SlideShare a Scribd company logo

This sample template is designed to assist the user in performing .docx

Download as DOCX, PDF
R
rhetttrevannion

This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version.  Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the { system name}{ system acronym}. It was prepared on { insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission.  2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible.  Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records. 3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources. This document is used to build the { system name} Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan. 2. System Description Provide a general description of system architecture and functionality. Indicate the operating environment, physical location, general location of users, and partnerships with external organizations/systems. Include information regarding any other technical considerations that are important for recovery purposes, such as backup procedures. Provide a diagram of the architecture, including inputs and outputs and telecommunic.

1 of 10
This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version. Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the { system name}{ system acronym}. It was prepared on { insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission.
2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records. 3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources. This document is used to build the { system name} Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan. 2. System Description Provide a general description of system architecture and functionality. Indicate the operating environment, physical location, general location of users, and partnerships with external organizations/systems. Include information regarding any other technical considerations that are important for recovery purposes, such as backup procedures. Provide a diagram of the architecture, including inputs and outputs and
telecommunications connections. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP and attach the latest version of the SSP to this contingency plan. 3. BIA Data Collection Data collection can be accomplished through individual/group interviews, workshops, email, questionnaires, or any combination of these. 3.1 Determine Process and System Criticality Step one of the BIA process - Working with input from users, managers, mission/business process owners, and other internal or external points of contact (POC), identify the specific mission/business processes that depend on or support the information system. Mission/Business Process Description Pay vendor invoice Process of obligating funds, issuing check or electronic payment and acknowledging receipt If criticality of mission/business processes has not been determined outside of the BIA, the following subsections will help to determine criticality of mission/business processes that depend on or support the information system.
3.1.1Identify Outage Impacts and Estimated Downtime This section identifies and characterizes the types of impact categories that a system disruption is likely to create in addition to those identified by the FIPS 199 impact level, as well as the estimated downtime that the organization can tolerate for a given process. Impact categories should be created and values assigned to these categories in order to measure the level or type of impact a disruption may cause. An example of cost as an impact category is provided. Organizations could consider other categories like harm to individuals and ability to perform mission. The template should be revised to reflect what is appropriate for the organization. Outage Impacts Impact categories and values should be created in order to characterize levels of severity to the organization that would result for that particular impact category if the mission/business process could not be performed. These impact categories and values are samples and should be revised to reflect what is appropriate for the organization. The following impact categories represent important areas for consideration in the event of a disruption or impact. Example impact category = Cost · Severe - temp staffing, overtime, fees are greater than $1 million · Moderate – fines, penalties, liabilities potential $550k · Minimal – new contracts, supplies $75k Impact category: { insert category name}
Impact values for assessing category impact: · Severe = { insert value} · Moderate = { insert value} · Minimal = { insert value} The table below summarizes the impact on each mission/business process if { system name} were unavailable, based on the following criteria: Mission/Business Process Impact Category { insert} { insert} { insert} { insert} Impact Pay vendor invoice
Estimated Downtime Working directly with mission/business process owners, departmental staff, managers, and other stakeholders, estimate the downtime factors for consideration as a result of a disruptive event. · Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time leaders/managers are willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave continuity planners with imprecise direction on (1) selection of an appropriate recovery method, and (2) the depth of detail which will be required when
developing recovery procedures, including their scope and content. · Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. · Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data must be recovered (given the most recent backup copy of the data) after an outage. The table below identifies the MTD, RTO, and RPO (as applicable) for the organizational mission/business processes that rely on { system name} . Values for MTDs and RPOs are expected to be specific time frames, identified in hourly increments (i.e., 8 hours, 36 hours, 97 hours, etc.). Mission/Business Process MTD RTO RPO Pay vendor invoice 72 hours 48 hours 12 hours (last backup)
Include a description of the drivers for the MTD, RTO, and RPOs listed in the table above (e.g., mandate, workload, performance measure, etc.). Include a description of any alternate means (secondary processing or manual work-around) for recovering the mission/business process(es) that rely on the system. If none exist, so state. 3.2 Identify Resource Requirements The following table identifies the resources that compose { system name} including hardware, software, and other resources such as data files. System Resource/Component Platform/OS/Version (as applicable) Description Web Server 1 Optiplex GX280 Web Site Host
It is assumed that all identified resources support the mission/business processes identified in Section 3.1 unless otherwise stated. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP and attach the latest version of the SSP to this contingency plan. 3.3 Identify Recovery Priorities for System Resources The table below lists the order of recovery for { system name} resources. The table also identifies the expected time for recovering the resource following a “worst case” (complete rebuild/repair or replacement) disruption. · Recovery Time Objective (RTO) - RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. Priority
System Resource/Component Recovery Time Objective Web Server 1 Optiplex GX280 24 hours to rebuild or replace A system resource can be software, data files, servers, or other hardware and should be identified individually or as a logical group. Identify any alternate strategies in place to meet expected RTOs. This includes backup or spare equipment and vendor support contracts.

Recommended

NOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxNOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docx
vannagoforth
 
System analysis and_design
System analysis and_designSystem analysis and_design
System analysis and_design
Tushar Rajput
 
Task 1.Complete the BIA table below and use it for the remai
Task 1.Complete the BIA table below and use it for the remaiTask 1.Complete the BIA table below and use it for the remai
Task 1.Complete the BIA table below and use it for the remai
alehosickg3
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)
GovCloud Network
 
Unit iii tqm
Unit iii tqmUnit iii tqm
Unit iii tqm
V.V.RAMANA MURTHY
 
NOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxNOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docx
gibbonshay
 
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxBusiness Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
felicidaddinwoodie
 
System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]
Abir Maheshwari
 

Recommended

NOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxNOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docx
vannagoforth
 
System analysis and_design
System analysis and_designSystem analysis and_design
System analysis and_design
Tushar Rajput
 
Task 1.Complete the BIA table below and use it for the remai
Task 1.Complete the BIA table below and use it for the remaiTask 1.Complete the BIA table below and use it for the remai
Task 1.Complete the BIA table below and use it for the remai
alehosickg3
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)
GovCloud Network
 
Unit iii tqm
Unit iii tqmUnit iii tqm
Unit iii tqm
V.V.RAMANA MURTHY
 
NOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docxNOTE This sample template is provided to address NIST SP 800-53 s.docx
NOTE This sample template is provided to address NIST SP 800-53 s.docx
gibbonshay
 
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docxBusiness Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
Business Continuity Plan TemplateCIO Maria Sosa has asked you to p.docx
felicidaddinwoodie
 
System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]System Analysis & Designing : Elements of a System [In short]
System Analysis & Designing : Elements of a System [In short]
Abir Maheshwari
 
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docxCOMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
monicafrancis71118
 
What every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryWhat every IT audit should know about backup and recovery
What every IT audit should know about backup and recovery
essbaih
 
Sdlc1
Sdlc1Sdlc1
Sdlc1
Jithin Kottikkal
 
Chapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing TasksChapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing Tasks
Neeraj Kumar Singh
 
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docxNew folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
henrymartin15260
 
Preventive Maintenance Process and Program
Preventive Maintenance Process and ProgramPreventive Maintenance Process and Program
Preventive Maintenance Process and Program
Ricky Smith CMRP
 
Software Development Skills and SDLC
Software Development Skills and SDLCSoftware Development Skills and SDLC
Software Development Skills and SDLC
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
BUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENTBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT
Skillmine Technology Consulting
 
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docxCMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
mary772
 
Functional requirements-document
Functional requirements-documentFunctional requirements-document
Functional requirements-document
Anil Kumar
 
SDLC
SDLCSDLC
SDLC
nethisip13
 
373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx
santhoshyadav23
 
Asset Management System Introduction
Asset Management System IntroductionAsset Management System Introduction
Asset Management System Introduction
Sara Parker
 
Bis Chapter2
Bis Chapter2Bis Chapter2
Bis Chapter2
Chun Hoi Lam
 
Sdlc
SdlcSdlc
Sdlc
Gurudutt Reddy
 
Software engineering Unit-2
Software engineering Unit-2Software engineering Unit-2
Software engineering Unit-2
Samura Daniel
 
Reliability centered maintenance
Reliability centered maintenanceReliability centered maintenance
Reliability centered maintenance
Pankaj Singh
 
Sdlc
SdlcSdlc
Sdlc
Waheed Iqbal Boss
 
Intro sad
Intro sadIntro sad
Intro sad
abhijeetdavane
 
Reliability engineering chapter-4 fmea
Reliability engineering chapter-4 fmeaReliability engineering chapter-4 fmea
Reliability engineering chapter-4 fmea
Charlton Inao
 
Discuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docxDiscuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docx
rhetttrevannion
 
Discuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docxDiscuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docx
rhetttrevannion
 

More Related Content

Similar to This sample template is designed to assist the user in performing .docx

COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docxCOMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
monicafrancis71118
 
What every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryWhat every IT audit should know about backup and recovery
What every IT audit should know about backup and recovery
essbaih
 
Sdlc1
Sdlc1Sdlc1
Sdlc1
Jithin Kottikkal
 
Chapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing TasksChapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing Tasks
Neeraj Kumar Singh
 
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docxNew folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
henrymartin15260
 
Preventive Maintenance Process and Program
Preventive Maintenance Process and ProgramPreventive Maintenance Process and Program
Preventive Maintenance Process and Program
Ricky Smith CMRP
 
Software Development Skills and SDLC
Software Development Skills and SDLCSoftware Development Skills and SDLC
Software Development Skills and SDLC
Bosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
BUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENTBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT
Skillmine Technology Consulting
 
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docxCMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
mary772
 
Functional requirements-document
Functional requirements-documentFunctional requirements-document
Functional requirements-document
Anil Kumar
 
SDLC
SDLCSDLC
SDLC
nethisip13
 
373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx
santhoshyadav23
 
Asset Management System Introduction
Asset Management System IntroductionAsset Management System Introduction
Asset Management System Introduction
Sara Parker
 
Bis Chapter2
Bis Chapter2Bis Chapter2
Bis Chapter2
Chun Hoi Lam
 
Sdlc
SdlcSdlc
Sdlc
Gurudutt Reddy
 
Software engineering Unit-2
Software engineering Unit-2Software engineering Unit-2
Software engineering Unit-2
Samura Daniel
 
Reliability centered maintenance
Reliability centered maintenanceReliability centered maintenance
Reliability centered maintenance
Pankaj Singh
 
Sdlc
SdlcSdlc
Sdlc
Waheed Iqbal Boss
 
Intro sad
Intro sadIntro sad
Intro sad
abhijeetdavane
 
Reliability engineering chapter-4 fmea
Reliability engineering chapter-4 fmeaReliability engineering chapter-4 fmea
Reliability engineering chapter-4 fmea
Charlton Inao
 

Similar to This sample template is designed to assist the user in performing .docx (20)

COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docxCOMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
COMPANY Disaster Recovery Plan (DRP) for [PRODU.docx
 
What every IT audit should know about backup and recovery
What every IT audit should know about backup and recoveryWhat every IT audit should know about backup and recovery
What every IT audit should know about backup and recovery
 
Sdlc1
Sdlc1Sdlc1
Sdlc1
 
Chapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing TasksChapter 4 - Performance Testing Tasks
Chapter 4 - Performance Testing Tasks
 
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docxNew folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
New folderIMAG2318.jpgNew folderIMAG2319.jpgNew folder.docx
 
Preventive Maintenance Process and Program
Preventive Maintenance Process and ProgramPreventive Maintenance Process and Program
Preventive Maintenance Process and Program
 
Software Development Skills and SDLC
Software Development Skills and SDLCSoftware Development Skills and SDLC
Software Development Skills and SDLC
 
BUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENTBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT
 
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docxCMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
CMGT410 v19Business Requirements TemplateCMGT410 v19Page 2.docx
 
Functional requirements-document
Functional requirements-documentFunctional requirements-document
Functional requirements-document
 
SDLC
SDLCSDLC
SDLC
 
373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx373512722-Employee-Leave-Management-System.docx
373512722-Employee-Leave-Management-System.docx
 
Asset Management System Introduction
Asset Management System IntroductionAsset Management System Introduction
Asset Management System Introduction
 
Bis Chapter2
Bis Chapter2Bis Chapter2
Bis Chapter2
 
Sdlc
SdlcSdlc
Sdlc
 
Software engineering Unit-2
Software engineering Unit-2Software engineering Unit-2
Software engineering Unit-2
 
Reliability centered maintenance
Reliability centered maintenanceReliability centered maintenance
Reliability centered maintenance
 
Sdlc
SdlcSdlc
Sdlc
 
Intro sad
Intro sadIntro sad
Intro sad
 
Reliability engineering chapter-4 fmea
Reliability engineering chapter-4 fmeaReliability engineering chapter-4 fmea
Reliability engineering chapter-4 fmea
 

More from rhetttrevannion

Discuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docxDiscuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docx
rhetttrevannion
 
Discuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docxDiscuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docx
rhetttrevannion
 
Discuss theoretical considerations or assumptions relevant to yo.docx
Discuss theoretical considerations or assumptions relevant to yo.docxDiscuss theoretical considerations or assumptions relevant to yo.docx
Discuss theoretical considerations or assumptions relevant to yo.docx
rhetttrevannion
 
Discuss theprinciple events of PROCESS AND THREAD used in both t.docx
Discuss theprinciple events of PROCESS AND THREAD used in both t.docxDiscuss theprinciple events of PROCESS AND THREAD used in both t.docx
Discuss theprinciple events of PROCESS AND THREAD used in both t.docx
rhetttrevannion
 
Discuss the Windows Registry System Hive1) What information.docx
Discuss the Windows Registry System Hive1) What information.docxDiscuss the Windows Registry System Hive1) What information.docx
Discuss the Windows Registry System Hive1) What information.docx
rhetttrevannion
 
Discuss the way the idea of heroism develops from Gilgamesh th.docx
Discuss the way the idea of heroism develops from Gilgamesh th.docxDiscuss the way the idea of heroism develops from Gilgamesh th.docx
Discuss the way the idea of heroism develops from Gilgamesh th.docx
rhetttrevannion
 
Discuss the ways in which the history of the U.S. was presented in t.docx
Discuss the ways in which the history of the U.S. was presented in t.docxDiscuss the ways in which the history of the U.S. was presented in t.docx
Discuss the ways in which the history of the U.S. was presented in t.docx
rhetttrevannion
 
Discuss the value of Lean Systems Engineering to systems develop.docx
Discuss the value of Lean Systems Engineering to systems develop.docxDiscuss the value of Lean Systems Engineering to systems develop.docx
Discuss the value of Lean Systems Engineering to systems develop.docx
rhetttrevannion
 
discuss the various pathways interest groups use to influence politi.docx
discuss the various pathways interest groups use to influence politi.docxdiscuss the various pathways interest groups use to influence politi.docx
discuss the various pathways interest groups use to influence politi.docx
rhetttrevannion
 
Discuss the various tools and techniques used by an HCO to incre.docx
Discuss the various tools and techniques used by an HCO to incre.docxDiscuss the various tools and techniques used by an HCO to incre.docx
Discuss the various tools and techniques used by an HCO to incre.docx
rhetttrevannion
 
Discuss the various means by which slaves resisted the slave system..docx
Discuss the various means by which slaves resisted the slave system..docxDiscuss the various means by which slaves resisted the slave system..docx
Discuss the various means by which slaves resisted the slave system..docx
rhetttrevannion
 
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docx
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docxDiscuss the typica l clinical presentation of the diagnosis , Hip Os.docx
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docx
rhetttrevannion
 
Discuss the types of resources, tools, and methods that are availabl.docx
Discuss the types of resources, tools, and methods that are availabl.docxDiscuss the types of resources, tools, and methods that are availabl.docx
Discuss the types of resources, tools, and methods that are availabl.docx
rhetttrevannion
 
Discuss the types of items that should be examined in a firewall log.docx
Discuss the types of items that should be examined in a firewall log.docxDiscuss the types of items that should be examined in a firewall log.docx
Discuss the types of items that should be examined in a firewall log.docx
rhetttrevannion
 
Discuss the types of property, providing an example of each an.docx
Discuss the types of property, providing an example of each an.docxDiscuss the types of property, providing an example of each an.docx
Discuss the types of property, providing an example of each an.docx
rhetttrevannion
 
Discuss the type of personality it takes to become a police officer..docx
Discuss the type of personality it takes to become a police officer..docxDiscuss the type of personality it takes to become a police officer..docx
Discuss the type of personality it takes to become a police officer..docx
rhetttrevannion
 
Discuss the two major sources of crime statistics for the United Sta.docx
Discuss the two major sources of crime statistics for the United Sta.docxDiscuss the two major sources of crime statistics for the United Sta.docx
Discuss the two major sources of crime statistics for the United Sta.docx
rhetttrevannion
 
Discuss the two most prominent theories related to the stage of adul.docx
Discuss the two most prominent theories related to the stage of adul.docxDiscuss the two most prominent theories related to the stage of adul.docx
Discuss the two most prominent theories related to the stage of adul.docx
rhetttrevannion
 
Discuss the two elements required for the consent defense. In ad.docx
Discuss the two elements required for the consent defense. In ad.docxDiscuss the two elements required for the consent defense. In ad.docx
Discuss the two elements required for the consent defense. In ad.docx
rhetttrevannion
 
Discuss the Truth in Lending Act and what role it places in financia.docx
Discuss the Truth in Lending Act and what role it places in financia.docxDiscuss the Truth in Lending Act and what role it places in financia.docx
Discuss the Truth in Lending Act and what role it places in financia.docx
rhetttrevannion
 

More from rhetttrevannion (20)

Discuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docxDiscuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docx
 
Discuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docxDiscuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docx
 
Discuss theoretical considerations or assumptions relevant to yo.docx
Discuss theoretical considerations or assumptions relevant to yo.docxDiscuss theoretical considerations or assumptions relevant to yo.docx
Discuss theoretical considerations or assumptions relevant to yo.docx
 
Discuss theprinciple events of PROCESS AND THREAD used in both t.docx
Discuss theprinciple events of PROCESS AND THREAD used in both t.docxDiscuss theprinciple events of PROCESS AND THREAD used in both t.docx
Discuss theprinciple events of PROCESS AND THREAD used in both t.docx
 
Discuss the Windows Registry System Hive1) What information.docx
Discuss the Windows Registry System Hive1) What information.docxDiscuss the Windows Registry System Hive1) What information.docx
Discuss the Windows Registry System Hive1) What information.docx
 
Discuss the way the idea of heroism develops from Gilgamesh th.docx
Discuss the way the idea of heroism develops from Gilgamesh th.docxDiscuss the way the idea of heroism develops from Gilgamesh th.docx
Discuss the way the idea of heroism develops from Gilgamesh th.docx
 
Discuss the ways in which the history of the U.S. was presented in t.docx
Discuss the ways in which the history of the U.S. was presented in t.docxDiscuss the ways in which the history of the U.S. was presented in t.docx
Discuss the ways in which the history of the U.S. was presented in t.docx
 
Discuss the value of Lean Systems Engineering to systems develop.docx
Discuss the value of Lean Systems Engineering to systems develop.docxDiscuss the value of Lean Systems Engineering to systems develop.docx
Discuss the value of Lean Systems Engineering to systems develop.docx
 
discuss the various pathways interest groups use to influence politi.docx
discuss the various pathways interest groups use to influence politi.docxdiscuss the various pathways interest groups use to influence politi.docx
discuss the various pathways interest groups use to influence politi.docx
 
Discuss the various tools and techniques used by an HCO to incre.docx
Discuss the various tools and techniques used by an HCO to incre.docxDiscuss the various tools and techniques used by an HCO to incre.docx
Discuss the various tools and techniques used by an HCO to incre.docx
 
Discuss the various means by which slaves resisted the slave system..docx
Discuss the various means by which slaves resisted the slave system..docxDiscuss the various means by which slaves resisted the slave system..docx
Discuss the various means by which slaves resisted the slave system..docx
 
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docx
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docxDiscuss the typica l clinical presentation of the diagnosis , Hip Os.docx
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docx
 
Discuss the types of resources, tools, and methods that are availabl.docx
Discuss the types of resources, tools, and methods that are availabl.docxDiscuss the types of resources, tools, and methods that are availabl.docx
Discuss the types of resources, tools, and methods that are availabl.docx
 
Discuss the types of items that should be examined in a firewall log.docx
Discuss the types of items that should be examined in a firewall log.docxDiscuss the types of items that should be examined in a firewall log.docx
Discuss the types of items that should be examined in a firewall log.docx
 
Discuss the types of property, providing an example of each an.docx
Discuss the types of property, providing an example of each an.docxDiscuss the types of property, providing an example of each an.docx
Discuss the types of property, providing an example of each an.docx
 
Discuss the type of personality it takes to become a police officer..docx
Discuss the type of personality it takes to become a police officer..docxDiscuss the type of personality it takes to become a police officer..docx
Discuss the type of personality it takes to become a police officer..docx
 
Discuss the two major sources of crime statistics for the United Sta.docx
Discuss the two major sources of crime statistics for the United Sta.docxDiscuss the two major sources of crime statistics for the United Sta.docx
Discuss the two major sources of crime statistics for the United Sta.docx
 
Discuss the two most prominent theories related to the stage of adul.docx
Discuss the two most prominent theories related to the stage of adul.docxDiscuss the two most prominent theories related to the stage of adul.docx
Discuss the two most prominent theories related to the stage of adul.docx
 
Discuss the two elements required for the consent defense. In ad.docx
Discuss the two elements required for the consent defense. In ad.docxDiscuss the two elements required for the consent defense. In ad.docx
Discuss the two elements required for the consent defense. In ad.docx
 
Discuss the Truth in Lending Act and what role it places in financia.docx
Discuss the Truth in Lending Act and what role it places in financia.docxDiscuss the Truth in Lending Act and what role it places in financia.docx
Discuss the Truth in Lending Act and what role it places in financia.docx
 

Recently uploaded

The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
Jyoti Chand
 
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdfمصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
سمير بسيوني
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
deepaannamalai16
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
Himanshu Rai
 
B. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdfB. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdf
BoudhayanBhattachari
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDFLifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Vivekanand Anglo Vedic Academy
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
RidwanHassanYusuf
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
National Information Standards Organization (NISO)
 

Recently uploaded (20)

The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
 
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdfمصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
مصحف القراءات العشر أعد أحرف الخلاف سمير بسيوني.pdf
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
 
B. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdfB. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdf
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDFLifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
Lifelines of National Economy chapter for Class 10 STUDY MATERIAL PDF
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
 

This sample template is designed to assist the user in performing .docx

  • 1. This sample template is designed to assist the user in performing a Business Impact Analysis (BIA) on an information system. The template is meant only as a basic guide and may not apply equally to all systems. The user may modify this template or the general BIA approach as required to best accommodate the specific system. In this template, words in italics are for guidance only and should be deleted from the final version. Regular (non-italic) text is intended to remain. 1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the { system name}{ system acronym}. It was prepared on { insert BIA completion date}. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission.
  • 2. 2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records. 3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources. This document is used to build the { system name} Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan. 2. System Description Provide a general description of system architecture and functionality. Indicate the operating environment, physical location, general location of users, and partnerships with external organizations/systems. Include information regarding any other technical considerations that are important for recovery purposes, such as backup procedures. Provide a diagram of the architecture, including inputs and outputs and
  • 3. telecommunications connections. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP and attach the latest version of the SSP to this contingency plan. 3. BIA Data Collection Data collection can be accomplished through individual/group interviews, workshops, email, questionnaires, or any combination of these. 3.1 Determine Process and System Criticality Step one of the BIA process - Working with input from users, managers, mission/business process owners, and other internal or external points of contact (POC), identify the specific mission/business processes that depend on or support the information system. Mission/Business Process Description Pay vendor invoice Process of obligating funds, issuing check or electronic payment and acknowledging receipt If criticality of mission/business processes has not been determined outside of the BIA, the following subsections will help to determine criticality of mission/business processes that depend on or support the information system.
  • 4. 3.1.1Identify Outage Impacts and Estimated Downtime This section identifies and characterizes the types of impact categories that a system disruption is likely to create in addition to those identified by the FIPS 199 impact level, as well as the estimated downtime that the organization can tolerate for a given process. Impact categories should be created and values assigned to these categories in order to measure the level or type of impact a disruption may cause. An example of cost as an impact category is provided. Organizations could consider other categories like harm to individuals and ability to perform mission. The template should be revised to reflect what is appropriate for the organization. Outage Impacts Impact categories and values should be created in order to characterize levels of severity to the organization that would result for that particular impact category if the mission/business process could not be performed. These impact categories and values are samples and should be revised to reflect what is appropriate for the organization. The following impact categories represent important areas for consideration in the event of a disruption or impact. Example impact category = Cost · Severe - temp staffing, overtime, fees are greater than $1 million · Moderate – fines, penalties, liabilities potential $550k · Minimal – new contracts, supplies $75k Impact category: { insert category name}
  • 5. Impact values for assessing category impact: · Severe = { insert value} · Moderate = { insert value} · Minimal = { insert value} The table below summarizes the impact on each mission/business process if { system name} were unavailable, based on the following criteria: Mission/Business Process Impact Category { insert} { insert} { insert} { insert} Impact Pay vendor invoice
  • 6. Estimated Downtime Working directly with mission/business process owners, departmental staff, managers, and other stakeholders, estimate the downtime factors for consideration as a result of a disruptive event. · Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time leaders/managers are willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave continuity planners with imprecise direction on (1) selection of an appropriate recovery method, and (2) the depth of detail which will be required when
  • 7. developing recovery procedures, including their scope and content. · Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. · Recovery Point Objective (RPO). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data must be recovered (given the most recent backup copy of the data) after an outage. The table below identifies the MTD, RTO, and RPO (as applicable) for the organizational mission/business processes that rely on { system name} . Values for MTDs and RPOs are expected to be specific time frames, identified in hourly increments (i.e., 8 hours, 36 hours, 97 hours, etc.). Mission/Business Process MTD RTO RPO Pay vendor invoice 72 hours 48 hours 12 hours (last backup)
  • 8. Include a description of the drivers for the MTD, RTO, and RPOs listed in the table above (e.g., mandate, workload, performance measure, etc.). Include a description of any alternate means (secondary processing or manual work-around) for recovering the mission/business process(es) that rely on the system. If none exist, so state. 3.2 Identify Resource Requirements The following table identifies the resources that compose { system name} including hardware, software, and other resources such as data files. System Resource/Component Platform/OS/Version (as applicable) Description Web Server 1 Optiplex GX280 Web Site Host
  • 9. It is assumed that all identified resources support the mission/business processes identified in Section 3.1 unless otherwise stated. Note: Information for this section should be available from the system’s System Security Plan (SSP) and can be copied from the SSP, or reference the applicable section in the SSP and attach the latest version of the SSP to this contingency plan. 3.3 Identify Recovery Priorities for System Resources The table below lists the order of recovery for { system name} resources. The table also identifies the expected time for recovering the resource following a “worst case” (complete rebuild/repair or replacement) disruption. · Recovery Time Objective (RTO) - RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. Priority
  • 10. System Resource/Component Recovery Time Objective Web Server 1 Optiplex GX280 24 hours to rebuild or replace A system resource can be software, data files, servers, or other hardware and should be identified individually or as a logical group. Identify any alternate strategies in place to meet expected RTOs. This includes backup or spare equipment and vendor support contracts.