Beruflich Dokumente
Kultur Dokumente
Version 7
Purpose:
The purpose of this questionnaire is to solicit information concerning the exposure and impacts that will result if your Functional Business Unit
Date Started:
experiences a significant outage. This information will be combined with that provided from other functional business units to assess the overall
financial
exposures and operational impacts should a disruption in business activities occurs at NC State University. The financial and
Department/College:
operational impact information will be used to determine each unit's maximum tolerable downtime, which will be considered when determining
anBusiness
appropriate
set of recover alternative solutions for each functional business unit.
Unit:
Department Head/Dean:
Building:
Campus Box:
Cohort Coordinator:
Coordinator Phone:
Coordinator Fax:
Person(s) Editing this Template:
Business Unit Mission Statement:
Review Date with Department of
Business Continuity
Date Completed:
Page 1 of 79
NC State University
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Assessment
Yes/No/NA/Unk
BUSINESS CONTINUITY PLANS
Your department has a business continuity plan.
Accountability for business continuity and disaster recovery
is assigned in your department.
Critical business processes and functions are identified and
prioritized.
Business continuity procedures and plans are documented
for all critical business processes and functions.
Version 7
Explain
Page 2 of 79
NC State University
19
20
21
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Assessment
Yes/No/NA/Unk
TRAINING AND TESTING
Regular scheduled training is conducted for key disaster
recovery personnel or recovery teams.
Business Continuity is discussed during new employee
orientation.
Business Continuity/Disaster Recovery Plans are tested
annually.
PHYSICAL SECURITY
Evacuation routes are posted throughout the building with
easy visibility.
Building entrances utilize security devices requiring keys,
pass-codes or magnetic badges.
Security policies/guidelines/procedures are published for
employee access.
Restricted areas are controlled and supervised.
Vendor personnel are required to show positive
identification.
Keys and badges and/or change codes are requested from
terminated employees.
ENVIRONMENTAL CONTROLS
Critical equipment is located above water grade.
Adequate water drainage (under raised floor, on floors
above, in adjacent areas)
Water detection devices located under raised floor
(equipment room)
Adequate water leak controls
Employees are informed of procedure to report water leak or
location of water pipe shut-off valves.
Equipment located away from sprinkler heads
Inoperable Windows
Covers for equipment in case of sprinkler release available
and located near equipment
Version 7
Explain
Page 3 of 79
NC State University
39
40
41
42
46
47
48
49
50
51
52
53
54
55
56
Assessment
PERSONNEL CONSIDERATIONS
Adequate number of personnel to perform critical job
functions
Controls established for terminating/transferring employees
Yes/No/NA/Unk
Version 7
Explain
Page 4 of 79
NC State University
57
58
59
60
61
62
63
64
65
66
67
68
69
Assessment
Yes/No/NA/Unk
Lab Supervisors are aware of Laboratory Security and
Safety Guidelines.
The Supervisor Safety Inspection Checklist is completed
annually.
Procedures are in place for management of materials left
behind by Professors.
Functions are documented which are performed by critical
faculty/staff.
Procedures are in place for transitioning responsibilities to
new faculty/staff.
SPACE PLANNING
Interim/alternate space has been identified (office,
classroom, laboratory, etc.) to carry out critical departmental
functions?
Critical employees that will require interim office space has
been identified.
Critical employees that could use open office space
(cubicles) has been identified.
Critical employees that could work from home have been
identified.
Special equipment needs for space has been identified.
Functions in your department that must remain co-located
have been identified.
Functions in your department that must remain on campus
and which could temporarily be housed off campus have
been identified.
For Research Lab Space, equipment that should be
provided to stabilize or preserve research activities, samples
and material in the interim until fully functional space can be
provided (freezers, environmental or isolation chambers,
fume hoods, etc) has been identified.
70
71
72
Version 7
Explain
Page 5 of 79
NC State University
73
74
77
78
79
80
81
82
83
84
85
86
Assessment
Yes/No/NA/Unk
WORKING FROM HOME (Critical staff must have their own ISP)
Have critical staff ever accessed any campus application
remotely?
Do critical staff have the need to access any campus
applications remotely?
If your department is an NCS Customer and critical staff
may need to access their network home directory (H drive),
do these critical staff have Netdrive installed on their home
PC?
Version 7
Explain
Does critical staff have the most recent virus protection files
on the staffs home pc and service packs?
Have critical staff tested dialing In successfully within the
past month (do they know their passwords or have they
expired?)
SOFTWARE CONSIDERATIONS
Departmental software is upgraded as needed to ensure
business functions can be performed.
Critical departmental software is backed up and the backups are stored off site.
Software upgrades planned to minimize employee
disruption and job function disruption.
Master and backup copies of departmental software is
secured.
Departmental software documentation is secured.
Anti-virus software is installed and continuously enabled on
all departmental computers, laptops, networks.
Departmental databases are backed up. Explain how often.
Page 6 of 79
NC State University
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
Version 7
Assessment
Yes/No/NA/Unk
Explain
HARDWARE CONSIDERATIONS
Computers that are in open areas are secured.
Departmental computer drive keys are not left in the
machines, but are properly secured.
Departmental server recovery documentation is stored offsite
Departmental CPUs are locked so that the cover cannot be
removed and internal boards removed.
Data storage media (tapes, disks, CD-ROM) are properly
secured.
An inventory (including serial and University equipment
tag#) of departmental computers, laptops and other portable
components is maintained.
Non-removable labels are attached to: computers, laptop,
laptops case.
Check out procedures are used for computers on loan.
Computers are sanitized before surplused.
OFF-SITE STORAGE (Alternate storage location of vital records external to your facility)
An Off-Site Storage location has been identified and utilized.
The facility is located at a sufficient distance from your office
such that a disaster would not impact both locations
similarly.
Your adminstrative and other records are either backed up
through CASS facilities which have this daily off campus file
storage or are otherwise backed up daily both on and off
campus.
The facility is accessible within a reasonable period of time
such that the records can be obtained quickly.
OUTSOURCING USING A THIRD PARTY VENDOR
Your department has verified that your service providers
have disaster recovery plans.
Results of the service providers DR Test have been verified
and the recovery time objectives are satisfactory.
The recovery priority is known by your department in
relationship to other service provider customers.
Page 7 of 79
Risk Assessment
04/27/2016
Risks may be a result of a threat. The below risks may be a result of the following threats: Natural Threats (Hurricane, Snow Storm,
Tornado,), Loss of Key Staff, Technology Disruptions, Temporary or Long term loss of facility, or Utility Disruption)
University Risks
Departmental
Risk?
(YES/NO)
Probability
(1, 2, 3)
IMPACT during
critical time of year
(1, 2, 3)
Developed the NC State University Department of Business Continuity and Disaster Recovery
Weight Factor
Weighted
Result
(probability x
impact x weight
factor)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Risk Assessment
04/27/2016
Risks may be a result of a threat. The below risks may be a result of the following threats: Natural Threats (Hurricane, Snow Storm,
Tornado,), Loss of Key Staff, Technology Disruptions, Temporary or Long term loss of facility, or Utility Disruption)
University Risks
Departmental
Risk?
(YES/NO)
Probability
(1, 2, 3)
IMPACT during
critical time of year
(1, 2, 3)
Firewall
Corruption/Destruction
Flooding
Flooding not related to
Natural Disasters
Improper Use of Information
Inability to access backup
records/data
Inability to access off-site
storage area
Inability to access website
Inability to Make Deposits
Inability to Make Transfers
Infectious Animal Diseases
Internal Fire - Major
Late Payments
Law Suits
Loss of Grant
Loss of Revenue
Media Failure (Data Tapes)
Negative reporting in
Newspaper or Television
Nuclear Reactor
Malfunctioning
Operating System Failure
Developed the NC State University Department of Business Continuity and Disaster Recovery
Weight Factor
Weighted
Result
(probability x
impact x weight
factor)
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Risk Assessment
04/27/2016
Risks may be a result of a threat. The below risks may be a result of the following threats: Natural Threats (Hurricane, Snow Storm,
Tornado,), Loss of Key Staff, Technology Disruptions, Temporary or Long term loss of facility, or Utility Disruption)
University Risks
Departmental
Risk?
(YES/NO)
Probability
(1, 2, 3)
IMPACT during
critical time of year
(1, 2, 3)
Weight Factor
Weighted
Result
(probability x
impact x weight
factor)
Overdraft Fees
Premium charges for
Purchases
Radioactive Contamination
Regulatory Incompliance
Repayment of Grant Funds
Robbery
Sabotage
Security Breaches
(Computer)
Service Provider Business
Disruption
Software/Application Failure
0
0
Developed the NC State University Department of Business Continuity and Disaster Recovery
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Risk Assessment
04/27/2016
Risks may be a result of a threat. The below risks may be a result of the following threats: Natural Threats (Hurricane, Snow Storm,
Tornado,), Loss of Key Staff, Technology Disruptions, Temporary or Long term loss of facility, or Utility Disruption)
University Risks
Departmental
Risk?
(YES/NO)
Probability
(1, 2, 3)
IMPACT during
critical time of year
(1, 2, 3)
Workplace violence
Developed the NC State University Department of Business Continuity and Disaster Recovery
Weight Factor
Weighted
Result
(probability x
impact x weight
factor)
0
Version 7
Critical Processes
NC State University
Purpose of Process
(e.g. revenue generation,
administrative, customer
service, support function,
ancillary function, etc)
Recovery Priority
Time Critical
RTO
Power
RTO
Facility
Page 12 of 79
NC State University
Critical Processes
Version 7
Page 13 of 79
Version 7
Critical Processes
NC State University
RTO
Vital Records
RTO
Telephone
RTO
Computing and Network
Page 14 of 79
NC State University
Critical Processes
Version 7
Page 15 of 79
Version 7
Critical Processes
NC State University
Dependencies:
Who is supported by this process?
Page 16 of 79
NC State University
Critical Processes
Version 7
Page 17 of 79
Version 7
Critical Processes
NC State University
Dependencies:
Who gives support to this process?
Operational Risks
Page 18 of 79
NC State University
Critical Processes
Version 7
Page 19 of 79
Version 7
Critical Processes
NC State University
Techonology Risks
Legal Risks
Financial Risks
Page 20 of 79
NC State University
Critical Processes
Version 7
Page 21 of 79
Critical Processes
NC State University
Reputational Risks
Version 7
Market/Strategic Risks
Page 22 of 79
NC State University
Critical Processes
Version 7
Page 23 of 79
Version 7
Critical Processes
NC State University
Page 24 of 79
NC State University
Critical Processes
Version 7
Page 25 of 79
Critical Processes
NC State University
Version 7
Page 26 of 79
NC State University
Critical Processes
Version 7
Page 27 of 79
NC State University
Critical Processes
Version 7
Page 28 of 79
NC State University
Critical Processes
Version 7
Page 29 of 79
NC State University
Critical Processes
Version 7
Page 30 of 79
NC State University
Critical Processes
Version 7
Page 31 of 79
NC State University
Critical Processes
Version 7
Page 32 of 79
NC State University
Critical Processes
Version 7
Page 33 of 79
NC State University
Critical Processes
Version 7
Page 34 of 79
NC State University
Critical Processes
Version 7
Page 35 of 79
NC State University
Critical Processes
Version 7
Page 36 of 79
NC State University
Critical Processes
Version 7
Page 37 of 79
NC State University
Critical Processes
Version 7
Page 38 of 79
NC State University
Critical Processes
Version 7
Page 39 of 79
NC State University
Critical Processes
Version 7
Page 40 of 79
NC State University
Critical Processes
Version 7
Page 41 of 79
NC State University
Critical Processes
Version 7
Page 42 of 79
NC State University
Critical Processes
Version 7
Page 43 of 79
NC State University
Critical Processes
Version 7
Page 44 of 79
NC State University
Critical Processes
Version 7
Page 45 of 79
NC State University
Critical Processes
Version 7
Page 46 of 79
NC State University
Critical Processes
Version 7
Page 47 of 79
NC State University
Critical Processes
Version 7
Page 48 of 79
NC State University
Critical Processes
Version 7
Page 49 of 79
NC State University
Critical Processes
Version 7
Page 50 of 79
NC State University
Critical Processes
Version 7
Page 51 of 79
NC State University
Critical Processes
Version 7
Page 52 of 79
NC State University
Critical Processes
Version 7
Page 53 of 79
NC State University
Critical Processes
Version 7
Page 54 of 79
NC State University
Critical Processes
Version 7
Page 55 of 79
NC State University
Critical Processes
Version 7
Page 56 of 79
NC State University
Critical Processes
Version 7
Page 57 of 79
NC State University
Critical Processes
Version 7
Page 58 of 79
NC State University
Critical Processes
Version 7
Page 59 of 79
NC State University
Critical Processes
Version 7
Page 60 of 79
NC State University
Critical Processes
Version 7
Page 61 of 79
NC State University
Critical Processes
Version 7
Page 62 of 79
NC State University
Critical Processes
Version 7
Page 63 of 79
NC State University
Critical Processes
Version 7
Page 64 of 79
NC State University
Critical Processes
Version 7
Page 65 of 79
NC State University
Critical Processes
Version 7
Page 66 of 79
NC State University
Critical Processes
Version 7
Page 67 of 79
NC State University
Critical Processes
Version 7
Page 68 of 79
NC State University
Critical Processes
Version 7
Page 69 of 79
NC State University
Critical Processes
Version 7
Page 70 of 79
NC State University
Critical Processes
Version 7
Page 71 of 79
NC State University
Critical Processes
Version 7
Page 72 of 79
NC State University
Critical Processes
Version 7
Page 73 of 79
NC State University
Critical Processes
Version 7
Page 74 of 79
NC State University
Critical Processes
Version 7
Page 75 of 79
NC State University
Critical Processes
Version 7
Page 76 of 79
NC State University
Critical Processes
Version 7
Page 77 of 79
NC State University
Critical Processes
Version 7
Page 78 of 79
NC State University
Critical Processes
Version 7
Page 79 of 79