Business Impact Analysis (BIA) Assignment Help

Plan Approval
As the designated authority for JK Payroll SystemI hereby certify that the information system contingency plan (ISCP) is complete, and that the information contained in this ISCP provides an accurate representation of the application, its hardware, software, and telecommunication components.  I further certify that this document identifies the criticality of the system as it relates to the mission of the JK, and that the recovery strategies identified will provide the ability to recover the system functionality in the most expedient and cost-beneficial method in keeping with its level of criticality.
I further attest that this ISCP for JK Payroll System will be tested at least annually.  This plan was last tested on August 25, 2020 the test, training, and exercise (TT&E) material associated with this test can be found {TT&E results appendix or location}.  This document will be modified as changes occur and will remain under version control, in accordance with JK’s contingency planning policy.
________________________________________                ________________________
{System Owner Name}                                                            Date
{System Owner Title}

  1. Introduction

Information systems are vital to JK mission/business processes; therefore, it is critical that services provided by JK Payroll System are able to operate effectively without excessive interruption.  This Information System Contingency Plan (ISCP) establishes comprehensive procedures to recover JK Payroll System quickly and effectively following a service disruption.
1.1       Background
This JK Payroll System ISCP establishes procedures to recover Payroll System following a disruption.  The following recovery plan objectives have been established:

  • Maximize the effectiveness of contingency operations through an established plan that consists of the following phases:
    • Activation and Notification phaseto activate the plan and determine the extent of damage;
    • Recovery phaseto restore JK Payroll System operations; and
    • Reconstitution phaseto ensure that JK Payroll System is validated through testing and that normal operations are resumed.
  • Identify the activities, resources, and procedures to carry out JK Payroll System processing requirements during prolonged interruptions to normal operations (Kellard & Śliwa, 2016).
  • Assign responsibilities to designated JK personnel and provide guidance for recovering JK Payroll System during prolonged periods of interruption to normal operations.
  • Ensure coordination with other personnel responsible for JK contingency planning strategies.  Ensure coordination with external points of contact and vendors associated with JK Payroll System and execution of this plan.

1.2       Scope
This ISCP has been developed for JK Payroll System’ which is classified as a low-impact system, in accordance with Federal Information Processing Standards (FIPS) 199 – Standards for Security Categorization of Federal Information and Information Systems (Kellard & Śliwa, 2016).  Procedures in this ISCP are for Low- Impact systems and designed to recover JK Payroll System within 24 hours.  This plan does not address replacement or purchase of new equipment, short-term disruptions lasting less than 6 hours; or loss of data at the onsite facility or at the user-desktop levels.  As JK Payroll System is a low-impact system, alternate data storage and alternate site processing are not required.
1.3       Assumptions 
The following assumptions were used when developing this ISCP:

  • JK Payroll System has been established as a low-impact system, in accordance with FIPS 199.
  • Alternate processing sites and offsite storage are not required for this system.
  • The JK Payroll System is inoperable and cannot be recovered within 24 hours.
  • Key JK Payroll System personnel have been identified and trained in their emergency response and recovery roles; they are available to activate the Payroll System Contingency Plan.

The Payroll System ISCP does not apply to the following situations:

  • Overall recovery and continuity of mission/business operations.  The Business Continuity Plan (BCP) and Continuity of Operations Plan (COOP) address continuity of mission/business operations.
  • Emergency evacuation of personnel.  The Occupant Emergency Plan (OEP) addresses employee evacuation.


  1. Concept of Operations

The Concept of Operations section provides details about Payroll System, an overview of the three phases of the ISCP (Activation and Notification, Recovery, and Reconstitution), and a description of roles and responsibilities of JK Company personnel during a contingency activation.  
2.1       System Description 
The payroll system is used in the management and administration of payments in the organization’s financial payments. The payroll system is both a physical and online working platform that ensures the company is able to process both client and its payment procedures. The functionality of the payroll system is made possible in connecting the organization with other key players in the region (Kellard & Śliwa, 2016). The financial records are backed up remotely as well as physically through the use of hardware.
2.2       Overview of Three Phases
This ISCP has been developed to recover and reconstitute the Payroll System using a three-phased approach.  This approach ensures that system recovery and reconstitution efforts are performed in a methodical sequence to maximize the effectiveness of the recovery and reconstitution efforts and minimize system outage time due to errors and omissions.
The three system recovery phases are:
Activation and Notification Phase – Activation of the ISCP occurs after a disruption or outage that may reasonably extend beyond the RTO established for a system (Kellard & Śliwa, 2016).  The outage event may result in severe damage to the facility that houses the system, severe damage or loss of equipment, or other damage that typically results in long-term loss.
Once the ISCP is activated, system owners and users are notified of a possible long-term outage, and a thorough outage assessment is performed for the system.  Information from the outage assessment is presented to system owners and may be used to modify recovery procedures specific to the cause of the outage.
Recovery Phase – The Recovery phase details the activities and procedures for recovery of the affected system.  Activities and procedures are written at a level that an appropriately skilled technician can recover the system without intimate system knowledge (Kellard & Śliwa, 2016).  This phase includes notification and awareness escalation procedures for communication of recovery status to system owners and users.
Reconstitution –The Reconstitution phase defines the actions taken to test and validate system capability and functionality at the original or new permanent location.  This phase consists of two major activities: validating successful reconstitution and deactivation of the plan.
During validation, the system is tested and validated as operational prior to returning operation to its normal state.  Validation procedures may include functionality or regression testing, concurrent processing, and/or data validation (Kellard & Śliwa, 2016).  The system is declared recovered and operational by system owners upon successful completion of validation testing.
Deactivation includes activities to notify users of system operational status.  This phase also addresses recovery effort documentation, activity log finalization, incorporation of lessons learned into plan updates, and readying resources for any future events.
2.3       Roles and Responsibilities
The ISCP establishes several roles for Payroll System recovery and reconstitution support.  Persons or teams assigned ISCP roles have been trained to respond to a contingency event affecting Payroll System.
Business Unit Point of Contact – the sole owner of the system responsible for the running of day to day of the entire team (Kellard & Śliwa, 2016).
A Recovery Coordinator – responsible for coordinating the recovery process in the event there is an outage incidence.
A Technical Recovery Point of Contact – the team is responsible for the management of the payroll systems in the point of contact.
Server expert – responsible in the operational process of the website servers.
Leadership roles
ISCP Director –overall management responsibility for the plan.
ISCP Coordinator –responsible in overseeing the recovery and reconstitution progress of the system

  1. Activation and Notification

The Activation and Notification Phase defines initial actions taken once a Payroll System disruption has been detected or appears to be imminent.  This phase includes activities to notify recovery personnel, conduct an outage assessment, and activate the ISCP (Kellard & Śliwa, 2016).  At the completion of the Activation and Notification Phase, Payroll System ISCP staff will be prepared to perform recovery measures.
3.1       Activation Criteria and Procedure
The Payroll System ISCP may be activated if one or more of the following criteria are met:

  1. The type of outage indicates Payroll System will be down for more than 48 hours;
  2. The facility housing Payroll System is damaged and may not be available within 12 hours

The following persons or roles may activate the ISCP if one or more of these criteria are met:
The operations point of contact (POC) is the one with full responsibility of running the authentication of the functioning of the entire system for system support.
3.2       Notification
The first step upon activation of the Payroll System ISCP is notification of appropriate mission/business and system support personnel.  Contact information for appropriate.
For Payroll System, the following method and procedure for notifications are used:
In the event an incidence of the system outage the information is communicated through a procedural relay of information done through first the system owner, the technical POC, the ISCP Coordinator, the business unit or user unit POC, and lastly the recovery team POC which is made through automated notifications as well as emails.
3.3       Outage Assessment
Following notification, a thorough outage assessment is necessary to determine the extent of the disruption, any damage, and expected recovery time.  This outage assessment is conducted by Payroll System recovery team.  Assessment results are provided to the ISCP Coordinator to assist in the coordination of the recovery of Payroll System.

  1. Recovery

The Recovery Phase provides formal recovery operations that begin after the ISCP has been activated, outage assessments have been completed (if possible), personnel have been notified, and appropriate teams have been mobilized (Kellard & Śliwa, 2016).  Recovery Phase activities focus on implementing recovery strategies to restore system capabilities, repair damage, and resume operational capabilities at the original or an alternate location.  At the completion of the Recovery Phase, Payroll System will be functional and capable of performing the functions identified in Section 2.1 of this plan.
4.1       Sequence of Recovery Activities
The following activities occur during recovery of Payroll System:

  1. Identify the recovery location
  2. Identify needed resources to perform recovery process
  3. Retrieve the backup and the system installation media and data
  4. Initiate the Recovery hardware and operating systems
  5. Complete the system recovery from backup and system installation media available.

4.2       Recovery Procedures
The following procedures are provided for recovery of Payroll System at the original locationRecovery procedures are outlined per team and should be executed in the sequence presented to maintain an efficient recovery effort.
4.3       Recovery Escalation Notices/Awareness
The escalation of the problem will be done in accordance with the priority of usage. The clients will be notified of the current system issues and new method for payment receipt rolled out. The use of a new communication platform for the success of the particular procedures will be addressed in the most appropriate plans that will offer the required recovery of the troubled system.

  1. Reconstitution

Reconstitution is the process by which recovery activities are completed and normal system operations are resumed.  If the original facility is unrecoverable, the activities in this phase can also be applied to preparing a new permanent location to support system processing requirements.  A determination must be made on whether the system has undergone significant change and will require reassessment and reauthorization (Kellard & Śliwa, 2016). The phase consists of two major activities:  validating successful reconstitution and deactivation of the plan.
5.1       Validation Data Testing
Validation data testing is the process of testing and validating data to ensure that data files or databases have been recovered completely at the permanent location.  The following procedures will be used to determine that the data is complete and current to the last available backup:
The system will employ a low-impact system that would be used to check if the last known complete transaction was well posted and updated in the database correctly.
5.2       Validation Functionality Testing
Validation functionality testing is the process of verifying that Payroll System functionality has been tested, and the system is ready to return to normal operations.
The system is tested using a low-impact system that will be logging into the system. The system will be running a report or performing a transaction to test if the system is working correctly.

    1. Recovery Declaration

Upon successfully completing testing and validation, the CEO will formally declare recovery efforts complete, and that Payroll System is in normal operations.  Payroll System business and technical POCs will be notified of the declaration by the ISCP Coordinator.
5.4       Notifications (users)
Upon return to normal system operations, Payroll System users will be notified by IT experts using the automated notification and email.
5.5       Cleanup
The Cleanup is the process of cleaning up or dismantling any temporary recovery locations, restocking supplies used, returning manuals or other documentation to their original locations, and readying the system for a possible future contingency event which will be done after the restoration is completed.
5.6       Data Backup
As soon as reasonable following recovery, the system should be fully backed up and a new copy of the current operational system stored for future recovery efforts.  This full backup is then kept with other system backups.  The procedures for conducting a full system backup are:
The full backup system is made possible through the use of the remote restore plans as well as the physical system restoration through which the hourly backup is used in rebuilding the system again to normalcy.
5.7       Event Documentation
It is important that all recovery events be well-documented, including actions taken and problems encountered during the recovery and reconstitution effort, and lessons learned for inclusion and update to this ISCP (Kellard & Śliwa, 2016).  It is the responsibility of each ISCP team or person to document their actions during the recovery and reconstitution effort, and to provide that documentation to the ISCP Coordinator.

  • Activity logs
  • Functionality and data testing results;
  • Lessons learned documentation; and
  • After Action Report.

5.8       Deactivation
Once all activities have been completed and documentation has been updated, the Payroll System will formally deactivate the ISCP recovery and reconstitution effort.  Notification of this declaration will be provided to all business and technical POCs.
Kellard, N., & Śliwa, M. (2016). Business and Management Impact Assessment in Research Excellence Framework 2014: Analysis and Reflection. British Journal Of Management27(4), 693-711. doi: 10.1111/1467-8551.12186

Open chat
Need assignment help?