Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis



Similar documents
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Disaster Recovery and Business Continuity Plan

Business Continuity Planning (800)

Preventing Downtime from Data Loss and Server Failure

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

With 57% of small to medium-sized businesses (SMBs) having no formal disaster

Business Continuity Plan

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

ITSM Tools Operation Continuity Plan Example

Disaster Recovery Planning Procedures and Guidelines

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

DISASTER RECOVERY PLAN

Business Resiliency Business Continuity Management - January 14, 2014

a Disaster Recovery Plan

DISASTER RECOVERY PLANNING GUIDE

Business Continuity Management

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

CONTINUITY AND RECOVERY PLANNING GUIDE

The Shift Cloud Computing Brings to Disaster Recovery

Business Continuity and Disaster Recovery Planning

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Contents. About Perpetuuiti. Continuity Vault. Continuity Patrol. Ops Central. Questions & Answers. Section 2. Section 3. Section 4.

OFFICE OF AUDITS & ADVISORY SERVICES IT DISASTER RECOVERY AUDIT FINAL REPORT

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

The Disaster Recovery Self-Assessment Guide and Validation Model. Jim Kates Cognizant Technology Solutions

Temple university. Auditing a business continuity management BCM. November, 2015

Virginia Commonwealth University School of Medicine Information Security Standard

Western Intergovernmental Audit Forum

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business Continuity Glossary

How to Design and Implement a Successful Disaster Recovery Plan

The Difference Between Disaster Recovery and Business Continuance

Subject Area 3 Business Impact Analysis

How to measure your business resiliency

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

DRAFT Disaster Recovery Policy Template

HA / DR Jargon Buster High Availability / Disaster Recovery

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Business Continuity Planning and Disaster Recovery Planning

C I T Y O F W E S T L I N N

SAMPLE IT CONTINGENCY PLAN FORMAT

Security Architecture. Title Disaster Planning Procedures for Information Technology

Business Continuity Planning Guide

D2-02_01 Disaster Recovery in the modern EPU

Overview of how to test a. Business Continuity Plan

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

I.T. Disaster Recovery Plan

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Mastering Disaster Recovery: Business Continuity and Virtualization Best Practices W H I T E P A P E R

Best Practices in Disaster Recovery Planning and Testing

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Flinders University IT Disaster Recovery Framework

Business Continuity Planning

Service Availability Metrics

Operational Continuity

Abhi Rathinavelu Foster School of Business

Desktop Scenario Self Assessment Exercise Page 1

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Validating Enterprise Systems: A Practical Guide

Ohio Conference for Payroll Professionals Disaster Recovery

BUSINESS CONTINUITY PLAN

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Ohio Supercomputer Center

NAS 254 Cloud Backup. Use Cloud Backup to backup your data to Amazon S3 A S U S T O R C O L L E G E

EXECUTIVE SUMMARY 1.1 PROJECT OBJECTIVES

The Benefits of Continuous Data Protection (CDP) for IBM i and AIX Environments

Business Continuity: Choosing the Right Technology Solution

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant.

Infrastructure Engineer

Business Continuity Management Policy

How To Manage A Disruption Event

Creating a Business Continuity Plan for your Health Center

Transcription:

Application / Hardware - Business Impact Analysis Template The single most important thing we can do is help you understand the criticality of each application, supporting hardware/server/pc and the required network infrastructure, should you experience any type of unplanned disruption. This template is intended to be a high-level summary of your critical business applications, servers, and business functions. It will assist you in accessing recovery options for each application based upon the impact to you business if any of these applications are not available for a specific period of time. The objectives of this BIA are to: 1. Identify key business and revenue drivers 2. Identify RTO and RPO for essential business functions and processes 3. Identify the impact, if critical business functions cannot operate due to an unplanned disruption 4. Quantify monetary and workflow impacts if critical business functions cannot operate 5. Identify intangible impacts if critical business functions cannot operate 6. Identify high-level minimum acceptable recovery configurations (MARC) and resources required to support critical business functions 7. Identify existing continuity documentation and incident response plans. Review current business continuity preparedness 8. Identify internal and external dependencies such as technology, telecommunications, records and service organizations 9. Recommend strategic and tactical steps required to minimize the impact of an interruption on critical business functions MARC Configuration Requirements Identify the Minimum Acceptable Recovery Configuration (MARC) requirements, i.e., the high-level facility, equipment, telecom capacities required to continue essential operations for the business areas analyzed. 1. Review the data backup, availability and recovery strategy in place for restoring the essential data 2. Review selected data synchronization/backup solutions to verify that data is readily available and not corrupt to support data restoration and recovery 3. Identify the recovery configuration facilities required to support initial recovery operation, e.g., how many people, what types of space, what equipment and when it is needed for following an interruption 4. Identify non-hotsite alternate processing options that shall meet the recovery requirements (e.g., internal/alternate sites) 5. Identify hardware capacities for subsequent recovery windows (e.g., equipment and facilities, by time, to be acquired and installed at time of disaster) 6. Create written documentation of essential applications and supporting technology (e.g., network, servers, etc) that are required to recover 7. Written procedures for developing equipment acquisitions 8. Written recovery plan detailing what each individuals responsibilities are depending on the type of outage If the original site must be restored or replaced, the following are some of the factors to consider: 1. What is the projected availability of all needed computer equipment? 2. Will it be more effective and efficient to upgrade the computer systems with newer equipment? 3. What alternative telecom is available to support the recovery process? 4. Is there an alternative site that more readily could be upgraded for business purposes? 5. Is there ample space for personnel to conduct business and required basic equipment; phones, fax, desks, etc

Priority Applications/Servers List the priority applications/servers that drive your business, the most critical periods when these applications are required and access the overall impact to your company if you cannot perform these functions. Two key elements that must be considered within any disaster recovery plan are the: Recovery Time Objective (RTO), the acceptable amount of time required to recover the business function after an outage, in laymen s terms, how long can you be down without these applications running? Recovery Point Objective (RPO), the time allowed to elapse since the last backup of your data prior to the outage, in laymen s terms, how much data can you afford to lose? (Examples include accounting software, email communications, website, payroll, etc.) Applications Critical Periods RPO RTO Server Impact on Business None, Low, Medium, High Example: email Daily 1day 1 day Email High Example: Payroll 15th and 30th 7 days 7 days Desktop 1 Low can cut manual checks temporarily

Backup Details For some companies, it is easier to list servers and personal computers because multiple applications reside on each. It is recommended that all critical server and critical personal computer data be backed up. Copies of the personal computer files can be uploaded to a server just before a complete save of the system is done. Personal computer backups are then saved with the normal system save procedure. This provides for a more secure backup of personal computer-related systems where a local area disaster could wipe out important personal computer systems. Are there Excel spreadsheets, etc on personal computers that are critical to your business? Personal computers can also be backed up by other solutions. Copy the key applications that you listed in the previous section and fill in the rest of the details. Priority Applications Storage Location Amount of Data MG/GIGS Name, Type of Device Storage Media Approximate Restoration time

1. Quantifiable impacts, by time: a. Lost sales / revenue (e.g., lost new business) b. Lost production (e.g., impact from failing to successfully deliver service) c. Delayed revenue (e.g., cash flow) d. Additional operating costs (e.g., overtime, additional costs) e. Key internal operational statistics (i.e., transaction volumes) 2. Non-quantifiable impacts or consequences: a. Impact on regulatory and reporting requirements b. Intangible impacts such as customer service, image, investor confidence, and reputation c. Employee and societal health and safety consequences (e.g., environmental, employee morale, indirect community financial impacts) d. Operational impact (e.g., workflow) 3. Continuity preparedness and exposures identified during the data gathering process, including the data center/equipment and business units, noting such capabilities and exposures as: a. Operational contingency capabilities (e.g., manual fallback capabilities) b. Existing alternate processing options (e.g., dispersed operating capabilities) c. General level of preparedness (e.g., records protection program, departmental computer data backup and off-site rotation, etc.) 4. Other recommendations and observations

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information