few cases, you added
references to their Midrange systems, which only apply to their
DR Strategy.Otherwise, this is great except for several issues
that I marked.Well done!
2. DEPARTMENT NAME: Legal
3. DOCUMENT THE RTO FOR WORK AREA RECOVERY. 1
week
I. How many seats do you need initially? How many seats do
you need at the 1 month period? (Make sure that your work area
recovery facility can accommodate the # of seats needed at the 1
month period.)
· 4 seats within 1 week after disaster occurs
4. CHOOSE THE WORK AREA RECOVERY STRATEGY AND
DOCUMENT THE NAME OF THE STRATEGY.
10. · This scope of this strategy is limited to recovery and business
continuance from a serious disruption of business function
resulting from non-availability of the operations environment at
company headquarters located in Lincoln, NE.
· The scope of this strategy focuses on local and regional
disasters, e.g., storms, fires, floods, and other localized man-
made or natural disasters
· The recommended Continuity of Operations Strategy:
Relocation to an Internal Alternate Facility within the company
5. DESCRIBE YOUR STRATEGY BY DOCUMENTING THE
FOLLOWING: Comment by Author: If you look at the HW4
Recommendation Outline, you were also supposed to document
the following information since you selected an Internal
Strategy:How Strategy Will Work: Describe how your strategy
will work in the company’s environment.CRITICAL!!! If you
select an INTERNAL STRATEGY or a RECIPROCAL
AGREEMENT STRATEGY, you must also discuss HOW/WHEN
you will acquire PCs, phones, tables, chairs, etc.
I. How Will Strategy Work:
· Legal department unfettered accessibility remains mandatory
during situations of disaster.
· To accommodate the 1-week RTO, we suggest an Internal
Alternate Facility located > 75 miles from the main site for the
Legal Department.
· At the time of Disaster (ATOD), Legal Department personnel
relocate to the Internal Alternate Facility and resume business
functions seamlessly upon arrival.
II. Vendor/Internal Strategy: Document if you will use a vendor
facility (external strategy) to house your equipment or one of
your internal locations (the latter is an internal strategy).
(Remember that this Company has multiple facilities in which
you may locate your hardware for your strategy if you choose
11. an INTERNAL location.
· We recommend an Internal Alternate Facility configured with
appropriately configured infrastructure and equipment
· The Internal Alternate Facility shall house and maintain all
mid-range equipment and software required for operations,
ensuring availability for immediate use ATOD. [Please fix this]
Comment by Author: This is NOT correct since that
hardware/software was your DR Strategy in HW3. This is Work
Area Recovery and we are concerned with their offices which
are smoke and rubble. Thus, you should have considered PCs,
phones, desks, etc.
· We recommend the Dallas, TX as the Internal Alternate
Facility for the following reasons:
· It accommodates the RTO of 1 week
· Texas as is the only state that maintains its own power grid,
Electric Reliability Council of Texas Electric Reliability
Council of Texas (ERCOT), offering easy access to stable
energy resources.
· Dallas/Fort Worth region has 275 megawatts (MW) of
commissioned data center power and 200 MW in the pipeline,
providing a near-uninterruptable power supply, making this area
nearly impervious to energy outages.
· It satisfies distance requirements of being >75 miles from HQ.
· It comes equipped with pre-existing technology support
infrastructure which reduces cost.
· It addresses sufficiently site workplace readiness requirements
for incoming staff
· It addresses adequately other cost factor minimization
considerations, e.g., space, peripherals, communication, and
infrastructure.
· Tier 1 backbone services available throughout the Dallas, TX
area.
· Considering that only 4 employees from the Legal Department
require accommodations ATOD, disruptions to the Dallas, TX
office would be minimal.
12. III. Justify Vendor/Internal Strategy: Also, explain why you are
selecting an internal or external location, which means provide
detailed justification.
· The Internal Alternate Facility approach to continuity satisfies
the 1- week RTO needs of the Legal Department with minimal
expense to the organization.
· The Dallas, TX internal facility satisfies the recommended
distance from HQ and also provides: an established office
environment with adequate desk space and chairs, prewired
desktop and laptop connectivity infrastructure, installed
telephone lines, in-place peripherals (printers, scanners, and fax
machines), conference rooms, and audio/visual equipment. The
company incurs no additional expense for these elements.
Comment by Author: Will they have PC’s purchased and
imaged prior to the disaster or purchase ATOD?
· The Dallas, TX internal facility also offers sufficient space to
accommodate the HP Integrity RX 7640 Midrange hardware and
pre-existing wiring provides connectivity, minimizing related
expenses. Comment by Author: This is NOT considered in this
evaluation since that was in your DR Strategy and does NOT
relate to Work Area Recovery which is what this submission is
all about.
6. EVALUATION of STRATEGIES NOT RECOMMENDED
AND STATE WHY INAPPROPRIATE:
I. Evaluate Each Strategy NOT Recommended: Document the
following for each strategy NOT recommended:
· Relocation to a vendor facility:
Reasons that this strategy is not appropriate:
· Thisstrategyinvolves moving to an unknown location ATOD,
and the company is not comfortable with this level of
uncertainty.
· The facility is provided by the vendor on a first come first
serve basis, and there may be competition for optimal sites
13. adding another layer of unacceptable uncertainty
· This approach requires a monthly ‘per seat’ expenditure,
whether in use or not.
· Testing ATOD may prove challenging.
· The company, not the vendor, bears responsibility for the
activation of telephone lines and imaging PCs in advance,
necessitating resources and expenditures.
· This strategy does accommodate the 1-week RTO, but
provisions for timely vendor facility readiness are not
guaranteed thereby rendering this option unacceptable.
· Find an external alternate site ATOD
Reasons that this strategy is not appropriate:
· This strategy comes with many risks and long lead times.
· One must locate an appropriate site ATOD, which may prove
difficult as competition for accommodations ATOD may be
high.
· This approach requires a complete build-out including office
construction, painting, flooring, meeting spaces, HVAC,
electrical wiring, and cabling necessitating the employ of
external skilled trades resources ATOD. Worker shortages
ATOD and collective bargaining unit issues complicate these
processes and jeopardize readiness. Expenses related to the
build-out are prohibitive.
· The acquisition of office equipment and peripherals ATOD
may require unacceptably long lead times
· Testing ATOD will be difficult.
· This strategy with an RTO of ≥1-month does not satisfy the
Legal Department mandated RTO of 1 week.
· Employees working from home
Reasons that this strategy is not appropriate:
· This approach, typically used to provide a remedy for short-
term outages, allows employees to work from home using
company-issued computer hardware and software.
· This strategy relies on employees’ home internet connectivity,
14. which may not be stable or secure.
· This approach requires testing prior to disruption to ensure
operative reliability. Testing processes may be cumbersome and
result in overburdening of the Help Desk
· The security and confidentiality of Legal Department data and
communications may be at risk if exposed to unsecured home
networks or if an employee prints documents and does not
secure or dispose of them properly.
· The necessary Business Continuity may become threatened by
an unreliable home Internet Service Provider (ISP) or disaster
or disruptions affecting the region in which the employee
resides.
· This option meets the 1-week RTO but is unacceptable
because of the aforementioned risks.
· Reciprocal Agreement
· The Reciprocal Agreement is typically a non-contractual
verbal arrangement established between two similar
organizations or two internal departments located within a
proximity of 75 to 100 miles from the respective primary site.
[Please fix this] The agreeing entities maintain similar
environments, hardware, and software environments while
having surplus capacity and processing time. They agree to use
one another’s specified systems ATOD to support the continuity
of critical business functions during disruptions, but these
circumstances present a competitive environment for space and
resources which threaten the stability required for the Legal
Department. Comment by Author: This does NOT apply to
Work Area Recovery as that is your Internal Strategy. Instead,
Reciprocal Agreement is ONLY BETWEEN TWO DIFFERENT
COMPANIES.
· Data confidentiality concerns unacceptable for the Legal
Department arise from shared environments present under
Reciprocal Agreement conditions.
· Systems accessibility and testing at another company’s facility
may prove difficult.
15. · Legal risks associated with difficulties in enforcing verbal
agreements is unacceptable to the Legal Department.
· The absence of a 1-week RTO guarantee renders this option
unacceptable.
7. WRAP-UP OF ANALYSIS
I. What advantages would there be for your recommended
strategy? What are the disadvantages of this strategy?
· Advantages:
· The use of a company-owned and operated site ensures data
security and maintains information confidentiality critical for
the Legal Department.
· The ability to transition to the new location and resume
operations seamlessly is practical and cost-efficient.
· No fees or extended lead times associated with external
vendor facilities.
· No risks associated with work-from-home arrangements.
· Employees may remain at the facility indefinitely.
· The Dallas, TX location is accessible by many forms of
transportation to support employee movement from the HQ area.
· Hotel accommodations available nearby the facility.
· The Internal Alternate Facility strategy meets the mandatory
1-week RTO with minimal financial overhead.
.
· Disadvantages
· Extensive planning and preparation required to establish and
configure the Internal Alternate facility.
· Front-end capital investment required to set up the Internal
Alternate Facility.
· The Dallas, TX area may be subject to extreme weather
conditions posing some risk.
· Employees either unable or unwilling to travel ATOD
· Testing may interfere with production at the other facility
· Technical issues could arise such as: PC’s in storage may not
work, they image may not be current, if inventory is not
16. properly managed they may not have enough ATOD
Final Business Impact Analysis Case Study SUMMER I--2018I.
Project Summary
Introduction
The ABC Corporation (ABC) is a Federal Business Unit of
MAIN COMPANY Insurance that acts as a Federal Government
subcontractor. Headquartered in Rockville, Maryland, ABC
administers the second largest plan in the Federal Government.
The MAIN COMPANY is committed to providing
comprehensive health benefits and freedom of choice to over 1
million federal employees.
ABC employs approximately 1,050 ABC employees among its
offices in the following cities: Rockville, Maryland;
Jacksonville, Florida; San Antonio, Texas; Mesa, Arizona; and
Chicago, Illinois. ABC decentralized operations in 1995,
distributing support to the Jacksonville, San Antonio, and Mesa
regional offices, then establishing a data center in Jacksonville
in 1997.
To ensure ongoing customer service from its distributed
operating offices, ABC decided to implement a business
recovery program that includes documented business recovery
plans. When the plans are fully implemented, ABC will be in a
position to continue operating if and when a disruption occurs.
Without plans and accommodations for contingencies, ABC may
not be able to fully recover from a significant disruption since
critical information needed for its business may not be
available. Listed below are areas that ABC is interested in
accommodating:
· LAN servers and midrange systems to house critical
applications
· PCs for employees to access third party and LAN applications
· Connectivity to the mainframe for critical applications and
transfer protocols to/from Chicago MAIN COMPANY Home
Office
17. · Mail sorters and other mail handling equipment
· Work space for key employees
· Voice communications
· Data transmission
· Vital records
· Various office automation mechanisms and supplies (printers,
copiers, fax machines, etc.)
To better understand the impact of a business disruption to ABC
and how this would affect its constituents, ABC engaged the
XYZ Consulting Company (XYZ) to conduct a Business Impact
Analysis (BIA). The BIA focuses on ABC’s computer systems
and work area recovery, and addresses two major objectives:
· Determine operational impacts to ABC that would result from
a worst case scenario business disruption – the complete loss of
a regional office or of the Jacksonville Technology Center.
· Assist ABC in the development of a recovery strategy that will
satisfy ABC’s Recovery Time Objectives (RTOs), which is the
length of time from disaster declaration to full information
system functionality.
Objectives
This study obtained business and system information to assess
the impact to ABC’s operations from the sudden and unplanned
loss of the Rockville headquarters, a regional office (Mesa, San
Antonio, and Jacksonville) or the Jacksonville Technology
Center. This study is essential to developing an effective
business continuity strategy for ABC, since it outlines all of the
background information required to justify further plan
development. A recovery/continuity strategy will ensure that
critical company functions and supporting systems will be
restored within acceptable time frames after a disruption. The
study was designed to answer the following questions:
· How well prepared is ABC to recover from an interruption that
would affect employees’ access to their information systems?
· How would these interruptions impact ABC’s operations?
18. · What are ABC’s requirements for work areas and vital records
during restoration?
· What preventative and recovery strategies can be employed to
mitigate the impacts of a business disruption?
· Which strategies are most costly to implement, and which best
suits ABC’s recovery requirements and RTOs?
Scope
ABC’s Request for Proposal (RFP) identified the following
“critical” business functions that were the focus of our study,
although a review of other business functions was necessary
because they were integral components of the ABC business
process flow:
· Customer Service
· Mail and Print Services
· Underwriting/Pricing
· Claims
· Eligibility and Enrollment
· Utilization Management
· Payroll and Human Resources Processing
· Facilities
· Purchasing
· Accounts Payable
· Financial Reporting
· Cash Management
· Treasury Services
As a result of our discussions, we conducted 32 interviews,
gathering information from employees representing both
business and technical/operations support functions. Four
major steps were performed in this study:
· Assessed the impact on ABC’s employees and customers if
claims administration capabilities are lost or severely
interrupted.
· Recommended target RTOs, which represent the amount of
time a company function can operate without computer or
business function support while recovery efforts are underway.
19. · Summarized the hardware and work areas required to support
critical company operations during recovery.
· Recommended appropriate recovery strategies that supply
required resources within acceptable time frames to support
critical operations in an economical manner.
Computer Systems/Locations Included
The following computer systems were included in the project
scope:
· Mainframe
· LAN servers and midrange systems
· Electronic Data Interchange (EDI) systems
· Selected applications provided by third parties that were
determined to be “critical” to the aforementioned business
functions. (MetraHealth, DRG Pricing, Multi-Plan, FACETS,
PHCS, etc.)
· Scanning systems and OCR
· CAS, CRW, and all supporting systems
· Mail preparation systems
· Mainframe interface protocols (file transfer, application
access, and other communications)
The following locations were included in the project scope:
· Rockville Headquarters (163 employees)
· Jacksonville Regional Office (311 employees)
· Jacksonville Technology Center (146 employees)
· San Antonio Regional Office (215 employees)
· Mesa, Arizona Regional Office (215 employees)
· Chicago MAIN COMPANY Group Operations Home Office
and Data Center (MAIN COMPANY Plaza) (NOTE: The
number of employees in Chicago is irrelevant since less than 10
employees in this office have responsibilities that relate to
ABC. Rather, the Chicago office is headquarters for another
large company that is related to the insurance industry.)
Note: XYZ Consulting Company visited all of the above sites
except for San Antonio and Mesa. It was assumed that the
business functions performed at Jacksonville were similar to
20. both San Antonio and Mesa and that our recommendations
would be valid and apply to all three offices.
Assumptions
The following assumptions were made in the execution of the
project:
· Data on the network, database and application mid-range
servers are backed up, even though some systems do not have an
off-site tape rotation methodology in place.
· The primary business disruption scenario that XYZ Consulting
Company used, occurs either at one of ABC’s regional offices,
the Jacksonville Technology Center, or the Rockville HQ.
Because of the distance between the regional offices, it is
assumed multiple regional offices will not be affected
simultaneously by a disruption. By using this realistic scenario
as our model, the recovery plan recommendation can include the
use of ABC branch offices.
· ABC’s need for restoring computer systems and other
supporting processes are the basis for selecting appropriate
continuity strategy, since the primary ABC business processes
are critically dependent on technology and technology-related
entities.
OrganizationInterviewees/Survey Participants
All of the following employees completed project surveys; those
with asterisks next to their names were interviewed by XYZ
Consulting Company:
Employee(s) who Completed the Form or Was Interviewed
Department
Location
Janet L. *
Planning and Reporting
Rockville
Dave R.*
Technology Center
Jacksonville
21. Carolyn R.*
Customer Service
Jacksonville
Bill S.*
Customer Service
Jacksonville
Kevin V.*
Imaging Center
Jacksonville
Greg N.*
Imaging Center
Jacksonville
Margaret L.*
Imaging Center Operations
Jacksonville
Gary F.*
Technology Center
Jacksonville
Ron H.*
Systems Security/Help Desk
Rockville
Harriet G.*
Audit Services
Rockville
Gene R.*
Marketing
Rockville
Mike S.*
Facilities
Rockville
Cyndi J.*
Mail/Retrieval
Rockville
Linda O.*
Human Resources
Rockville
22. Angie G.*
Accounting/Treasury Services
Rockville
Denise H.*
Purchasing
Rockville
Debbie Y.*
Corporate Training & Development
Rockville
Debbie H.*
Payroll
Rockville
Gloria G.*
Exception Processing
Eligibility/Eligibility Reconciliations
Rockville
Nancy M.*
Accounts Payable
Rockville
Bonnie V.*
Unix
Chicago
Steve P.*
Unix
Chicago
Howie P.*
Unix
Chicago
Mary P.*
EDI
Chicago
June S.*
CAS
Chicago
Ben L.*
CAS
23. Chicago
Nate P.*
Corp. Recovery/CSC
Chicago
Terry C.*
Capacity Planning
Chicago
John B.*
Print Management
Chicago
Dave G.*
Cash Management
Chicago
Kelly F.*
Underwriting and Reporting
Chicago
Vicki H.*
PCS, G/L Interfaces
Chicago
Project Team Members
Project team members from ABC and XYZ Consulting Company
included the following:
· Jim B., Project Lead, MAIN COMPANY
· Jim H., Project Manager, MAIN COMPANY
· Ron H., ABC, Rockville
· Jack S., Assistant Vice President, ABC, Rockville
· Mary S., Project Manager, XYZ Consulting Company
· Henry G., Sr. Consultant, XYZ Consulting Company
· Michael A., Managing Consultant, XYZ Consulting Company
Methodology/Approach
The XYZ Consulting Company project team completed the
following tasks for the BIA:
· Conducted a project kickoff session with ABC senior
managers to discuss the project and the information that would
24. be collected.
· Distributed interview questionnaires to the ABC departmental
key contacts for gathering information.
· Conducted interviews with key ABC employees to validate the
information on the questionnaires and to discuss critical
continuity-related issues.
· Evaluated the recovery capability of ABC’s current
environment, outlining issues and risks.
· Analyzed and documented ABC’s information systems.
· Mapped systems and applications to ABC’s critical business
processes.
· Analyzed business impacts, resource requirements, existing
capabilities, and risks.
· Recommended Recovery Time Objectives (RTOs) and
documented them in Section IV, Impact Analysis.
· Recommended appropriate recovery strategies capable of
meeting ABC’s requirements.
II. Impact AnalysisIntroduction
A Recovery Strategy is based on the fact that when “critical”
computer and support systems are not available to users;
important company processes cannot be performed in a timely
and efficient manner. The length of time from declaring a
disaster until computer resources are operational to support the
most “critical” business processes is commonly referred to as
Recovery Time Objective (RTO). “Critical” is defined as
anything (process, computer or resource) required to continue
operations (even in a “degraded” mode) should a business area,
computer, or company facility be destroyed or inaccessible for a
period of time as deemed unacceptable to ABC. The result of
an interruption is generally a financial and/or operational
impact to the business function that is affected. When a
business function is unable to complete its work, ABC’s ability
to support enrollees and providers is at risk.
Longer RTO time frames are frustrating to everyone especially
since they will have significant impact on enrollee/provider
25. service. Recovery time and data integrity requirements were
developed by analyzing the impact information supplied by the
business managers we interviewed. Major systems were
assigned RTO time frames from four hours to greater than one
month. RTOs were assigned based on analysis of the following
criteria:
· Governmental/regulatory requirements
· System availability to regional offices (Mesa, San Antonio,
Jacksonville, Rockville)
· Timeliness of providing financial information (the letter of
credit, etc.) to the government and ABC corporate, while
meeting reporting deadlines to regulatory agencies
· Timeliness of customer claims resolution
· Existence and effectiveness of alternate processing
procedures.
In addition to RTOs, we also examined Recovery Point
Objectives (RPOs), which is the amount of data that
departments are willing to lose if a disruption occurs. The
information in this section will show that the RPO for most of
the departments we interviewed is 1 day. This means that they
would like to have the previous day’s backup restored on the
system if a disruption occurs. In this situation, data that was
entered during the time between when the backup was taken to
the point of the disruption is lost and would need to be re-
entered into the system to be current. This assumes that data is
backed up daily and that tapes are being sent to an offsite
storage vendor every day.
The above-noted information was gathered by surveying and
interviewing resources identified by ABC’s project team.
Financial Impacts
We gathered financial data by survey and interviews. We asked
employees to estimate losses by category, over eight points in
time ranging from four hours to one month. Dollar losses were
expressed in 14 loss ranges extending from zero to $50+
million. These are ABC’s estimates developed by line managers
26. and reviewed by CH. Listed on the following page are the
financial categories along with their descriptions:
FINANCIAL IMPACT CATEGORY
DESCRIPTIONRevenue Loss
Dollar impact of revenue that results from the inability to take
and process new customer orders, need to direct customers to
other insurance providers, loss of opportunity to sell/provide
insurance.
Asset Loss
Dollar impact of ABC’s assets that would result from a business
disruption such as, work in progress, systems development,
proprietary systems, etc.
Regulatory/Legal
Dollar impacts from contractual agreements, suits brought by
members/providers/U.S. Office of Personnel Management,
sanctions, fines, penalties for failure to properly provide
services or fulfill obligations, not fulfilling service level
agreements, etc.
Human Resources
Dollar impact that would result from idle employees’ payroll,
health or profit sharing benefits which, if not provided, may
result in employee hardship, the loss of employee support,
penalties, strikes, etc.
Control
Dollar impact that would result from: the use of alternate
manual procedures; the lack of information related to cash
management, investment management; the inability to manage
risk; or the inability to determine quantities within inventory.
Additional Expense
Dollar impact that would result from any additional expenses
incurred with the start-up and continuation of business or
company operations: necessity to purchase supplies; expenses
incurred with the start-up and operation of a manual system;
"stop gap" equipment and staff; and overtime to recover
backlogged transactions.
27. Total Financial Losses for the entire company are on the next
page. HOWEVER, IT DOES NOT CONTAIN FINANCIAL
LOSSES FOR THE DIVISION/DEPARATMENTS THAT ARE
INCLUDED IN THE CASE STUDY. AS A RESULT, DO NOT
USE ANY OF THE FINANCIAL LOSS INFORMATION ON
THE NEXT PAGE FOR JUSTIFYING ANY OF YOUR
STRATEGIES IN THE CASE STUDY.
THE FOLLOWING LOSSES DO NOT INCLUDE LOSSES FOR
THE DIVISION AND ITS DEPARTMENTS IN THE CASE
STUDY. THUS, YOU CANNOT USE THE FIGURES BELOW
FOR ANY JUSTIFICATION.Financial Impacts of a Disruption
to ABC
Type of Loss
4 Hours
8 Hours
1 Day
2 Days
3 Days
1 Week
2 Weeks
1 Month
Revenue Loss
$0
$0
$0
$0
$0
$200,000
$450,000
$812,500
Asset Loss
$75,000
$75,000
$75,000
$75,000
$75,000
29. $79,000
$153,000
$373,500
Total
$290,000
$302,500
$312,500
$318,500
$1,424,500
$2,119,500
$3,025,500
$4,441,000
In addition to the detailed loss information shown above, the
figure below shows the same data in chart format.
The information in the above charts indicate that financial
losses are minimal at the beginning of a business disruption.
However, the financial losses increase and continue to do so the
longer the disruption continues.
Impacts of an Outage for “Critical” Departments
This section summarizes the findings associated with the loss of
key business functions and support systems for ABC; it
provides a detailed summary of the departments where XYZ
interviewed key contacts or from whom we received
questionnaires. This information is also detailed in Appendix 3,
Department RTOs, which is NOT included in this packet.
The analysis of each department’s criticality was based upon the
information in Appendix 3. The third column of the chart in
Appendix 3 titled “Department RTOs” indicates the RTOs
requested by the listed departments. The RTO is the amount of
time from disaster declaration to the moment when required
information system resources are operational.
As is normally the case in projects of this nature, ABC
departments often listed unrealistic, financially impracticable,
30. and unattainable RTOs. Departments will occasionally lose
perspective and fail to view their contribution to the
organization in the proper context. Objective evaluation of a
department – the relative importance of its business processes,
interconnectivity/ interdependencies with other areas of the
organization, and the formation of an acceptable RTO is
imperative to the success of a business impact analysis.
To objectively determine RTOs, the team analyzed several
components. First, we studied the effect of a sustained loss of
the department on the future operations of ABC. For example,
the following may have significant affects on the company:
· Delayed revenue should the letter of credit not reach the
appropriate government contacts.
· Significant impact on customer service during a prolonged
loss of communications and/or claims resolution abilities.
· A profound impact on ABC’s competitive edge resulting from
a loss of underwriting capabilities if a disaster prevents
calculation of proposal pricing information during the May-
August time period.
The team also analyzed the relative functionality of a given
department to determine the criticality of its business processes.
Consequently, the departments that demonstrated the most
profound impacts on ABC were those that affected revenue and
customer service.
With this in mind, the team evaluated the criticality of a
department’s functionality not only by the RTOs requested by
the department representatives, but also by the relative
importance assigned to the department based on business
continuity standards and professional expertise. Our analysis
showed that the key business, given the nature of ABC’s
revenue source and the stability of its constituency, customer
service/support-related functions are the most critical. ABC
derives its revenue from a letter of credit submitted to the
Office of Personnel Management (OPM) based upon cleared
claim checks. Sustaining efficient operations and maintaining a
high-level of customer service are the two primary business
31. objectives, as customer (the Mail Handler’s Union) satisfaction
results in ABC contract renewal, which in turn drives revenue.
With this in mind, the most critical functions are those directly
affecting ABC operations and customer relationships
(communications and the timely/accurate payment of claims),
such as:
· Customer Relations
· Claim Payment Activities
· Customer Phone Contact
· Operations/Administrative Services
These departments and their ancillary-service providers were
rated highest and assigned lower RTOs. Other departments
were assigned RTOs based upon:
· How their services impact the customer base
· How their functionality affects core operations
· Regulatory restrictions (financial reporting, government
regulations, etc.)
· Revenue lost, penalties, etc.
The departments assigned still higher RTOs do not directly
affect operations or customer service. Such departments
include:
· Accounts Payable
· Eligibility Reconciliations
· Exception Processing
· Payroll (ABC has the ability to run payroll using the previous
period’s data, so the effect on operations is minimal)
· Mail/Retrieval
· Corporate Training and Development
Consequently, this section contains a brief discussion of each
business function that XYZ determined to be “critical” in this
way (and not all business functions reviewed). A summary of
each business function’s criticality is documented in Appendix
3, Department RTOs (this is NOT included in this document)
and a list of the applications that are critical to the business
functions are detailed in Appendix 2, RTOs and RPOs for
Applications by Department.
32. Following is a brief discussion of the business functions that
were determined to be “Critical” business functions: (NOTE:
Appendix 3 was documented and discussed with ABC
management prior to documenting the BIA. It was not until
ABC and XYZ companies agreed to the RTOs in the fourth
column that we started documenting this
BIA.)RockvilleEligibility, Corporate Finance
The Eligibility Department performs two major functions:
Enrolling and Disenrolling members. As a result, this area is
critical in keeping CAS information current with regards to who
is covered and who is not. Peak volumes begin in October and
continue through February since enrollment begins and ends on
the fiscal year. Maintenance of eligibility information occurs
throughout the year.
If a business disruption were to occur, this area would be unable
to keep membership records current. The greatest risk in this is
that ABC may overpay or underpay claims. If ABC makes
overpayments, money can be lost since it may never determine
that the overpayment was made. On the other hand, if ABC
makes underpayments, not only will this result in
enrollee/provider dissatisfaction, but it will also result in
creating extra work since claims may need to be reexamined and
checks reissued. Because of the repercussions that overpayment
and underpayments can create, the RTO of this area is 4
hours.Planning and Reporting, Corporate Finance
This department performs financial planning and reporting
business functions. Not unlike other accounting areas, its work
is ‘time’ dependent in that there are regular cycles by which
financial reports must be completed. ABC Planning and
Reporting examples would include annual financial statements
to the Office of Personnel Management, and quarterly tax
schedule submissions.
MAS 90, an accounting software package that runs on a LAN
server, is used regularly to prepare financial reports to ABC and
ABC executive management. Journal entries are recorded in
this application. Data is then extracted and fed to MS Excel for
33. population into spreadsheet workbooks. These are used to do
preliminary budgeting and financial forecasting. The data from
this process is then sent back to the MAS 90 application for
further detailed analysis. Financial reports for all five regional
offices are prepared in this manner by the Rockville Office.
The MAS 90 application is also part of the process used to
prepare and track cash management for ABC. Cash requests
from the Government and ABC are recorded in MAS 90 as if
they were real checks. Once recorded in this application, the
data is extracted and placed in Excel spreadsheet format. Using
a standalone, modem-equipped PC, ABC then accesses the First
Bank of Maryland via bank provided software (First Facts), and
uploads the Excel spreadsheet. The Bank applies monies
pursuant to the cash requests. They also provide daily
statements on clearings and balances back to ABC and the MAS
90 application.
In the event of disruption, Planning and Reporting indicated
that it would experience a “major disruption” within 3 days of
an outage. This is based upon the fact that the cash flow in
ABC is daily, and any interruption would affect the
Government, vendors, and ABC employees.
This 3 day RTO takes on added criticality based on the time of
year in which it occurs. For example, it would be significant if
it occurred in proximity to the fiscal year audit, September-
October or if it occurred close to the required annual (calendar)
report to the Office of Personnel Management (OPM).
The OPM data noted above, is backed up to tape on a daily basis
but is not stored off-site. Instead, the tapes are stored on top of
employees’ desks in the Rockville office. The LAN server on
which MAS 90 runs, is backed up nightly. These tapes are sent
offsite once each week to Data Resources, Inc.
Planning and Reporting has been assigned new tasks that are
related to the clearing of claim checks at Wachovia Bank
(assembling & forwarding information to Chicago Treasury
Services for the daily LOC draw) and are critical because this
enables ABC to receive its revenue. Because of this function,
34. Planning and Reporting’s RTO is 3 days. Their hardware and
software also has an RTO of 3 days along with an RPO of 0 due
to Sarbanes-Oxley regulations.Treasury Services, Corporate
Finance
The Treasury Services Department is responsible for the daily
cash management, which includes: bank reconciliations;
addition of claim expenses to the Letter of Credit; and daily
deposit of incoming checks. Each day, the Treasury Services
Department provides claim expense summary information for
the Letter of Credit, which is submitted to the government
(Office of Personnel Management) for revenue and acceptance.
The Letter of Credit is the primary revenue mechanism for
ABC, as the government reimbursement for claims paid is a key
component of the company’s core financial sustenance. Daily
cash deposits/reconciliations made to the First National Bank of
Maryland are also critical, since the loss of investment income
represents a vast opportunity cost should the deposit
mechanisms fail. In general, proper cash flow is crucial to the
financial well-being of a corporation, and ABC is no exception.
For these reasons, the department’s RTO is 1 day and all
hardware/software used has an RTO of 1 day and an RPO of
0.Human Resources
This department performs the basic human resource functions,
such as:
· Data entry changes in payroll for changes to employee status
and pay rate.
· Data entry of changes to employee benefits status and
elections.
· Weekly, monthly, quarterly, annual and ad hoc reporting of
corporate personnel statistics.
· Recruiting.
Each region maintains its own paper personnel files, except for
Chicago ABC employees. The latter files are stored in
Rockville. Human Resources will experience a major disruption
to its business functions depending on when, in the payroll
cycle, an outage occurs since it is responsible for entering any
35. changes to status, pay or benefits. This process typically begins
the Monday preceding the first Friday of a 2-week pay period.
Human Resources maintains paper-based personnel files which
are critical. Each region maintains its own personnel files
except for the Chicago ABC files, which are maintained in
Rockville. However, benefit files for all ABC employees are in
Rockville. This poses a risk in that if the Rockville facility is
destroyed, all of these files are destroyed as well. Even so, it
may be sufficient that the same data is also maintained on the
HR software on ABC’s computer system, which would enable
the information to be recreated.
HR is critical because it will be heavily involved in restore
activities in such areas as communications, staffing issues, etc.
As a result, the RTO for HR is 4 hours.Facilities
Facilities is responsible for all basic building operations for the
Rockville building which includes, but is not limited to, the
following: security; HVAC; office moves; construction, etc.
In the event of a disruption, Facilities indicated that they would
experience a “major disruption” within two days of an outage.
Facilities indicated that it has an RTO of 2 days since it would
not have access to scheduled maintenance files and related
shared files.
Because of the inherent nature of contemporary infrastructure
support systems, Facilities indicates that its application data
must be current within the last completed daily application
cycle, or an RPO of 1 day.
Facilities has a well written contingency plan for evacuation of
its Rockville office. An addendum to this plan includes
handling of inclement weather situations in the Rockville area.
There is also a Standard Operating Procedures manual detailing
Facilities’ security procedures for Rockville. These plans
include call-up lists, and are current within six months. Similar
plans exist for the Jacksonville, Mesa and San Antonio Regional
Offices.
Non-financial impacts of a business outage are expressed by
Facilities as somewhat minimal through the first day of an
36. outage. They become somewhat to very significant on the
second day and thereafter.
In order to perform its business functions outside of the existing
ABC office environment, Facilities indicates a need for a
variety of ‘vital records.’ These would include vendor logs,
emergency contact records, floor plans, etc. Most of these
records exist in both electronic and hardcopy format. All are
currently stored onsite at Rockville with no off-site backups.
Facilities will be instrumental in restoring ABC if it
experiences a business disruption. Even though Facilities
requested an RTO of 2 days, ABC agreed to our
recommendation of an RTO of 4 hours since they will be
heavily involved in restoration activities.Administration
Services, Operations
The Administration Services Department oversees the ABC
operations support help desk and all system security. ABC
Headquarters maintains a help desk to assist employees who
utilize the distributed and mainframe technology, from the
desktop to the corporate repositories. Each regional office also
operates a help desk to provide onsite support for technology-
related problems.
System security is important to ABC’s technical, operational,
and financial well-being, as vital company data needs to be
protected from “hackers” and internal access to sensitive
information needs to be regulated. Administration Services
maintains a matrix for each internal position outlining the
specific accessible functions based on job description and
executive input.
Availability of the Help Desk and Security functions is mission-
critical when a disruption occurs for several reasons:
· A support mechanism must become fully operational before
different information systems are restored.
· A liaison between executive management and the technical
experts restoring the information systems is a must.
· Data security is imperative during a disruption, and system
order must be maintained.
37. · In order to restore proper desktop functionality, system access
and function restrictions must be administered and security
policies enforced.
Since the Administration Services business units are so vital to
the system recovery process at its early stages, a 4 hour RTO is
required. This area’s RTO for its hardware/software is 4 hours
and its RPO is 1 day.ABC Home OfficeUnderwriting and
Reporting, Operations
Located in ABC Home Office, Underwriting and Reporting is
responsible for researching, strategizing and pricing ABC's
health insurance plan for the proposal that ABC submits to the
U.S. Government. The process is as follows:
1. Each year this process begins March 31, when ABC receives
a call letter for providing health insurance to the National
Postal Mail Handlers Union.
2. ABC must respond with its proposal by May 31.
3. In June, the government allows ABC to reprice its proposal
which is due back to the government in August.
To complete the proposal, volumes of claims experience reports
are run; "what if" scenarios are generated on various pricing and
benefit models. These are COBOL reports generated from the
CAS system in the Jacksonville Technology Center. Looking
for trends, these reports and “what if” scenarios are produced
for the sole purpose of being able to price ABC’s insurance
plans. Without accurate information, ABC would not be able to
price accurately which could result in a revenue loss.
Additionally, pricing also affects ABC’s ability to compete with
other plans. The importance of the latter cannot be
underestimated since many enrollees not only base their
decisions on what the plans cover, but also on the monthly plan
costs. If priced incorrectly, ABC would lose its ability to
compete with other plans.
April, May, July and November are critical times for this area.
Technically, if ABC misses the May 31 submission date, the
government can eliminate ABC as a provider. If this were to
occur, ABC would be out of business since its sole purpose is to
38. provide health, dental and prescription insurance to government
employees. Even though the RTO would be 1 day if the disaster
were to occur during April, May, July or November and 2 weeks
at all other times during the year, we always assume worst case
scenario in BC planning. Consequently, we assume that the
disaster occurs during these crucial months, meaning that the
RTO for this department is 1 day. This department also relies
upon the mainframe in the Jacksonville Technology Center.
The RTO and RPO for this hardware and software is 1 day as
well.Jacksonville Image Center—Jacksonville Technology
Center
Paper claims and correspondence are scanned into ABC's
computer system and stored as images. Approximately 162,600
documents are received and scanned each week. Since 60% of
total claims are scanned into the image system, a disruption of
this system would affect ABC's ability to start the claims paying
process. A delay in inputting claims would result in a delay in
revenue receipts since ABC is paid when checks, paid to
enrollees and providers, are cashed and cleared. Enrollee and
provider satisfaction would also be affected from the claims
being paid late.
The process is comprised of multiple steps which are discussed
below in the following sections:
· Incoming Mail Prep
· Claims Scanning
· OCR/Repair
· Claims Processing Including EDI
· Mail Out.
All of these components are located in the same building as the
Jacksonville Technology Center and are discussed
below.Incoming Mail Prep
This is the start of the Imaging process. With this step, all
incoming mail is organized and sorted for further handling.
Approximately 150,000 individual paper documents are received
each week. This process starts at approximately 7:30 a.m. every
day, Monday through Friday, which is when the courier delivers
39. the mail to the Jacksonville Technology Center.
Ten Opex machines are used to open and sort incoming paper
claims by claim type and number of pages. Employees batch
their work in stacks of approximately 100 pages. A header
sheet is added to each batch and placed in one of two tubs in the
staging area. The batches are then ready to be scanned into the
computers.
Since the incoming mail preparation process is integral to the
successful completion of the Image scanning life cycle, it has a
2 day RTO. The Image systems are critically dependent upon
the mail preparation process, as claims/correspondence
documents need to be received, sorted, scanned, and stored
before entry into the CAS system. Claims Scanning
After the claims are batched and placed into tubs, they are sent
to Claims Scanning. On a batch-by-batch basis, employees feed
claims into 8 Kodak 990 scanners which scan the documents
into images on the computers. Without this process, paper
claims, correspondence, etc. cannot be scanned into the
computer and saved in image format. Alternative methods, such
as microfilm (which was used by ABC prior to its conversion to
Image in 1998), would need to be used if this process were not
available. This may be less accurate because of the manual
processes involved. This may result in late claims which could
cause a loss of new and existing enrollees. Because of these
consequences, the RTO of this function should be reduced from
3 to 2 days.OCR/Repair
This process involves the use of OCR technology along with a
more "manual" process to correct unreadable information on a
scanned document. OCR technology is faster since it
automatically highlights unreadable characters, which the
operator then corrects from the paper document. Quick Data
Input (QDI), which is more of a "manual" process than OCR,
involves the operator reviewing the scanned document on the
screen and correcting information that appears unreadable.
After this process, data is transferred to the Electronic Data
Interchange (EDI) application on the mainframe. It is then
40. uploaded and updates CAS on a nightly basis.
An Optical Jukebox stores the scanned images. On a nightly
basis, image updates are transmitted nightly to local servers in
Mesa and San Antonio to speed retrieval and access. However,
this is not required in the Jacksonville regional office since it is
connected to the Jacksonville Technology Center via an NMLI
connection.
OCR/Repair is an important step in the image process since
unreadable material is corrected; without this step, information
may be missing, illegible or incorrect, which can affect the
ability to process a claim correctly. This could actually lead to
a loss of revenue since a large number of claims may be
reimbursed incorrectly and since claims may be approved even
though they should have been denied. As a result of such risks,
the RTO of this function is 2 days.Imaging Center
80% of incoming claims are EDI based. These claims are
received in a variety of electronic and tape formats. EDI claims
bypass the entire Image process which is approximately three
days from paper to EDI format. Therefore, it could be said that
EDI claims “hit” the system quicker than those that come in via
paper.
These claims generally have a greater opportunity to complete
the adjudication process in a timely manner. Recovery of the
basic ability to receive EDI claim transactions would have a
priority over the recovery of the Image process since EDI
directly feeds into the CAS system and eliminates the need to
convert from paper to image to EDI, which is a three day
process. Additionally, the Image process requires that
additional equipment be installed (Kodak scanners, Sybase
server, Optical Jukebox, etc.), whereas EDI does not.
We understand that ABC’s goal is to continue to increase the
percent of EDI to more than 90% of total volume. By
increasing the percent of claims received in EDI format, it will
become easier for ABC to recover from a disruption because of
decreasing dependence upon Image. This is because Image is a
“people” and equipment intensive process. Thus, the RTO for
41. this department is 2 days.
Mail Out
The primary print load consists of EOBs, checks and, during
open enrollment season, various customer mailings. EOBs and
checks are generated as a result of claims processing activities
that are heavily dependent upon both internal and external claim
systems. This type of outbound mail and the internal
transactional processing activity that generates the checks/EOBs
have specific time/service requirements that are contractually
mandated by OPM. The RTO of this area is dependent upon
when the ability to generate checks, EOBs, mailings, etc., since
this function provides the output. The RTO of this function is 1
day since this follows the generation of checks.Regional
OperationsNote:Each of the following 4 departments reside in
the Jacksonville Regional Operations. Additionally, each of
these departments also reside in the following locations: San
Antonio, Texas and Mesa, Arizona. The same tasks are
completed at each of these offices.
Call Routing is used among the three Regional Offices in
Jacksonville, San Antonio and in Mesa. If Jacksonville has a
short-term outage, they route their incoming calls to Mesa
and/or San Antonio where they are answered by the appropriate
department. Calls from any of the other two regional offices
can also be rerouted similarly. As a result, calls can be
answered by any of these offices since they reside in the CRW
application which is stored on LAN Servers.NOTE THAT CALL
ROUTING IS NOT AN AUTOMATIC FUNCTION; RATHER,
IT MUST BE ACTIVATED WHEN/AS NEEDED.Customer
Relations
Jacksonville is one of three regional offices. It encompasses
Claim Payment Activities and Customer Phone Contact (each is
discussed below) which includes incoming calls,
correspondence and electronic and Image claims. This is a
priority area since this is the service that ABC provides its
customers. If the regional office is not available, there is a
possibility that new and existing enrollees may be lost. This
42. will impact ABC's revenue and its contribution to the
Corporation's bottom line. Customer Relations incorporates the
following departments that are documented in this section:
Claim Payment Activities; Customer Phone Contact; and
Utilization Management. The RTO of this department and all of
the previously-mentioned departments in this section is 4 hours.
Customer Phone Contact
Incoming customer calls are handled in each of the three
regional offices. These claims-related calls are made by
providers and enrollees and are answered by CRAs. All
questions are entered into CRW and remain in the system along
with the claim information. The Jacksonville office answers an
average of 6,000 incoming calls each week. Communications
with ABC's providers and enrollees via telephone is critical
during a disruption. Not only is this important in maintaining
enrollees and providers, but it is also important in maintaining
an environment of stability in spite of a business disruption that
may be communicated publicly through the media. The RTO of
this function is 4 hours.Utilization Management
(Precertification)
This function is performed by nurses in the three regional
offices by accessing OptiMed, a proprietary system operated by
PHCS. This function provides precertification for hospital
stays, surgical procedures, diagnostic procedures, etc.
Precertification, mandated by the OPM, can be performed
manually; however, additional personnel would be required to
accommodate the volume of calls. If not available, ABC may
be liable for procedures that they would not have authorized but
were performed because precertification could not be contacted.
The RTO of this function is 4 hours.Claim Payment Activities
Claims that are not self-adjudicated are processed by employees
in the regional offices using CAS, which operates on multiple
midrange systems (see Appendix 2) located in the Jacksonville
Technology Center. Workflow routing software automatically
routes claims to regions based on zip codes. Claims then appear
on the Customer Relations Workstations by date; the oldest
43. claims appear first for claims payment. If this process is not
available, claims may not be processed in a timely manner.
This may affect enrollee satisfaction as well as the potential
loss of existing and new enrollees. Therefore, the RTO of this
area is 4 hours.
III. Additional Information Related to Final Exam
Jacksonville Technology/Image Center
The Jacksonville Technology/Image Center is the Primary Data
Center for ABC. It is TOTALLY SEPARATE from the
Jacksonville Regional Operations even though it is in
Jacksonville, Florida.
The following offices use hardware and software that are
located in that facility:
--Jacksonville Regional Operations
--Mesa, Arizona Regional Operations
--San Antonio, Texas Regional Operations
All of the applications for which you are recommending a
Disaster Recovery Strategy reside in the Jacksonville
Technology/Image Center. As a result, none of the applications
reside in any of the Regional Operations offices noted above.
Number of Employees in Each Facility/Location
See Page 4 of this Case Study for this information.
Notation for Location of Disaster Recovery and Work Area
Recovery Strategies
A Home Office in Chicago is mentioned in this Case Study.
You cannot use this facility/location for a Hot Site or Work
Area since it belongs to and is occupied by the Parent Company.
Additionally, they have no space for additional equipment in
their Data Center nor do they have any space in their offices for
employees for Work Area Recovery.
HIPAA (Health Insurance Portability and Accountability Act)—
UP TO THREE (3) BONUS POINTS ADDED TO YOUR FINAL
EXAM GRADE IF YOU INCLUDE THIS IN APPROPRIATE
AREAS!!!
44. Since ABC is a health insurance company, the privacy rules that
are legislated under the Health Insurance Portability and
Accountability Act (HIPAA), are a concern. This is because
ABC could incur fines if patient healthcare information is not
kept private.
HINT: Since this applies to ABC, students should spend a few
minutes investigating this important Act.
AN EVEN BIGGER HINT: HIPAA should be referred to in 3
APPROPRIATE AREAS of your Final Exam. Also, while you
do not need to provide pages of explanations regarding what
HIPAA is, you do need to give an idea WHAT this Act
involves! If you do NOT, YOU WILL NOT EARN UP TO 3
BONUS POINTS THAT WILL BE ADDED TO YOUR FINAL
EXAM GRADE!!!
Total Financial Losses (All Departments Combined)
0 0 0 0 0 200000 450000 812500
Revenue Loss 4 Hours 8 Hours 1 Day 2 Days 3
Days 1 Week 2 Weeks 1 Month 75000 75000 75000
75000 75000 75000 75000 77500 Asset
Loss 4 Hours 8 Hours 1 Day 2 Days 3 Days 1 Week
2 Weeks 1 Month 0 0 0 0 0 208000
510000 925000 Regulatory/Legal 4 Hours 8 Hours
1 Day 2 Days 3 Days 1 Week 2 Weeks 1
Month 207500 210000 220000 220000 1320000
1355000 1385000 1450000 Human Resources 4 Hours
8 Hours 1 Day 2 Days 3 Days 1 Week 2
Weeks 1 Month 0 0 0 0 2500 202500 452500
802500 Control 4 Hours 8 Hours 1 Day 2 Days
3 Days 1 Week 2 Weeks 1 Month 7500 17500
17500 23500 27000 79000 153000 373500
Additional Expenses4 Hours 8 Hours 1 Day 2 Days
3 Days 1 Week 2 Weeks 1 Month 290000 302500
312500 318500 1424500 2119500 3025500
4441000 Total 4 Hours 8 Hours 1 Day 2 Days
3 Days 1 Week 2 Weeks 1 Month
45. Appendix5Workarea Requirements by Recovery Time
ObjectivesRockville, MarylandClient Home OfficeJacksonville
Technology/Image CenterJacksonville Regional
OperationsWork Area Requirement TotalsCorporate
FinanceHuman Resources &
FacilitiesMarketingOperationsUnderwriting and
ReportingAImaging CenterOCR/RepairClaims
ScanningIncoming Mail PrepMail OutCustomer RelationsClaim
Payment ActivitiesCustomer Phone ContactUtilization
ManagementAudit ServicesAccounts
PayableEligibilityEligibility ReconciliationsException
ProcessingPayrollPlanning & ReportingPurchasingTreasury
ServicesHuman ResourcesMail/RetrievalCorporate Training &
Dev.FacilitiesAdministration Services/Help Desk/Claim
TeamRockville, MarylandJacksonville, Florida Data
CenterJacksonville, Florida Regional OfficeTotal # Employees
in
Department26647227736128232129NAA86NAB10437311C1631
46311<4 HOURS-Items Needed at Work Space--Number of
PCs156400000040030100000311420311--Number of
Desks266400000040030100000311530311--Number of
Phones266400000040030100000311530311Total # Desks @Alt
Site, 4 Hours266400000040030100000311530311Total # PCs
@Alt Site, 4 Hours1564000000400301000003114203118
HOURS-Items Needed at Work Space--Number of
PCs156400000040030200000311520311--Number of
Desks266400000040030200000311630311--Number of
Phones266400000040030200000311630311Total # Desks @Alt
Site, 8 Hours266400000040030200000311630311Total # PCs
@Alt Site, 8 Hours1564000000400302000003115203111 DAY-
Items Needed at Work Space--Number of
PCs206400001640030290002311732311--Number of
46. Desks266400001640030290002311792311--Number of
Phones266400001640030290002311792311Total # Desks @Alt
Site, 1 Day266400001640030290002311792311Total # PCs
@Alt Site, 1 Day2064000016400302900023117323112 DAYS-
Items Needed at Work Space--Number of
PCs20640000161200302932104353118190311--Number of
Desks266400001612003112932104353119890311--Number of
Phones266400001612003112932104353119890311Total #
Desks @Alt Site, 2
Days266400001612003112932104353119890311Total # PCs
@Alt Site, 2 Days2064000016120031129321043531181903113
DAYS-Items Needed at Work Space--Number of
PCs20640001361220302932104373118692311--Number of
Desks2664000136128031129321043731110992311--Number of
Phones2664000136128031129321043731110992311Total #
Desks @Alt Site, 3
Days2664000136128031129321043731110992311Total # PCs
@Alt Site, 3 Days2064000136122031129321043731186923111
WEEK-Items Needed at Work Space--Number of
PCs266400773612203029321043731110592311--Number of
Desks2664007736128031129321043731112292311--Number of
Phones2664007736128031129321043731112292311Total #
Desks @Alt Site, 1
Week2664007736128031129321043731112292311Total # PCs
@Alt Site, 1
Week26640077361220311293210437311105923112 WEEKS-
Items Needed at Work Space--Number of
PCs26640107736122030298610437311115146311--Number of
Desks266401077361280311298610437311132146311--Number
of Phones266401077361280311298610437311132146311Total #
Desks @Alt Site, 2
Weeks266401077361280311298610437311132146311Total #
PCs @Alt Site, 2
Weeks2664010773612203112986104373111151463111
MONTH-Items Needed at Work Space--Number of
PCs26647107736122230298610437311124146311--Number of
47. Desks266471077361282311298610437311141146311--Number
of Phones266471077361282311298610437311141146311Total #
Desks @Alt Site, 1
Month266471077361282311298610437311141146311Total #
PCs @Alt Site, 1
Month266471077361222311298610437311124146311
Sheet2
Sheet3
FINAL EXAM QUESTIONS FOR CLASS XXXX—BUSINESS
CONTINUITY/DISASTER RECOVERY—XXXX—2018
NOTE: FOR ALL DOCUMENTS IN THE EXAM, YOU
SHOULD PRINT THEM OUT OR VIEW THEM IN PRINT
PREVIEW MODE. THE REASON IS THAT THERE ARE
FOOTNOTES IN THE DOCUMENTS THAT YOU CANNOT
VIEW UNLESS YOU DO THIS. THUS, YOU WILL MISS
CRUCIAL INFORMATION YOU NEED TO COMPLETE
YOUR STRATEGIES.
ANSWER TWO (2) QUESTIONS THAT ARE DOCUMENTED
ON THE FOLLOWING PAGES. AS WITH PREVIOUS
ASSIGNMENTS, ENSURE THAT YOU JUSTIFY YOUR
ANSWERS FOR EACH OF THE QUESTIONS. YOU HAVE
ALL OF THE APPENDICES THAT YOU NEED TO PROVIDE
YOUR JUSTIFICATION(S) FOR YOUR ANSWERS!!!
EXPECTATIONS FOR THE FINAL EXAM:
Since the Final Exam is structured the same as Homework 3 and
4, ALL CONTENT OF YOUR FINAL EXAM MUST BE
ORIGINAL TEXT with one exception. The one exception is as
follows:
48. 1. You can only copy your DEFINITIONS FOR YOUR
ALTERNATIVE STRATEGIES that you documented in
Homework 3 and 4. IN FACT, YOU MUST COPY YOUR
DEFINITIONS FROM HOMEWORK 3 AND 4 INTO YOUR
FINAL EXAM since it will save you time working on your
Exam and will also save the Instructor time spent reviewing
each Exam.
2. If you had errors in your DEFINITIONS, YOU MUST MAKE
THE APPROPRIATE CORRECTIONS WHEN WORKING ON
YOUR FINAL EXAM! If you do NOT make the corrections
indicated on your Homework 3 and 4, additional points will be
deducted on your Final Exam.
NO OTHER TEXT CAN BE COPIED FROM YOUR
HOMEWORK 3 or 4 SUBMISSIONS AND USED IN YOUR
FINAL EXAM.
IF YOU COPY TEXT NOT NOTED ABOVE, YOU WILL
EARN 0 POINTS ON YOUR FINAL EXAM SINCE THIS IS
PLAGIARISM.
YOUR ABILITY TO JUSTIFY/SUPPORT YOUR
RECOMMENDATIONS REVEALS IF YOU UNDERSTAND
THE MATERIAL. THEREFORE, YOUR THOROUGHNESS IS
ONE CRITERION ON WHICH YOUR GRADE WILL BE
DETERMINED!!!!
The following guidelines apply to writing your Final Exam:
1. Use Word for your document.
a. Any size typeface is acceptable.
2. Write in a businesslike manner:
49. a. Be thorough and use complete sentences.
b. Use bullet points throughout your exam.
c. DO not USE contractions since this would not be used in any
type of a FORMAL REPORT. This especially applies to
consulting reports that would be provided at the end of a
project.
d. Run Spell and Grammar Check feature in Word to lessen
chance of having such errors in your final exam.
3. If I pointed out any issue(s) in your Homework 3 or 4
submissions, be sure to correct this in your Final Exam.
a. I will deduct points for any issue not corrected on your Final
Exam that appeared in your Homework 3 or 4 submissions.
4. DO NOT USE THE SAME JUSTIFICATION/REASONS
WHY STRATEGIES ARE NOT RECOMMENDED as you did in
your homework assignments!!!! This is because the
environment is totally different in the Final Exam’s case study
as well as the fact that this is considered plagiarism.
The above issues are crucial to earning a passing grade, since
your Final Exam submission should be a compilation of what
you learned during the quarter.
Note: Some of the above issues deal with PLAGIARISM. For
further information, go to the DePaul University Home Page,
which is your first screen after you log into D2L. At the lower
portion of the screen on the right, look under Student Support.
Click on the “Academic Integrity” listing for more information.
Again, remember to write this in a professional/businesslike
manner. I do not grade on volume of information; rather, I
grade on the level of accuracy and thoroughness throughout
your exam. Also, it is possible to be thorough and brief at the
50. same time!!!
HIPAA (Health Insurance Portability and Accountability Act)
Since ABC is a health insurance company, the privacy rules that
are legislated under the Health Insurance Portability and
Accountability Act (HIPAA), are a concern. There is a
potential that ABC might incur fines because of HIPAA!
BONUS POINTS: You can earn up to a MAXIMUM of 3
additional Bonus Points if you include HIPAA in the
appropriate areas of the Exam. These Bonus Points will be
added directly on top of your total points computed for your
Exam.
HINT: There are three areas of the Exam where HIPAA should
be included.
1. This applies to 3 of the strategies that you are NOT
recommending as follows:
a. This applies to 1 strategy not recommended in Question 1 for
a maximum of 1 point.
b. This applies to 2 strategies not recommended in Question 2
for a maximum of 2 points.
c. For each CORRECT MENTION of HIPAA, you will earn 1
point out of a total of 3 MAXIMUM possible points.
Also, while you should NOT provide pages of explanations
regarding what HIPAA is, you do need to give an idea WHAT
this Act involves!
QUESTION #1 (WORTH 50 OUT OF 100 POINTS)
51. QUESTION #1 IS ABOUT DISASTER RECOVERY. SEE THE
FOLLOWING QUESTIONS YOU NEED TO ANSWER:
Question 1: DOCUMENT YOUR RECOVERY STRATEGY
FOR THE HARDWARE/SOFTWARE USED BY THE
“JACKSONVILLE REGIONAL OPERATIONS”
DOCUMENTED IN “APPENDIX 2—RTOs and RPOs FOR
APPLICATIONS BY DEPARTMENT.” (NOTE: The
Departments Included in Jacksonville Regional Operations are:
a) Customer Relations; b) Claim Pmt. Activities; c) Customer
Phone Contact; and d) Utilization Mgmt.).
Even though the ENTIRE DATA CENTER is SMOKE AND
RUBBLE, you are to PROVIDE A DISASTER RECOVERY
STRATEGY ONLY FOR THE FOLLOWING 3 SOFTWARE
APPLICATIONS (AND RELATED HARDWARE) THAT ARE
HIGHLIGHTED IN YELLOW ON THE APPENDIX 2
SPREADSHEET:
1. CAS
2. PCS
3. WORKFLOW ROUTING
DO NOT PROVIDE A STRATEGY FOR ANY OTHER
HARDWARE/SOFTWARE ITEMS IN APPENDIX 2. As with
Homework 3, only recommend ONE STRATEGY for all three
applications.
Even though we are concerned about Jacksonville’s operation,
we also need to consider the operations in Mesa, Arizona and
San Antonio, Texas (as well as other departments in other
locations that may use the SAME HARDWARE/ SOFTWARE
and have a LOWER RTO/RPO) when we design our Disaster
Recovery Strategy. The reason is that these two offices perform
the SAME EXACT FUNCTIONS as the Jacksonville Regional
52. Operations, with employees using the same hardware and
software as those in the Jacksonville Regional Operations. In
fact, the 3 hardware and software items reside in the
Jacksonville Technology/Image Center and are accessed by
employees in these 3 locations.
Your recovery strategy should be designed for the “Worst Case
Scenario,” which means a complete destruction of the
Jacksonville Technology/Image Center. Justify your
recommendation(s) using any information in the description of
the client, appendices, etc. (HINT: the documents that will
help you answer this question are listed on page 5 of this
document.)
As with your homework assignment, use the following as a
guideline to ensure that you cover all of the points documented
below:
1. LIST HARDWARE/SOFTWARE AND RTOs AND RPOs
INDICATED.(Remember to use the lowest RTO and RPO used
by all other departments/offices. If any other department/office
uses a lower RTO or RPO, always USE THE LOWEST RTO OR
RPO. To ensure your figures are correct, validate with the
instructor before you start work on this part of your Exam.)
2. CHOOSE THE TECHNOLOGY STRATEGY(IES) AND
DOCUMENT THE NAME OF THE STRATEGY. You may
choose one strategy or more than one strategy, ONLY if this
applies.
3. DESCRIBE YOUR STRATEGY BY DOCUMENTING THE
FOLLOWING:
a. How Strategy Will Work: Describe how your strategy will
53. work in detail. (Example, if you recommend Warm Site,
describe HOW it will work in the company’s environment.)
NOTE THAT THIS MUST BE ORIGINAL TEXT AND
CANNOT BE COPIED FROM HOMEWORK 3.
b. Vendor/Internal Strategy: Document if you will use a vendor
facility (external strategy) to house your equipment or one of
your internal locations (the latter is an internal strategy).
i. INTERNAL LOCATION: Remember that this Company has
multiple facilities in which you may locate your
hardware/software for your strategy. If you choose an
INTERNAL location you must also provide the following
information:
1. Select the facility that you will use and document its
location.
2. You must discuss WHY you selected that specific location.
For example, if you selected a facility in Pennsylvania instead
of Kansas, ONE OF YOUR REASONS might be that
Pennsylvania is NOT in Tornado Alley while Kansas is right in
the middle of it!!! Of course, this is only one reason of which
there should be SEVERAL REASONS. (This is similar to a
Risk Assessment which would be completed before you select
the location.)
c. Justify Vendor/Internal Strategy: Also, explain WHY you are
selecting an internal or external location, which means provide
detailed justification.
4. EVALUATE STRATEGIES NOT RECOMMENDED IN
COMPARISON TO YOUR RECOMMENDED STRATEGY:
a. Evaluate Each Strategy NOT Recommended: Document the
54. following for each strategy NOT recommended:
i. A THOROUGH description of the Strategy (this is the
definition). REMEMBER TO COPY YOUR STRATEGY
DESCRIPTION FROM YOUR HOMEWORK 3 SUBMISSION,
ENSURING THAT YOU MAKE ANY CORRECTIONS THAT
WERE INDICATED BY THE INSTRUCTOR.
AND
ii. REASON WHY YOU DID NOT RECOMMEND STRATEGY:
As in Homework 3, this is WHY each strategy is inappropriate
for THE HARDWARE/ SOFTWARE USED BY THE
JACKSONVILLE REGIONAL OPERATIONS. (This is NOT
the disadvantages of the strategy. Rather, document WHY
EACH ONE IS INAPPROPRIATE FOR THE
HARDWARE/SOFTWARE USED BY THE JACKSONVILLE
REGIONAL OPERATIONS.)
NOTE: YOU MUST EVALUATE EACH STRATEGY BY
USING RTOs/RPOs AS YOU DID IN HOMEWORK 3.
YOU MUST NOT COPY YOUR EXACT WORDS FROM
HOMEWORK 3 SINCE THIS IS SELF-PLAGIARISM; multiple
points will be deducted if you do this! INSTEAD, YOU MUST
USE DIFFERENT WORDS WHEN YOU EXPLAIN WHY YOU
DID NOT RECOMMEND EACH STRATEGY.
Remember that HIPAA might be an appropriate reason(s).
5. WRAP-UP OF ANALYSIS
a. What advantages would there be for your recommended
strategy? What are the disadvantages for this strategy???
b. Document any other reason for choosing the strategy.
55. REMEMBER, DO NOT INCLUDE WORK AREA RECOVERY
STRATEGIES IN YOUR ANSWER TO QUESTION #1.
REFERENCE DOCUMENTS TO USE FOR THIS QUESTION:
The documents you want to refer to are in Week 3 of D2L:
1. “Develop Disaster Recovery (Technology) StrategiesV17”
2. “How to Select Technology Recovery Strategies”
QUESTION #2 (WORTH 50 OUT OF 100 POINTS)
QUESTION #2 IS ABOUT WORK AREA RECOVERY. SEE
THE FOLLOWING QUESTIONS YOU NEED TO ANSWER:
Question 2: FOR EMPLOYEES IN “JACKSONVILLE
REGIONAL OPERATIONS” ONLY, WHAT WORK AREA
RECOVERY APPROACH DO YOU RECOMMEND FOR THE
REQUIREMENTS DOCUMENTED IN THE FOLLOWING
DOCUMENT “FINAL—APDX1—WORK AREA RECOVERY
REQUIREMENTS.” AGAIN, JUSTIFY YOUR
RECOMMENDATION(S) BASED UPON INFORMATION IN
THE DESCRIPTION OF THE CLIENT, APENDICES, ETC.
(NOTE: The Departments Included in Jacksonville Regional
Operations are: a) Customer Relations; b) Claim Pmt.
Activities; c) Customer Phone Contact; and d) Utilization
Mgmt.)
THESE DEPARTMENTS ARE HIGHLIGHTED IN YELLOW
56. IN APPENDIX 1. ONLY PROVIDE A WORK AREA
RECOVERY STRATEGY FOR THESE DEPARTMENTS
ONLY.
ADDRESS THE FOLLOWING:
1. DOCUMENT THE RTO FOR WORK AREA RECOVERY.
To gather the Work Area Recovery Requirements, refer to
Appendix 1.
I. What is the RTO for Work Area?How many seats do
you need at that time??
2. CHOOSE THE WORK AREA RECOVERY STRATEGY AND
DOCUMENT THE NAME OF THE STRATEGY.
3. DESCRIBE YOUR STRATEGY BY DOCUMENTING THE
FOLLOWING:
I. How Strategy Will Work: Describe how your strategy will
work in detail. (Example, if you recommend a Vendor Strategy,
describe HOW it will work in the company’s environment.)
NOTE THAT THIS MUST BE ORIGINAL TEXT AND
CANNOT BE COPIED FROM HOMEWORK 4.
MAKE SURE THAT YOU DISCUSS HOW THEY WILL MEET
THEIR 4 HOUR RTO!!!
a. Vendor/Internal Strategy: Document if you will use a vendor
facility (external strategy) for Work Area Recovery or one of
your internal locations (the latter is an internal strategy).
i. INTERNAL LOCATION(S): Remember that this Company
has multiple facilities that might be used for your Work Area
57. Recovery Strategy. If you choose an INTERNAL location(s)
you must also provide the following information:
1. Select the facility(ies) that you will use and document its
location.
2. LOCATION SELECTION: You must discuss WHY you
selected that specific location(s). For example, if you selected
a facility in Pennsylvania instead of Kansas, ONE OF YOUR
REASONS might be that Pennsylvania is NOT in Tornado Alley
while Kansas is right in the middle of it!!! Of course, this is
only one reason of which there should be SEVERAL REASONS.
(This is similar to a Risk Assessment which would be completed
before you select the location.)
3. HOW EMPLOYEES WILL BE ACCOMMODATED: Where
will the employees work in the location(s) specified above?
You must be specific and state HOW they will be
accommodated.
4. WHEN PCs WILL BE ACQUIRED: Discuss if you will
acquire PCs now or ATOD. If you will acquire now, will you
install now or later? Discuss this in detail.
b. Justify Vendor/Internal Strategy: Also, explain WHY you are
selecting an internal or external location, which means provide
detailed justification.
4. EVALUATE STRATEGIES NOT RECOMMENDED IN
COMPARISON TO YOUR RECOMMENDED STRATEGY:
58. I. Evaluate Each Strategy NOT Recommended: Document the
following for each strategy NOT recommended:
ii. A THOROUGH description of the Strategy (this is the
definition). REMEMBER TO COPY YOUR DESCRIPTION
FROM YOUR HOMEWORK 4 SUBMISSION, ENSURING
THAT YOU MAKE ANY CORRECTIONS THAT WERE
INDICATED BY THE INSTRUCTOR.
AND
iii. REASON(S) WHY each strategy is inappropriate for THE
JACKSONVILLE REGIONAL OPERATIONS AND THEIR
REQUIREMENTS (REFER TO PAGES 18 AND 19 OF THE
BIA FOR INFORMATION ON DEPARTMENTS INCLUDED
IN THE JACKSONVILLE REGIONAL OPERATIONS). (This
is NOT the disadvantages of the strategy. Rather, document
WHY EACH STRATEGY IS INAPPROPRIATE FOR THE
WORK COMPLETED BY THE JACKSONVILLE REGIONAL
OPERATIONS.)
IF YOUR REASONS ARE THE SAME AS HOMEWORK 4,
YOU MUST NOT COPY YOUR EXACT WORDS FROM
HOMEWORK 4 SINCE THIS IS SELF-PLAGIARISM; multiple
points will be deducted if you do this! INSTEAD, YOU MUST
USE DIFFERENT WORDS WHEN YOU EXPLAIN WHY YOU
DID NOT RECOMMEND EACH STRATEGY.
Remember that HIPAA might be an appropriate reason(s).
5) WRAP-UP OF ANALYSIS
I. What advantages would there be for your recommended
strategy? What are the disadvantages for this strategy???
59. Remember, do NOT include the technology strategy documented
in Question 1 as that is for Disaster Recovery and NOT Work
Area Recovery. This question is for Work Area Recovery
ONLY!!!!
REFERENCE DOCUMENTS TO USE FOR THIS QUESTION:
The documents to refer to are in Week 5 of D2L:
1. “Business Recovery (Work Area Recovery) Strategies”
2. “Work Area Recovery Strategy Decisions”