1. Performa BIA assessment and fill in the following chart:
Business Business Recovery IT Systems/Apps Function Or Impact Time Infrastructure Process Factor Objective Impacts Internal and Critical Within the Server,Internet external voice hour Network,Telephone communications System with customers in real-time Internal and Major Within an Internet, Network, external e-mail day Email Sever communications with customers via store and forward messaging DNS – for Minor Within an DNS Server, VOIP internal and hour network external IP communications Internet Major Within an Email server, connectivity for day Internet network e-mail and store and forward customer service Self-service Major Within the Server, Internet website for day network customer access to information and personal account information. e-Commerce Critical Within an Internet site for online hour network,Server customer purchases or scheduling 24x7x365 Payroll and Critical Within an Server, Internet human hour network resources for employees Real-time Critical Within an Internet customer hour network,Server service via website, e-mail, or telephone requires CRM Network Critical Within an Network, management hour Helpdesksupport and technical support Marketing and Minor Within the Web Server, Point of events month Sales system Sales orders or Major Within an Orders customer/ hour Database,registration student database, registration Internetwork ,Server Remote branch Minor Within an Remote office sales day access,Internetwork, order entry to VPN headquarters Voice and e- Major Within the Remote mail hour access,Internetwork, communications VPN,Server, VOIP to remote branches Accounting and Critical Within the Finance finance support: hour server,Internetwork Accts payable, Accts receivable, etc.
Internal and external voice communications with customers in real-time Critical
Internal and external e-mail communications with customers via store and Major forward messaging DNS – for internal and external IP communications Minor Internet connectivity for e-mail and store and forward customer service Major Self-service website for customer access to information and personal account Major information. e-Commerce site for online customer purchases or scheduling 24x7x365 Critical Payroll and human resources for employees Critical Real-time customer service via website, e-mail, or telephone requires CRM Critical Network management and technical support Critical Marketing and events Minor Sales orders or customer/ student registration Major Remote branch office sales order entry to headquarters Minor Voice and e-mail communications to remote branches Major Accounting and finance support: Accts payable, Accts receivable, etc. Critical Lab Assessment Questions
1. What is the goal and purpose of a BIA?
The Business Impact Assessment (BIA) gathers the information needed to predict the consequences of disruptions to business functions and processes and to develop recovery strategies.
2. Why is a business impact analysis (BIA) an important first step in
defining a business continuity plan (BCP)? BIA identifies critical or non-critical business functions. The BIA estimates the costs associated with a failure, including loss of cash flow, salaries of key personnel to repair the failure, and the cost of new equipment. BIA provides a framework for building over BCP.
3. How does risk management and risk assessment relate to a business
impact analysis for an IT infrastructure? Risk identification is necessary to determine the impact on your IT infrastructure. The assessment prioritizes the categories and risks.
4. What is the definition of Recovery Time Objective (RTO)? Why is
this important to define in an IT Security Policy Definition as part of the Business Impact Analysis (BIA) or Business Continuity Plan (BCP)? RTO applications can fail and represent the time from system loss to recovery without significant business damage. 5. True or False - If the Recovery Point Objective (RPO) metric does not equal the Recovery Time Objective (RTO), you may potentially lose data or not have data backed-up to recover. This represents a gap in potential lost or unrecoverable data. False, RPO can be 30 minutes and RTO can be 1 hour. RPO depends on backup. This is because data that was not backed up before the error can be deleted.
6. If you have an RPO of 0 hours – what does that mean?
RPO of 0 hours : means that no committed data should be lost when media loss occurs
7. What must you explain to executive management when defining
RTO and RPO objectives for the BIA? RPO determines the maximum amount of data loss that an organization can tolerate. Organizations may need to recover this data before it fails. It will cost you a lot. Other databases can retrieve data once a week
8. What questions do you have for executive management in order to
finalize your BIA? If there is money in the budget for a separate backup site, how many of the backup servers will be stored there? How often will we need to do a full back-up? 9. Why do customer service business functions typically have a short RTO and RPO maximum allowable time objective? Business customer service positions usually have shorter RTOs because they require shorter time intervals. The RPO should be as short as possible. Because time means money when it comes to customer service.
10. In order to craft back-up and recovery procedures, you need to
review the IT systems, hardware, software and communications infrastructure needed to support business operations, functions and define how to maximize availability. This alignment of IT systems and components must be based on business operations, functions, and prioritizations. This prioritization is usually the result of a risk assessment and how those risks, threats, and vulnerabilities impact business operations and functions. What is the proper sequence of development and implementation for these following plans? Business Continuity Plan : 2 Disaster Recovery Plan : 3 Risk Management Plan : 4 Business Impact Analysis : 1
The MSP’s Guide to the Ultimate Client Experience: Optimizing service efficiency, account management productivity, and client engagement with a modern digital-first approach.