Professional Documents
Culture Documents
Purpose:
The purpose of this questionnaire is to solicit information concerning the exposure and impacts that will result if your Functional Business Unit
Date Started:
experiences a significant outage. This information will be combined with that provided from other functional business units to assess the
overall financial exposures and operational impacts should a disruption in business activities occurs at NC State University. The financial and
Department/College:
operational impact information will be used to determine each unit's maximum tolerable downtime, which will be considered when determining
anBusiness
appropriate set of recover alternative solutions for each functional business unit.
Unit:
Department Head/Dean:
Building:
Campus Box:
Cohort Coordinator:
Coordinator Phone:
Coordinator Fax:
PERSONNEL CONSIDERATIONS
39 Adequate number of personnel to perform critical job
functions
40 Controls established for terminating/transferring employees
41 Alternate personnel have been identified to perform critical
functions.
42 A list of critical personnel and job functions are
documented.
INSURANCE
46 Your departments Business Continuity Plan reflects the
Insurance Contact person for your department.
RESEARCH, PLANT, OR LABORATORY CONSIDERATIONS
47 There is adequate storage for hazardous materials and
chemicals.
48 Safety plans are in place for all areas where hazardous
materials are used and hazardous processes are
conducted.
49 Adequate ventilation controls are in place.
50 Provisions have been made for storage of materials
requiring refrigeration.
51 Research projects that are contingent on electricity are
documented.
52 Select agents are secured.
53 Refrigerators in labs are secured.
54 Unauthorized individuals are restricted from access to labs.
55 Lab check-out procedures are followed when staff are no
longer assigned to a particular lab.
56 Campus IDs are required to be worn in labs by all staff,
faculty, and students.
WORKING FROM HOME (Critical staff must have their own ISP)
73 Have critical staff ever accessed any campus application
remotely?
74 Do critical staff have the need to access any campus
applications remotely?
77 If your department is an NCS Customer and critical staff
may need to access their network home directory (H drive),
do these critical staff have Netdrive installed on their home
PC?
78 Does critical staff have the most recent virus protection files
on the staffs home pc and service packs?
79 Have critical staff tested dialing In successfully within the
past month (do they know their passwords or have they
expired?)
SOFTWARE CONSIDERATIONS
80 Departmental software is upgraded as needed to ensure
business functions can be performed.
81 Critical departmental software is backed up and the back-
ups are stored off site.
82 Software upgrades planned to minimize employee
disruption and job function disruption.
83 Master and backup copies of departmental software is
secured.
84 Departmental software documentation is secured.
85 Anti-virus software is installed and continuously enabled on
all departmental computers, laptops, networks.
86 Departmental databases are backed up. Explain how often.
HARDWARE CONSIDERATIONS
87 Computers that are in open areas are secured.
88 Departmental computer drive keys are not left in the
machines, but are properly secured.
89 Departmental server recovery documentation is stored off-
site
90 Departmental CPUs are locked so that the cover cannot be
removed and internal boards removed.
91 Data storage media (tapes, disks, CD-ROM) are properly
secured.
92 An inventory (including serial and University equipment
tag#) of departmental computers, laptops and other
portable components is maintained.
93 Non-removable labels are attached to: computers, laptop,
laptop’s case.
94 Check out procedures are used for computers on loan.
95 Computers are sanitized before surplused.
OFF-SITE STORAGE (Alternate storage location of vital records external to your facility)
96 An Off-Site Storage location has been identified and utilized.
97 The facility is located at a sufficient distance from your office
such that a disaster would not impact both locations
similarly.
98 Your adminstrative and other records are either backed up
through CASS facilities which have this daily off campus file
storage or are otherwise backed up daily both on and off
campus.
99 The facility is accessible within a reasonable period of time
such that the records can be obtained quickly.
OUTSOURCING USING A THIRD PARTY VENDOR
100 Your department has verified that your service providers
have disaster recovery plans.
101 Results of the service provider’s DR Test have been verified
and the recovery time objectives are satisfactory.
102 The recovery priority is known by your department in
relationship to other service provider customers.
Risks may be a result of a threat. The below risks may be a result of the following threats: Natural Threats (Hurricane, Snow Storm,
Tornado,), Loss of Key Staff, Technology Disruptions, Temporary or Long term loss of facility, or Utility Disruption)
Weighted
Departmental IMPACT during Result
Probability
University Risks Risk? critical time of year Weight Factor (probability x
(1, 2, 3)
(YES/NO) (1, 2, 3) impact x weight
factor)
Air Conditioning Failure 0
Anticipated Loss of Key
0
Staff
Back-up tapes of the wrong
0
data
Bad Credit Rating with
0
Service Providers
Bombing 0
Cancellations of Events 0
Computer
Equipment/Hardware Failure 0
Construction incidents or
0
accidents
Contract Violations 0
Cooling Plant Failure 0
Corruption of database 0
Data Center Disruption 0
Declaration fees from
0
Service Provider
Decrease in enrollment 0
Departmental Server failure
0
Embezzlement 0
Epidemic 0
Equipment Failure 0
External Fire - Major 0
Developed the NC State University Department of Business Continuity and Disaster Recovery
Risk Assessment 10/17/2008
Firewall
0
Corruption/Destruction
Flooding 0
Flooding not related to
0
Natural Disasters
Improper Use of Information 0
Inability to access backup
0
records/data
Inability to access off-site
0
storage area
Inability to access website 0
Inability to Make Deposits 0
Inability to Make Transfers 0
Infectious Animal Diseases 0
Internal Fire - Major 0
Late Payments 0
Law Suits 0
Loss of Grant 0
Loss of Revenue 0
Media Failure (Data Tapes) 0
Negative reporting in
0
Newspaper or Television
Nuclear Reactor
0
Malfunctioning
Operating System Failure 0
Overdraft Fees 0
Premium charges for
0
Purchases
Radioactive Contamination 0
Regulatory Incompliance 0
Repayment of Grant Funds 0
Robbery 0
Sabotage 0
Security Breaches
0
(Computer)
Developed the NC State University Department of Business Continuity and Disaster Recovery
Risk Assessment 10/17/2008
Developed the NC State University Department of Business Continuity and Disaster Recovery
Version 7
NC State University Critical Processes
Purpose of Process
(e.g. revenue generation,
RTO RTO RTO
List your Critical Business Processes administrative, customer Recovery Priority Time Critical
Power Facility Vital Records
service, support function,
ancillary function, etc)