milestone 3

docx

School

Ivy Tech Community College, Indianapolis *

*We aren’t endorsed by this school

Course

260

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

5

Uploaded by SuperAtomPartridge28

Report
Contents 1. Overview ............................................................................................................................................. 2 1.1 Purpose ........................................................................................................................................ 2 2. System Description .............................................................................................................................. 2 3. BIA Data Collection ............................................................................................................................ 2 3.1 Determine Process and System Criticality ................................................................................... 3 3.1.1 Identify Outage Impacts and Estimated Downtime .............................................................. 3 3.2 Identify Resource Requirements .................................................................................................. 4 3.3 Identify Recovery Priorities for System Resources ...................................................................... 4
1. Overview This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the Costal Veterinary Practice Management Software (CVPMS) . It was prepared on 12/03/2023. 1.1 Purpose The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable. The BIA is composed of the following three steps: 1. Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime. The downtime should reflect the maximum that an organization can tolerate while still maintaining the mission. 2. Identify resource requirements. Realistic recovery efforts require a thorough evaluation of the resources required to resume mission/business processes and related interdependencies as quickly as possible. Examples of resources that should be identified include facilities, personnel, equipment, software, data files, system components, and vital records. 3. Identify recovery priorities for system resources. Based upon the results from the previous activities, system resources can more clearly be linked to critical mission/business processes. Priority levels can be established for sequencing recovery activities and resources. This document is used to build the (CVPMS) Information System Contingency Plan (ISCP) and is included as a key component of the ISCP. It also may be used to support the development of other contingency plans associated with the system, including, but not limited to, the Disaster Recovery Plan (DRP) or Cyber Incident Response Plan. 2. System Description The Costal Veterinary Clinic has a small LAN with an on-site server, four computers and Internet access. The server supports the client database as well as the veterinary practice management software. IT support for the LAN and computers are outsourced to a local solution services company and they have a service level agreement in place for a 4-hour response time in the event of a computer malfunction. The server has a full backup done to tape once a week on Saturdays, and the full backup is stored off-site in Orlando, Florida. There are also incremental data backups that are done daily, and they are stored off-site as well. The incremental data backups are taken off-site 3 times a week. 3. BIA Data Collection Data collection can be accomplished through individual/group interviews, workshops, email, questionnaires, or any combination of these. Additional data can be gathered using documents and research, but this data should be gathered only to support or supplement data gathered through direct contact with business subject matter experts.
3.1 Determine Process and System Criticality Step one of the BIA process - Working with input from users, managers, mission/business process owners, and other internal or external points of contact (POC), identify the specific mission/business processes that depend on or support the information system. Mission/Business Process Description Pay vendor invoice Process of obligating funds, issuing check or electronic payment and acknowledging receipt 3.1.1 Identify Outage Impacts and Estimated Downtime Outage Impacts The following impact categories represent important areas for consideration in the event of a disruption or impact. Impact category: { insert category name } Impact values for assessing category impact: Severe = { insert value } Moderate = { insert value } Minimal = { insert value } The table below summarizes the impact on each mission/business process if (CVPMS) is unavailable, based on the following criteria: Mission/Business Process Impact Category { insert } { insert } { insert } { insert } Impact Pay vendor invoice Estimated Downtime Working directly with mission/business process owners, departmental staff, managers, and other stakeholders, estimate the downtime factors for consideration as a result of a disruptive event. Maximum Tolerable Downtime (MTD). The MTD represents the total amount of time leaders/managers are willing to accept for a mission/business process outage or disruption and includes all impact considerations. Determining MTD is important because it could leave continuity planners with imprecise direction on (1) selection of an appropriate recovery method, Example impact category = Cost Severe - temp staffing, overtime, fees are greater than $1 million Moderate – fines, penalties, liabilities potential $550k Minimal – new contracts, supplies $75k
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
and (2) the depth of detail which will be required when developing recovery procedures, including their scope and content. Recovery Time Objective (RTO). RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. Recovery Point Objective (RPO ). The RPO represents the point in time, prior to a disruption or system outage, to which mission/business process data must be recovered (given the most recent backup copy of the data) after an outage. The table below identifies the MTD, RTO, and RPO (as applicable) for the organizational mission/business processes that rely on (CVPMS) Values for MTDs and RPOs are expected to be specific time frames, identified in hourly increments (i.e., 8 hours, 36 hours, 97 hours, etc.). Mission/Business Process MTD RTO RPO Pay vendor invoice 72 hours 48 hours 12 hours (last backup) 3.2 Identify Resource Requirements The following table identifies the resources that compose (CVPMS) hardware, software, and other resources such as data files. System Resource/Component Platform/OS/Version (as applicable) Description Web Server 1 Optiplex GX280 Web Site Host It is assumed that all identified resources support the mission/business processes identified in Section 3.1 unless otherwise stated. 3.3 Identify Recovery Priorities for System Resources The table below lists the order of recovery for (CVPMS) resources. The table also identifies the expected time for recovering the resource following a “worst case” (complete rebuild/repair or replacement) disruption. Recovery Time Objective (RTO) - RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD. Determining the information
system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. Priority System Resource/Component Recovery Time Objective Web Server 1 Optiplex GX280 24 hours to rebuild or replace

Related Documents

Chapter 5 Mini Case - Digital Transformation_Innovation and Entreprenuership.docx
Module 8 Lab.docx
CYBR430 Week 8 Lab..docx
Module 9 Lab.docx
CYBR430 Week 2 lab.docx
Reasa-attachment_1.docx.pdf
week 8.pdf
ethical hacking - assignment 1.pdf
ITNW 1354 Module 1 Mastery Assessment Lab v22-4.pdf
ITM550 CASE 3.docx
ITM550 SLP 2.docx
Course Project Milestone 1.docx