Scribd
Upload
14 views

Lab7-IAP301-IA1802-HE172600

The document outlines a Business Impact Analysis (BIA) for an IT infrastructure, detailing critical business functions, their impact factors, and corresponding recovery time objectives (RTOs). It also presents a Business Continuity Plan (BCP) policy for ABC Credit Union, emphasizing the importance of maintaining operations during disruptions and the roles of various teams in recovery efforts. Additionally, it addresses key assessment questions related to the necessity of policies in business continuity and disaster recovery planning.

Uploaded by

chudang24k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14 views

Lab7-IAP301-IA1802-HE172600

The document outlines a Business Impact Analysis (BIA) for an IT infrastructure, detailing critical business functions, their impact factors, and corresponding recovery time objectives (RTOs). It also presents a Business Continuity Plan (BCP) policy for ABC Credit Union, emphasizing the importance of maintaining operations during disruptions and the roles of various teams in recovery efforts. Additionally, it addresses key assessment questions related to the necessity of policies in business continuity and disaster recovery planning.

Uploaded by

chudang24k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Lab #7 – Assessment Worksheet

Identify Necessary Policies for Business Continuity – BIA & Recovery Time Objectives
Course Name: IAP301
Student Name: DangCLMHE172600
Instructor Name: Hoàng Tuấn Anh
Lab Due Date: 6/3/2025
PART A – Sample Business Impact Analysis for an IT Infrastructure
Overview
When conducting a BIA, you are trying to assess and align the affected IT systems, applications,
and resources to their required recovery time objectives (RTOs). The prioritization of the
identified mission critical business functions will define what IT systems, applications, and
resources are impacted. The RTO will drive what type of business continuity and recovery steps
are needed to maintain IT operations within the specified time frame.
1. Sample BIA with prioritization in (parentheses):
Business Function or Business RTO/RPO IT Systems/Apps
Process Impact Factor Infrastructure Impacts
Internal and external e- Critical 8 hours/0 hour Email server, LAN, WAN
mail communications network
with customers via
store and forward
messaging
Internal and external Critical 8 hours/0 hour Intra/Internet, Network,
voice communications Email serve
with customers in real-
time
DNS – for internal and Minor 48 hours/24 hours Email server, DNS, network
external IP
communications
Internet connectivity Minor 48 hours/24 hours Web servers, email server,
for email and store and LAN, WAN network
forward customer
service
Self-service website for Critical 2 hours/0 hour Web servers, customer
customer access to database, account
information and application, WAN network
personal account
information
e-Commerce site for Critical 1 hour/0 hour Web servers, inventory
online customer database, scheduling
purchases or application, purchase
scheduling 24x7x365 application, WAN network,
internet access
Payroll and human Major 24 Employee database, payroll
resources for application, LAN network
employees
Real-time customer Critical 2 hours/0 hour Web servers, email servers,
service via website, e- CRM application, CRM
mail, or telephone database
requires CRM
Network management Major 24 hours/12 hours LAN, WAN network,
and technical support internet access, remote
management
Marketing and events Minor 1 week/3 days Marketing and event
planning application
Sales orders or Critical 2 hours/0 hour Web server, account
customer/student application, internet
registration access, inventory database
Remote branch office Critical 8 hours/0 hour VPN application, internet
sales order entry to access, inventory database
headquarters
Voice and e-mail Critical 8 hours/0 hour Email server, DNS, LAN,
communications to WAN network
remote branches
Accounting and finance Major 24 hours/12 hours Account application,
support: Accts payable, customer and employee
Accts receivable, etc. database, LAN network

PART B – Craft a Business Continuity Plan Policy – Business Impact Analysis


ABC Credit Union
Policy Name
Policy Statement
This BCP policy is aimed to ensure that all business activities can be kept at normal or near-
normal performance following an incident that has the potential to cause a major disruption
business activity. And BIA helps gather information needed to develop recovery strategies.
Purpose/Objectives
The main purpose of this policy and the BIA is to define the critical factor of union and protect it
with recovery immediately in case a disaster happens and reduce the loss that the factor might
cause. Therefore, it helps ensure the availability of services and ABC Credit Union’s reputation.
Scope
This policy applies to all employees in ABC Credit Union and ABC’s branches, to all facilities
and equipment owned by ABC, and to all processes and services associated with the business
operations.
Standards
The recovery time objective (RTO) is the length of time within which a business process should
be recovered after an outage or downtime. It does not relate to the dependent components, such
as the technology. The RTO is the measurement of how quickly individual business processes
can be recovered. The RTO is a natural extension of the BIA. It identifies the maximum allowed
downtime for a business process.
RTO policies often include a discussion of recovery point objectives (RPOs). The RPO is the
maximum acceptable level of data loss from the point of the disaster. The RTO and RPO may not
be the same value.
Procedures
After any disaster or incident occurs impact the ABC Credit Union, Incident Assessment Team
will determine it. Then the Disaster Recovery Team will notify and recover the facilities, services
and processes which are affected.
Guidelines
This policy is implemented by the Executive Management, the Chief Information Officer and
Incident Management Team. Any changes to this policy will be under control of Executive
Management, the Chief Information Officer and Incident Management Team. If there is any
question or requirement, contact the Executive Management to have more information.
Lab Assessment Questions & Answers
1. Why must an organization define policies for an organization’s Business Continuity and
Disaster Recovery Plans?
To ensure that organizations can recover from disaster and continue the business as soon as
possible and also reduce the loss that disaster caused.
2. When should you define a policy definition and when should you not define one?
You should define when there are procedures or rules that needed to be documented and
implemented, but not for every minor factor. A big one is better.
3. What is the purpose of having a Business Continuity Plan policy definition that defines the
organization’s Business Impact Analysis?
The BIA is the initial step in the business continuity planning process when classifying the assets
based on their importance and risk level. This makes things easier for BCP because we know
which one needs more attention and recovery first.
4. Why is it critical to align the RTO and RPO standards within the policy definition itself?
It is important because it should be clear that RPO can never be higher than RTO which would
impact business continuity. If this happens, the organization can define it and find a solution.
5. What is the purpose of a Business Impact Analysis (BIA)?
The main intent of a BIA is to identify which assets are required for the business to recover and
continue doing business.
6. Why is a business impact analysis (BIA) an important first step in defining a business
continuity plan (BCP)?
It helps identify and classify factors that can impact the organization so things come easier for
BCP because we know which one needs more attention and recovery first.
7. How does risk management and risk assessment relate to a business impact analysis for an IT
infrastructure?
Risk management shows the amount of risk in making a business deal and risk assessment
identifies resources and associated risks, safeguards and techniques for mitigation.
8. True or False – If the Recovery Point Objective (RPO) metric does not equal the Recovery
Time Objective (RTO), you may potentially lose data or not have data backed-up to recover. This
represents a gap in potential lost or unrecoverable data.
True
9. What question should an organization answer annually to update its BCP, BIA, and RTOs and
RPOs?
- Is there any new asset?
- Have assets’ criticality changed?
- Are there new vulnerabilities for current assets?
- Are the RTO and RPO still acceptable?
10. Why is it a good idea to have critical documentation recordkeeping defined in a policy
definition?
It helps when there is a similar incident, we can solve it more efficiently.

You might also like