IT Examiner School, Providence, RI

Conduct a Business Impact Analysis (BIA) and Risk Assessment

•Prioritize all business functions  and operations, not just IT. •Determine maximum downtime  for each function (recovery time  objectives), minimum levels of  service, and maximum tolerable  financial losses. •Establish minimum frequency in  which backups must be made  (recovery point objectives).

A BIA identifies the  potential impact of  business disruptions.  It  should: 

A BIA should be  developed based on goals  for recovery based on  customer expectations  and operational needs,  not on how rapidly or  slowly recovery would  actually take place.  

Risk Assessment Considerations

Proximity to critical  infrastructure,  including power and  telecommunication  sources,  transportation hubs

Services provided by  the institution.

Location in a flood  plain,  hurricane/tornado/ear thquake‐prone area.