RIT Internal Use Only When Completed

RIT internal use only when completed

Department Business Impact Analysis

Introduction:

This form supports the collection of data referred to in the Information Security Disaster Recovery Standard located at

This is not a full business impact analysis (BIA). Its purpose is to:

1. Collect the necessary information for IT organizations to determine requirements for disaster recovery of critical applications.

2. Begin the process of collecting information necessary for departments to plan for business recovery in the event one or more critical resourcesaredisrupted.

When completed, save a copy of the form for your records and send a copy to Lynn Daley, Director of Business Continuity at .

1. Department Name

2. Division or College

3. Completed By

4. Department Functions

Provide a high-level overview of the functions that the department performs.

a. List each function and provide a short description (1 or 2 sentences or bullet points)

Classify each function as:

Critical—Information or a process/function which if corrupted, lost, interrupted or made inaccessible during a disruption would pose a significant life, safety, financial, reputation, or other risk to RIT.

Non-Critical—Information or process/function which if corrupted, lost, interrupted or made inaccessible during a disruption would pose a minimal risk to RIT. The information or process/function could be supplied through alternate means during the disruption or delayed until after the disruption.

5. Critical Applications

List all of the applications (and associated data) the department uses to support critical functions identified in section 4. If known, list any other applications that depend on or are dependent on the applications listed.

*Recovery Time Objective (RTO) – how long can the application be unavailable before there is a significant impact to the function? There should be contingency plans for performing the function if the application is not available.

**Recovery Point Objective (RPO) – how much data can be lost? Note, RIT backs up data on ITS managed servers every 24 hours. There should be procedures for determining what data was lost and how to recover any lost information.

5. Critical Information / Records

List all of the information and records that department uses or creates related to the performance of critical functions.

Note: ITS backs up all application data and file shares every 24 hours

Department should have a back-up plan for all critical information / records, as well as a plan to recover lost information / records if they should be lost or destroyed.

1

January 2014