Jeff Fetherolf - Central Ohio ISSA

advertisement
By Jeff Fetherolf
Business Impact Analysis (BIA)
A process of having the business process owners, business subject matter experts, etc.
identify the criticality of a business’ processes by assessing its Financial and operational
/ Intangible impacts as a result of unavailability. While completing a BIA for each
business process these individuals will also identify the Applications and that support
each business process.
Application Impact Analysis (AIA)
A process of having the an Information Technology (IT) individual assess the criticality,
priority, etc. of an Application.
Cost Benefit Analysis (CBA)
The process of evaluating the Total Cost of Ownership (TCO) against the amount of
Risk Reduction.
30 Days
07 Days
04 Days
03 Days
02 Days
24 Hours
08 Hours
02 Hours
04 Hours
Recovery Time
Time of Disaster
05 Min
15 Min
30 Min
45 Min
60 Min
Recovery Time Objective (RTO):
Organization’s Acceptable Amount of IT
Absence
Recovery Time Achievable (RTA):
Based on Resources, Processes, etc., the
true / realistic recovery time of the
organization
Time of Disaster
02 Hours
60 Min
45 Min
30 Min
15 Min
05 Min
24 Hours
08 Hours
04 Hours
02 Days
03 Days
04 Days
07 Days
30 Days
Recovery Point Objective
Recovery Point Objective (RPO):
Organization’s Acceptable Amount of Data
Loss
Recovery Point Achievable (RPA):
Based on Resources, Processes, etc., the
true / realistic recovery point of the
organization
Process
Mapping
Data
Mapping
Business
Impact
Analysis
Storage
Mapping
Asset
Mapping
• Identify each Department’s Business Processes
• Identify the criticality of each Business Process
• Identify the interdependencies between
Business Processes and Departments
• Identify the Data Elements (Variables) for each
Application
• Identify how the Data Elements are utilized with each
Business Process
• Identify how each Department utilizes the Data Elements
• Identify the Criticality & Sensitivity of the Data Elements
• Identify the required Storage to support the
Recovery Time Objective requirements of the Business
• Identify the location of the Critical and Sensitive Data
• Identify, using Cost Benefit Analysis, the need to
segregate Data by Tier
• Identify the Hardware and Software (HW/SW) for each
Application
• Identify HW/SW utilized by each Business Process
• Identify the criticality of HW/SW
• Business Impact Analyses provide Business Processes’ and Applications’
Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)
• Business Impact Analyses can also create a bridge between
Business Processes, Data Elements, Storage, and Assets
Download