<<Area Name>> -- Business Impact Analysis (BIA) Matrix
No.*
Process
Description
Recovery
Time
Objective
(RTO)
Customer Cash Flow Additional Regulatory University
Impact
Expenses
/ Legal / Reputation
Impact
(1-3)
(1-3)
Contract
(1-3)
(1-3)
Liability
(1-3)
SLA Health and Internal
Safety
Staff
(1-3)
Impact
Product(1-3)
ivity
Impact
(1-3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Loss of
Business
Opportunities
(1-3)
Total
Score
Critical Delivery
Period(s)
Process and
Technology
Dependencies
Additional Comments
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
* At the end of the analysis, this number will indicate the process recovery sequence.
Choose from the following:
1 = immediately 2 = within 4 hours 3 = within 8 hours 4 = within 24 hours 5 = within 48 hours 6 = within 72 hours 7 = within one week 8 = within two weeks 9 = after two weeks
For all (1-3) scoring choices:
1 = high
OSU Confidential
2 = medium
3 = low
3/27/2009
Page 1
�Glossary:
Process: The business process or business function to be analyzed.[1]
Recovery Time Objective (RTO): The period of time within which systems, applications, or functions must be recovered after an outage... [2]
after which point the loss of this service would begin to have significant impact upon the financial [or general] well-being of the organization.[3]
Percent of Departmental Budget / Revenue: The percent (to the nearest whole) of the Departments budget / revenue for the execution of the process.
Customer Impact: The impact an extended outage* would have on the customer.
Cash Flow Impact: The impact an extended outage would have on receivables due to inability to receive / process payments, delayed billings, etc.
Additional Expenses: Additional manpower, overtime, equipment, materials, supplies, and/or contractors required to compensate for the extended outage*;
this does not include the cost of actually restoring the process.
Regulatory / Legal / Contract Liability: Sanctions, fines, grievances, and/or litigation costs associated with an extended outage.
U i
University
it Reputation:
R
t ti
Th impact
The
i
t an extended
t d d outage
t
would
ld have
h
on the
th generall reputation
t ti off The
Th Ohio
Ohi State
St t University.
U i
it
SLA: The impact an extended outage would have on all Service Level Agreements between the Department and other entities.
Health and Safety Impact: The impact an extended outage would have on the ability to secure the heath and safety of faculty, staff, students, and other persons at the University.
Staff Productivity Impact: The impact an extended outage would have on all departmental staff to perform their normal functions.
Loss of Business Opportunities: The impact an extended outage would have on future business.
Critical Delivery Period(s): Times during the year, month, or week where the continued execution of this process is most important
Process and Technology Dependencies: Major processes or technologies upon which this process depends
* Extended Outage = the business process / function is unavailable past the designated RTO
Remember: When performing the analysis for each process, consider only one particular process / function at a time;
do not consider downstream or domino effects on other processes.
[1] In cases where it is important for analysis, this may be an application.
[2] DRII / DRJ Business Continuity Glossary, p. 13.
[3] A Guide to Business Continuity Planning, James C. Barnes, p. 70.
OSU Confidential
3/27/2009
Page 2
�<<Area Name>> -- Plan and Process Asset Assignment Matrix
Process
Software
Ex: Payroll
Adobe After Effects
Description
Motion graphics and effects application for
video broadcasting
Recovery
Point
Objective
(RPO)*
im
m
ed
ia
te
ly
w
i th
in
4
ho
ur
s
w
i th
in
8
ho
ur
w
s
i th
in
24
ho
w
ur
i th
s
in
48
ho
w
ur
i th
s
in
72
ho
w
ur
i th
s
in
1
w
e
w
ek
i th
in
2
w
ee
af
ks
te
r2
w
ee
ks
Assign Software to Processes: Indicate how many instances of each software you require for each process over time (cumulative)
Total
4
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
*RPO = point in time to which data must be restored in order to be acceptable to the owner(s) of the processes supported by that data
Equipment by
Process
Payroll
NA
Equipment or Workstations Description
Two-Way Radio
Hand-held radio allowing for person-to-person
Standard Laptop
Pentium 1.6GHz, 512MB RAM, 40GB HD, etc
im
m
ed
ia
te
ly
w
i th
in
4
ho
ur
s
w
i th
in
8
ho
ur
w
s
i th
in
24
ho
w
ur
i th
s
in
48
ho
w
ur
i th
s
in
72
ho
w
ur
i th
s
in
1
w
e
w
ek
i th
in
2
w
ee
af
ks
te
r2
w
ee
ks
Assign Equipment to Processes: Indicate how many units of each type of equipment you require for each process over time (cumulative)
1
1
4
2
Total
4
2
0
0
0
0
0
0
0
0
0
0
0
0
0
�Assign Telecommunications to Plan: Indicate essential telephone numbers or circuits for your plan
Circuit Name
Department Help Line
Tele #
Transfer or Forward to?
Dedicated help desk number for OIT
Ex: 688-HELP
VAU?
N
Assign Vital Records to Processes: Indicate essential vital records for each process
Process
Ex: Payroll
Record Name & Description
"XYZ Server Reset
Instructions":
Onsite and Offsite Locations
Attach to
Plan?
N
Media
Type
LAN/Electronic
Network Location
N:\Example\Docs_and_Handouts\Reset\"XYZResetIn
structions"
RTO
4 hours
�<<Area Name>> -- Risk Identification and Tracking Matrix
ID #
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Plan Name
Risk
Description
Mitigation Strategy
Person Assigned
Priority
Tier
(1 - 3)
Target
Completion
Date
Status
�44
45
46
47
48
49
50
