Create a Business Impact Analysis executive summary report for management
Student Lab Manual
-46-
Laboratory #7 Lab #7: Perform a Business Impact Analysis for a Mock IT Infrastructure Learning Objectives and Outcomes
Upon completing this lab, students will be able to:
• Define the goal and objective of a Business Impact Analysis (BIA)
• Identify where a Business Impact Analysis (BIA) fits within a Business Continuity Plan (BCP)
• Identify mission critical applications and access to data requirements for a given scenario
• Perform a Business Impact Analysis (BIA) utilizing a qualitative assessment approach
• Create a Business Impact Analysis executive summary report for management
Required Setup and Tools This is a paper-based lab and does not require the use of a “mock” IT infrastructure or virtualized server
farm.
The standard Instructor and Student VM workstation with Microsoft Office 2007 or higher is required for
this lab. Students will need access to their completed, Lab #4 –Assessment Worksheet, Part A – Perform
a Qualitative Risk Assessment for an IT Infrastructure prioritizing the risks, threats, and vulnerabilities
identified from the qualitative risk assessment.
In addition, Microsoft Word is a required tool for the student to craft a BIA utilizing a qualitative
assessment approach to prioritize mission critical applications, data, and IT systems and elements that are
required to maintain business continuity. An executive summary report is also required for management
along with answering and submitting the Lab #7 – Assessment Worksheet questions.
Recommended Procedures Lab #7 – Student Steps:
Student steps needed to perform Lab #7 – Perform a Business Impact Analysis for an IT Infrastructure:
1. Connect your removable hard drive or USB hard drive to a classroom workstation.
2. Boot up your classroom workstation and DHCP for an IP host address.
3. Login to your classroom workstation and enable Microsoft Word.
4. Review Figure 2 – “Mock” IT Infrastructure.
Student Lab Manual
Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -47-
5. Identify the scenario/vertical industry you were provided in Lab #4 – assigned by your Instructor:
a. Healthcare provider under HIPPA compliance law
b. Regional bank under GLBA compliance law
c. Nationwide retailer under PCI DSS standard requirements
d. Higher-education institution under FERPA compliance law
6. Conduct a BIA by assigning a qualitative business impact value for each identified business
functions and operations: Critical, Major, or Minor or None.
7. From this prioritization, identify the IT systems, applications, and resources that are impacted.
8. Assess the recovery time objectives needed for the IT systems, applications, and resources.
9. Complete Lab #7 – Assessment Worksheet, Part A – BIA Process Flow Sheets and Part B –
Assessment Questions.
10. Craft a four-paragraph executive summary according to the following outline:
a. Goals and purpose of the BIA – unique to your scenario
b. Summary of Findings – business functions and assessment
c. Prioritizations – critical, major, and minor classifications
d. IT systems and applications impacted – to support the defined recovery time objectives
11. Work on Lab #7 – Assessment Worksheet and Questions and submit with your executive
summary.
Deliverables Upon completion of Lab #7 – Perform a Business Impact Analysis for a Mock IT Infrastructure, students
are required to provide the following deliverables as part of this lab:
1. Lab #7 – Assessment Worksheet, Part A – BIA of business functions and operations
2. Lab #7 – Assessment Worksheet, Part B – Business Impact Analysis Executive Summary
3. Lab #7 – Assessment Questions and Answers
Evaluation Criteria and Rubrics
The following are the evaluation criteria and rubrics for Lab #7 that the students must perform:
1. Was the student able to define the goal and objective of a Business Impact Analysis (BIA)? –
[20%]
2. Was the student able to identify where a Business Impact Analysis (BIA) fits within a Business
Continuity Plan (BCP)? – [20%]
Student Lab Manual
-48-
3. Was the student able to identify mission critical applications and access to data requirements for a
given scenario? – [20%]
4. Was the student able to perform a Business Impact Analysis (BIA) utilizing a qualitative
assessment approach? – [20%]
5. Was the student able to create a Business Impact Analysis executive summary report for
management? – [20%]
Student Lab Manual
-49-
Lab #7: Assessment Worksheet
Part A – Perform a Business Impact Analysis for an IT Infrastructure
Course Name: _____________________________________________________________ Student Name: _____________________________________________________________ Instructor Name: ___________________________________________________________ Lab Due Date: _____________________________________________________________ Overview
When performing a BIA, you are trying to assess and align the affected IT systems, applications, and
resources to their required recovery time objectives (RTOs). The prioritization of the identified mission
critical business functions will define what IT systems, applications, and resources are impacted. The
RTO will drive what kind of business continuity and recovery steps are needed to maintain IT operations
within the specified time frames.
1. Performa BIA assessment and fill in the following chart: Business Function Business Impact Recovery IT Systems/Apps Or Process Factor Time Objective Infrastructure Impacts Internal and external voice communications with customers in real-time
Internal and external e-mail communications with customers via store and forward messaging
DNS – for internal and external IP communications
Internet connectivity for e- mail and store and forward customer service
Self-service website for customer access to information and personal account information
Student Lab Manual
-50-
e-Commerce site for online customer purchases or scheduling 24x7x365
Payroll and human resources for employees
Real-time customer service via website, e-mail, or telephone requires CRM
Network management and technical support
Marketing and events
Sales orders or customer/ student registration
Remote branch office sales order entry to headquarters
Voice and e-mail communications to remote branches
Accounting and finance support: Accts payable, Accts receivable, etc.
Part B – Craft a Business Impact Analysis Executive Summary Craft a BIA executive summary, follow this structure and format:
a. Goals and purpose of the BIA – unique to your scenario
b. Summary of Findings – business functions and assessment
c. Prioritizations – critical, major, and minor classifications
d. IT systems and applications impacted – to support the defined recovery time objectives