Impact Analysis (BIA) is developed as part of the contingency planning process for the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. It was prepared for Health Network, Inc (Health Network).

/in /by

OL 533 – Information Security and Risk Management University of the Cumberlands

NOTE: BEFORE TURNING THIS IN, REMOVE THE HIGHLIGHTED TEXT.

Task 1. Complete the BIA table below and use it for the remainder of the assignment. You may want to review your Lab #07 assignment where you developed a BIA table. Information needed to create the Business Functions and Processes below are in the “Project Management Plan” scenario and the “Project Health Network Visual”. Hint: look at the processes that go from the customers and into the systems/applications in the “Project Health Network Visual”.

Business Function or Process Business Impact Factor Recovery Time Objective IT Systems/Apps Infrastructure Impacts

Task 1: Business Impact Analysis – extracts from the Boiler Plate

1. Overview

This Business Impact Analysis (BIA) is developed as part of the contingency planning process for the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system. It was prepared for Health Network, Inc (Health Network).

2. System Description

<In this section, provide a general description of the system architecture (hardware, software, databases, etc) and functionality as provided in the scenario and visual. Indicate the operating environment (i.e. Data Center, etc), physical location, general location of users, and partnerships with external organizations/systems. Include information regarding any other technical considerations that are important for recovery purposes, such as backup procedures or the lack of backup procedures.>

3.1.1 Identify Outage Impacts and Estimated Downtime

Estimated Downtime

The table below identifies the MTD, RTO, and RPO for the organizational business processes that rely on the HNetExchange Message system, HNetConnect Directory system and HNetPay Payment system.

<Complete the tables below for each system using the RTO from your BIA table and estimating the MTD and RPO based on any drivers that might determine their values (e.g., mandate, workload, performance measure, etc.).>

Mission/Business Process

For HNetExchange

 MTD RTO RPO
Mission/Business Process

For HNetConnect

 MTD RTO RPO
Mission/Business Process

For HNetPay

 MTD RTO RPO

Task 2: Business Continuity Plan – extracts from the Boiler Plate

<After discussions with management, the organization implemented the following Back-up Plan: all database files are backed-up to tape at the end of the day. These tapes are then stored offsite. The HNetPay data is backed-up daily and retained for 6 months. The HNetMessage messages are backed-up daily and retained for 3 months. All other data is backed-up weekly and retained for 60 days. If the BCP is executed, the most current tapes are copied and mailed to the alternate site.

Modify the statements below to reflect this decision. FAILURE TO MODIFY THIS SECTION WILL RESULT IN DEDUCTED POINTS!!!!>

Emergency management standards

Data backup policy

Full and incremental backups preserve corporate information assets and should be performed on a regular basis for audit logs and files that are irreplaceable, have a high replacement cost, or are considered critical. Backup media should be stored in a secure, geographically separate location from the original and isolated from environmental hazards.

Department-specific data and document retention policies specify what records must be retained and for how long. All organizations are accountable for carrying out the provisions of the instruction for records in their organization.

IT follows these standards for its data backup and archiving:

Tape retention policy

Backup media is stored at locations that are secure, isolated from environmental hazards, and geographically separate from the location housing the system.

 

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"