SlideShare a Scribd company logo

This sample template is designed to assist the user in performing .docx

Download as DOCX, PDF
J
juliennehar

This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version.  Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the {system name}{system acronym}. It was prepared on {insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission.  2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible.  Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records. 3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources. This document is used to build the {system name} Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan. 2. System Description Provide a general description of system architecture and functionality. Indicate the operating environment, physical location, general location of users, and partnerships with external organizations/systems. Include information regarding any other technical considerations that are important for recovery purposes, such as backup procedures. Provide a diagram of the architecture, including inputs and outputs and telecommunications connections. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP ...

Education
1 of 9
This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version. Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the {system name}{system acronym}. It was prepared on {insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission. 2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital
records. 3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources. This document is used to build the {system name} Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan. 2. System Description Provide a general description of system architecture and functionality. Indicate the operating environment, physical location, general location of users, and partnerships with external organizations/systems. Include information regarding any other technical considerations that are important for recovery purposes, such as backup procedures. Provide a diagram of the architecture, including inputs and outputs and telecommunications connections. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP and attach the latest version of the SSP to this contingency plan. 3. BIA Data Collection Data collection can be accomplished through individual/group interviews, workshops, email, questionnaires, or any combination of these. 3.1 Determine Process and System Criticality Step one of the BIA process - Working with input from users, managers, mission/business process owners, and other internal
or external points of contact (POC), identify the specific mission/business processes that depend on or support the information system. Mission/Business Process Description Pay vendor invoice Process of obligating funds, issuing check or electronic payment and acknowledging receipt If criticality of mission/business processes has not been determined outside of the BIA, the following subsections will help to determine criticality of mission/business processes that depend on or support the information system. 3.1.1Identify Outage Impacts and Estimated Downtime This section identifies and characterizes the types of impact categories that a system disruption is likely to create in addition to those identified by the FIPS 199 impact level, as well as the estimated downtime that the organization can tolerate for a given process. Impact categories should be created and values assigned to these categories in order to measure the level or type of impact a disruption may cause. An example of cost as an impact category is provided. Organizations could consider other categories like harm to individuals and ability to perform mission. The template should be revised to reflect what is appropriate for the organization. Outage Impacts Impact categories and values should be created in order to characterize levels of severity to the organization that would
result for that particular impact category if the mission/business process could not be performed. These impact categories and values are samples and should be revised to reflect what is appropriate for the organization. The following impact categories represent important areas for consideration in the event of a disruption or impact. Example impact category = Cost · Severe - temp staffing, overtime, fees are greater than $1 million · Moderate – fines, penalties, liabilities potential $550k · Minimal – new contracts, supplies $75k Impact category: {insert category name} Impact values for assessing category impact: · Severe = {insert value} · Moderate = {insert value} · Minimal = {insert value} The table below summarizes the impact on each mission/business process if {system name} were unavailable, based on the following criteria: Mission/Business Process Impact Category {insert} {insert} {insert} {insert} Impact Pay vendor invoice
Estimated Downtime Working directly with mission/business process owners, departmental staff, managers, and other stakeholders, estimate the downtime factors for consideration as a result of a disruptive event. · Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time leaders/managers are willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave continuity planners with imprecise direction on (1) selection of an appropriate recovery method, and (2) the depth of detail which will be required when developing recovery procedures, including their scope and content. · Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable
before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. · Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data must be recovered (given the most recent backup copy of the data) after an outage. The table below identifies the MTD, RTO, and RPO (as applicable) for the organizational mission/business processes that rely on {system name}. Values for MTDs and RPOs are expected to be specific time frames, identified in hourly increments (i.e., 8 hours, 36 hours, 97 hours, etc.). Mission/Business Process MTD RTO RPO Pay vendor invoice 72 hours 48 hours 12 hours (last backup)
Include a description of the drivers for the MTD, RTO, and RPOs listed in the table above (e.g., mandate, workload, performance measure, etc.). Include a description of any alternate means (secondary processing or manual work-around) for recovering the mission/business process(es) that rely on the system. If none exist, so state. 3.2 Identify Resource Requirements The following table identifies the resources that compose {system name} including hardware, software, and other resources such as data files. System Resource/Component Platform/OS/Version (as applicable) Description Web Server 1 Optiplex GX280 Web Site Host It is assumed that all identified resources support the mission/business processes identified in Section 3.1 unless otherwise stated. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP and
attach the latest version of the SSP to this contingency plan. 3.3 Identify Recovery Priorities for System Resources The table below lists the order of recovery for {system name} resources. The table also identifies the expected time for recovering the resource following a “worst case” (complete rebuild/repair or replacement) disruption. · Recovery Time Objective (RTO) - RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. Priority System Resource/Component Recovery Time Objective Web Server 1 Optiplex GX280 24 hours to rebuild or replace A system resource can be software, data files, servers, or other hardware and should be identified individually or as a logical group. Identify any alternate strategies in place to meet expected RTOs. This includes backup or spare equipment and vendor support contracts.
This sample template is designed to assist the user in performing .docx

Recommended

NOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxNOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxvannagoforth
 
System analysis and_design
System analysis and_designSystem analysis and_design
System analysis and_designTushar Rajput
 
Task 1.Complete the BIA table below and use it for the remai
Task 1.Complete the BIA table below and use it for the remaiTask 1.Complete the BIA table below and use it for the remai
Task 1.Complete the BIA table below and use it for the remaialehosickg3
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)GovCloud Network
 
Unit iii tqm
Unit iii tqmUnit iii tqm
Unit iii tqmV.V.RAMANA MURTHY
 
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxBusiness Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxfelicidaddinwoodie
 
Chapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing TasksChapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing TasksNeeraj Kumar Singh
 
NOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxNOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxgibbonshay
 

Recommended

NOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxNOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxvannagoforth
 
System analysis and_design
System analysis and_designSystem analysis and_design
System analysis and_designTushar Rajput
 
Task 1.Complete the BIA table below and use it for the remai
Task 1.Complete the BIA table below and use it for the remaiTask 1.Complete the BIA table below and use it for the remai
Task 1.Complete the BIA table below and use it for the remaialehosickg3
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)GovCloud Network
 
Unit iii tqm
Unit iii tqmUnit iii tqm
Unit iii tqmV.V.RAMANA MURTHY
 
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxBusiness Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxfelicidaddinwoodie
 
Chapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing TasksChapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing TasksNeeraj Kumar Singh
 
NOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxNOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxgibbonshay
 
System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]Abir Maheshwari
 
Sdlc1
Sdlc1Sdlc1
Sdlc1Jithin Kottikkal
 
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docxNew folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docxhenrymartin15260
 
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docxCOMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docxmonicafrancis71118
 
Preventive Maintenance Process and Program
Preventive Maintenance Process and ProgramPreventive Maintenance Process and Program
Preventive Maintenance Process and ProgramRicky Smith CMRP
 
What every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryWhat every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryessbaih
 
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docxCMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docxmary772
 
Software Development Skills and SDLC
Software Development Skills and SDLCSoftware Development Skills and SDLC
Software Development Skills and SDLCBosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
BUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENTBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENTSkillmine Technology Consulting
 
SDLC
SDLCSDLC
SDLCnethisip13
 
Bis Chapter2
Bis Chapter2Bis Chapter2
Bis Chapter2Chun Hoi Lam
 
Functional requirements-document
Functional requirements-documentFunctional requirements-document
Functional requirements-documentAnil Kumar
 
373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docxsanthoshyadav23
 
Sdlc
SdlcSdlc
SdlcGurudutt Reddy
 
Intro sad
Intro sadIntro sad
Intro sadabhijeetdavane
 
Asset Management System Introduction
Asset Management System IntroductionAsset Management System Introduction
Asset Management System IntroductionSara Parker
 
Sdlc
SdlcSdlc
SdlcWaheed Iqbal Boss
 
Software engineering Unit-2
Software engineering Unit-2Software engineering Unit-2
Software engineering Unit-2Samura Daniel
 
System development life cycle
System development life cycleSystem development life cycle
System development life cycleYaswanth Babu Gummadivelli
 
SE - Lecture 13 - Software Evolution and Tech Trends.pptx
SE - Lecture 13 - Software Evolution and Tech Trends.pptxSE - Lecture 13 - Software Evolution and Tech Trends.pptx
SE - Lecture 13 - Software Evolution and Tech Trends.pptxTangZhiSiang
 
One way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxOne way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxjuliennehar
 
One paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxOne paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxjuliennehar
 

More Related Content

Similar to This sample template is designed to assist the user in performing .docx

System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]Abir Maheshwari
 
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docxNew folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docxhenrymartin15260
 
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docxCOMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docxmonicafrancis71118
 
Preventive Maintenance Process and Program
Preventive Maintenance Process and ProgramPreventive Maintenance Process and Program
Preventive Maintenance Process and ProgramRicky Smith CMRP
 
What every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryWhat every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryessbaih
 
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docxCMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docxmary772
 
Functional requirements-document
Functional requirements-documentFunctional requirements-document
Functional requirements-documentAnil Kumar
 
373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docxsanthoshyadav23
 
Asset Management System Introduction
Asset Management System IntroductionAsset Management System Introduction
Asset Management System IntroductionSara Parker
 
Software engineering Unit-2
Software engineering Unit-2Software engineering Unit-2
Software engineering Unit-2Samura Daniel
 
SE - Lecture 13 - Software Evolution and Tech Trends.pptx
SE - Lecture 13 - Software Evolution and Tech Trends.pptxSE - Lecture 13 - Software Evolution and Tech Trends.pptx
SE - Lecture 13 - Software Evolution and Tech Trends.pptxTangZhiSiang
 

Similar to This sample template is designed to assist the user in performing .docx (20)

System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]
 
Sdlc1
Sdlc1Sdlc1
Sdlc1
 
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docxNew folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
 
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docxCOMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
 
Preventive Maintenance Process and Program
Preventive Maintenance Process and ProgramPreventive Maintenance Process and Program
Preventive Maintenance Process and Program
 
What every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryWhat every IT audit should know about backup and recovery
What every IT audit should know about backup and recovery
 
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docxCMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
 
Software Development Skills and SDLC
Software Development Skills and SDLCSoftware Development Skills and SDLC
Software Development Skills and SDLC
 
BUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENTBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT
 
SDLC
SDLCSDLC
SDLC
 
Bis Chapter2
Bis Chapter2Bis Chapter2
Bis Chapter2
 
Functional requirements-document
Functional requirements-documentFunctional requirements-document
Functional requirements-document
 
373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx
 
Sdlc
SdlcSdlc
Sdlc
 
Intro sad
Intro sadIntro sad
Intro sad
 
Asset Management System Introduction
Asset Management System IntroductionAsset Management System Introduction
Asset Management System Introduction
 
Sdlc
SdlcSdlc
Sdlc
 
Software engineering Unit-2
Software engineering Unit-2Software engineering Unit-2
Software engineering Unit-2
 
System development life cycle
System development life cycleSystem development life cycle
System development life cycle
 
SE - Lecture 13 - Software Evolution and Tech Trends.pptx
SE - Lecture 13 - Software Evolution and Tech Trends.pptxSE - Lecture 13 - Software Evolution and Tech Trends.pptx
SE - Lecture 13 - Software Evolution and Tech Trends.pptx
 

More from juliennehar

One way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxOne way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxjuliennehar
 
One paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxOne paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxjuliennehar
 
one paragraph for each conceptoriginal workSocial Stratifica.docx
one paragraph for each conceptoriginal workSocial Stratifica.docxone paragraph for each conceptoriginal workSocial Stratifica.docx
one paragraph for each conceptoriginal workSocial Stratifica.docxjuliennehar
 
one pageExamine the importance of popular culture and technology.docx
one pageExamine the importance of popular culture and technology.docxone pageExamine the importance of popular culture and technology.docx
one pageExamine the importance of popular culture and technology.docxjuliennehar
 
One-half pageWhat accounts are included in the revenue cycleD.docx
One-half pageWhat accounts are included in the revenue cycleD.docxOne-half pageWhat accounts are included in the revenue cycleD.docx
One-half pageWhat accounts are included in the revenue cycleD.docxjuliennehar
 
One way chemists use to determine the molecular weight of large biom.docx
One way chemists use to determine the molecular weight of large biom.docxOne way chemists use to determine the molecular weight of large biom.docx
One way chemists use to determine the molecular weight of large biom.docxjuliennehar
 
One page paper answering following questions. Describe the charact.docx
One page paper answering following questions. Describe the charact.docxOne page paper answering following questions. Describe the charact.docx
One page paper answering following questions. Describe the charact.docxjuliennehar
 
One page on Applying Platos Allegory of the Cave in the light o.docx
One page on Applying Platos Allegory of the Cave in the light o.docxOne page on Applying Platos Allegory of the Cave in the light o.docx
One page on Applying Platos Allegory of the Cave in the light o.docxjuliennehar
 
one page in APA format.Using the Competing Values Framework, how w.docx
one page in APA format.Using the Competing Values Framework, how w.docxone page in APA format.Using the Competing Values Framework, how w.docx
one page in APA format.Using the Competing Values Framework, how w.docxjuliennehar
 
One more source needs to be added to the ppt. There is a 5-6 min spe.docx
One more source needs to be added to the ppt. There is a 5-6 min spe.docxOne more source needs to be added to the ppt. There is a 5-6 min spe.docx
One more source needs to be added to the ppt. There is a 5-6 min spe.docxjuliennehar
 
One of the recent developments facing the public administration of c.docx
One of the recent developments facing the public administration of c.docxOne of the recent developments facing the public administration of c.docx
One of the recent developments facing the public administration of c.docxjuliennehar
 
One of the most important functions (protocols) in a packet-switched.docx
One of the most important functions (protocols) in a packet-switched.docxOne of the most important functions (protocols) in a packet-switched.docx
One of the most important functions (protocols) in a packet-switched.docxjuliennehar
 
One of the main themes of this course has been culture as an on-goin.docx
One of the main themes of this course has been culture as an on-goin.docxOne of the main themes of this course has been culture as an on-goin.docx
One of the main themes of this course has been culture as an on-goin.docxjuliennehar
 
One of the main political separations that divide people today is Li.docx
One of the main political separations that divide people today is Li.docxOne of the main political separations that divide people today is Li.docx
One of the main political separations that divide people today is Li.docxjuliennehar
 
One of the very first cases that caught Freud’s attention when he wa.docx
One of the very first cases that caught Freud’s attention when he wa.docxOne of the very first cases that caught Freud’s attention when he wa.docx
One of the very first cases that caught Freud’s attention when he wa.docxjuliennehar
 
One of the great benefits of the Apache web server is its wide range.docx
One of the great benefits of the Apache web server is its wide range.docxOne of the great benefits of the Apache web server is its wide range.docx
One of the great benefits of the Apache web server is its wide range.docxjuliennehar
 
One of the most difficult components of effective .docx
One of the most difficult components of effective .docxOne of the most difficult components of effective .docx
One of the most difficult components of effective .docxjuliennehar
 
One of the high points of the campaign will be a look to the future .docx
One of the high points of the campaign will be a look to the future .docxOne of the high points of the campaign will be a look to the future .docx
One of the high points of the campaign will be a look to the future .docxjuliennehar
 
One of the most basic aims of human computer interaction has been sp.docx
One of the most basic aims of human computer interaction has been sp.docxOne of the most basic aims of human computer interaction has been sp.docx
One of the most basic aims of human computer interaction has been sp.docxjuliennehar
 
One of the most common workplace communication tools is a telephon.docx
One of the most common workplace communication tools is a telephon.docxOne of the most common workplace communication tools is a telephon.docx
One of the most common workplace communication tools is a telephon.docxjuliennehar
 

More from juliennehar (20)

One way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docxOne way to improve your verbal communication is to own your thoughts.docx
One way to improve your verbal communication is to own your thoughts.docx
 
One paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docxOne paragraphHas your family experienced significant upward or .docx
One paragraphHas your family experienced significant upward or .docx
 
one paragraph for each conceptoriginal workSocial Stratifica.docx
one paragraph for each conceptoriginal workSocial Stratifica.docxone paragraph for each conceptoriginal workSocial Stratifica.docx
one paragraph for each conceptoriginal workSocial Stratifica.docx
 
one pageExamine the importance of popular culture and technology.docx
one pageExamine the importance of popular culture and technology.docxone pageExamine the importance of popular culture and technology.docx
one pageExamine the importance of popular culture and technology.docx
 
One-half pageWhat accounts are included in the revenue cycleD.docx
One-half pageWhat accounts are included in the revenue cycleD.docxOne-half pageWhat accounts are included in the revenue cycleD.docx
One-half pageWhat accounts are included in the revenue cycleD.docx
 
One way chemists use to determine the molecular weight of large biom.docx
One way chemists use to determine the molecular weight of large biom.docxOne way chemists use to determine the molecular weight of large biom.docx
One way chemists use to determine the molecular weight of large biom.docx
 
One page paper answering following questions. Describe the charact.docx
One page paper answering following questions. Describe the charact.docxOne page paper answering following questions. Describe the charact.docx
One page paper answering following questions. Describe the charact.docx
 
One page on Applying Platos Allegory of the Cave in the light o.docx
One page on Applying Platos Allegory of the Cave in the light o.docxOne page on Applying Platos Allegory of the Cave in the light o.docx
One page on Applying Platos Allegory of the Cave in the light o.docx
 
one page in APA format.Using the Competing Values Framework, how w.docx
one page in APA format.Using the Competing Values Framework, how w.docxone page in APA format.Using the Competing Values Framework, how w.docx
one page in APA format.Using the Competing Values Framework, how w.docx
 
One more source needs to be added to the ppt. There is a 5-6 min spe.docx
One more source needs to be added to the ppt. There is a 5-6 min spe.docxOne more source needs to be added to the ppt. There is a 5-6 min spe.docx
One more source needs to be added to the ppt. There is a 5-6 min spe.docx
 
One of the recent developments facing the public administration of c.docx
One of the recent developments facing the public administration of c.docxOne of the recent developments facing the public administration of c.docx
One of the recent developments facing the public administration of c.docx
 
One of the most important functions (protocols) in a packet-switched.docx
One of the most important functions (protocols) in a packet-switched.docxOne of the most important functions (protocols) in a packet-switched.docx
One of the most important functions (protocols) in a packet-switched.docx
 
One of the main themes of this course has been culture as an on-goin.docx
One of the main themes of this course has been culture as an on-goin.docxOne of the main themes of this course has been culture as an on-goin.docx
One of the main themes of this course has been culture as an on-goin.docx
 
One of the main political separations that divide people today is Li.docx
One of the main political separations that divide people today is Li.docxOne of the main political separations that divide people today is Li.docx
One of the main political separations that divide people today is Li.docx
 
One of the very first cases that caught Freud’s attention when he wa.docx
One of the very first cases that caught Freud’s attention when he wa.docxOne of the very first cases that caught Freud’s attention when he wa.docx
One of the very first cases that caught Freud’s attention when he wa.docx
 
One of the great benefits of the Apache web server is its wide range.docx
One of the great benefits of the Apache web server is its wide range.docxOne of the great benefits of the Apache web server is its wide range.docx
One of the great benefits of the Apache web server is its wide range.docx
 
One of the most difficult components of effective .docx
One of the most difficult components of effective .docxOne of the most difficult components of effective .docx
One of the most difficult components of effective .docx
 
One of the high points of the campaign will be a look to the future .docx
One of the high points of the campaign will be a look to the future .docxOne of the high points of the campaign will be a look to the future .docx
One of the high points of the campaign will be a look to the future .docx
 
One of the most basic aims of human computer interaction has been sp.docx
One of the most basic aims of human computer interaction has been sp.docxOne of the most basic aims of human computer interaction has been sp.docx
One of the most basic aims of human computer interaction has been sp.docx
 
One of the most common workplace communication tools is a telephon.docx
One of the most common workplace communication tools is a telephon.docxOne of the most common workplace communication tools is a telephon.docx
One of the most common workplace communication tools is a telephon.docx
 

Recently uploaded

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

This sample template is designed to assist the user in performing .docx

  • 1. This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version. Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the {system name}{system acronym}. It was prepared on {insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission. 2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital
  • 2. records. 3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources. This document is used to build the {system name} Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan. 2. System Description Provide a general description of system architecture and functionality. Indicate the operating environment, physical location, general location of users, and partnerships with external organizations/systems. Include information regarding any other technical considerations that are important for recovery purposes, such as backup procedures. Provide a diagram of the architecture, including inputs and outputs and telecommunications connections. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP and attach the latest version of the SSP to this contingency plan. 3. BIA Data Collection Data collection can be accomplished through individual/group interviews, workshops, email, questionnaires, or any combination of these. 3.1 Determine Process and System Criticality Step one of the BIA process - Working with input from users, managers, mission/business process owners, and other internal
  • 3. or external points of contact (POC), identify the specific mission/business processes that depend on or support the information system. Mission/Business Process Description Pay vendor invoice Process of obligating funds, issuing check or electronic payment and acknowledging receipt If criticality of mission/business processes has not been determined outside of the BIA, the following subsections will help to determine criticality of mission/business processes that depend on or support the information system. 3.1.1Identify Outage Impacts and Estimated Downtime This section identifies and characterizes the types of impact categories that a system disruption is likely to create in addition to those identified by the FIPS 199 impact level, as well as the estimated downtime that the organization can tolerate for a given process. Impact categories should be created and values assigned to these categories in order to measure the level or type of impact a disruption may cause. An example of cost as an impact category is provided. Organizations could consider other categories like harm to individuals and ability to perform mission. The template should be revised to reflect what is appropriate for the organization. Outage Impacts Impact categories and values should be created in order to characterize levels of severity to the organization that would
  • 4. result for that particular impact category if the mission/business process could not be performed. These impact categories and values are samples and should be revised to reflect what is appropriate for the organization. The following impact categories represent important areas for consideration in the event of a disruption or impact. Example impact category = Cost · Severe - temp staffing, overtime, fees are greater than $1 million · Moderate – fines, penalties, liabilities potential $550k · Minimal – new contracts, supplies $75k Impact category: {insert category name} Impact values for assessing category impact: · Severe = {insert value} · Moderate = {insert value} · Minimal = {insert value} The table below summarizes the impact on each mission/business process if {system name} were unavailable, based on the following criteria: Mission/Business Process Impact Category {insert} {insert} {insert} {insert} Impact Pay vendor invoice
  • 5. Estimated Downtime Working directly with mission/business process owners, departmental staff, managers, and other stakeholders, estimate the downtime factors for consideration as a result of a disruptive event. · Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time leaders/managers are willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave continuity planners with imprecise direction on (1) selection of an appropriate recovery method, and (2) the depth of detail which will be required when developing recovery procedures, including their scope and content. · Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable
  • 6. before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. · Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data must be recovered (given the most recent backup copy of the data) after an outage. The table below identifies the MTD, RTO, and RPO (as applicable) for the organizational mission/business processes that rely on {system name}. Values for MTDs and RPOs are expected to be specific time frames, identified in hourly increments (i.e., 8 hours, 36 hours, 97 hours, etc.). Mission/Business Process MTD RTO RPO Pay vendor invoice 72 hours 48 hours 12 hours (last backup)
  • 7. Include a description of the drivers for the MTD, RTO, and RPOs listed in the table above (e.g., mandate, workload, performance measure, etc.). Include a description of any alternate means (secondary processing or manual work-around) for recovering the mission/business process(es) that rely on the system. If none exist, so state. 3.2 Identify Resource Requirements The following table identifies the resources that compose {system name} including hardware, software, and other resources such as data files. System Resource/Component Platform/OS/Version (as applicable) Description Web Server 1 Optiplex GX280 Web Site Host It is assumed that all identified resources support the mission/business processes identified in Section 3.1 unless otherwise stated. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP and
  • 8. attach the latest version of the SSP to this contingency plan. 3.3 Identify Recovery Priorities for System Resources The table below lists the order of recovery for {system name} resources. The table also identifies the expected time for recovering the resource following a “worst case” (complete rebuild/repair or replacement) disruption. · Recovery Time Objective (RTO) - RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. Priority System Resource/Component Recovery Time Objective Web Server 1 Optiplex GX280 24 hours to rebuild or replace A system resource can be software, data files, servers, or other hardware and should be identified individually or as a logical group. Identify any alternate strategies in place to meet expected RTOs. This includes backup or spare equipment and vendor support contracts.