Metropolitan Commercial Bank - Business Impact Analysis Questionnaire
General Information
FFIEC Reference: http://ithandbook.ffiec.gov/it-booklets/business-continuity-planning/business-impact-analysis.aspx
Date of Assessment
*
-
Month
-
Day
Year
Date
Participant Name
*
Participant Title
*
Participant E-mail Address
*
Business Unit / Department Name
*
Process / Function Name
*
Process / Function Description (Include workflow details)
*
Back
Next
Impact Assessment
Rate the potential impact in the following key areas to the Bank if this process / function could not function due to an interruption.
Minor
Moderate
Significant
Severe
Catastrophic
Financial Impact
Brand Damage
Regulatory /
Legal Action
Customer / Operations
Indicate the relative impact of the loss of this process for each of the time frame slots below. Assume the outage is continuous and occurs during a time of peak business activity. This helps to determine the Maximum Allowable Downtime for this process / function.
*
N/A
Minor
Moderate
Significant
Catastrophic
4 hours
1 business day
2 business days
3 business days
1 week
1 month
How much critical data related to this process / function can be lost without a significant impact? This helps to determine the Recovery Point Objective for this process / function.
*
No data can be lost
1 to 4 hours
1 business day
2 Business days
3 business days
1 week
1 Month
N/A
Other
Back
Next
How many employees does it normally take to perform this process / function?
*
Is this process / function critically dependent on any other processes or functions?
*
Yes
No
N/A
Provide details on the dependency:
*
How frequently is this process / function performed?
*
Please Select
Continuous
Multiple times a day
Once a day
Weekly
Monthly
Annually
Other
Are any specialized forms or equipment needed for this process / function?
*
Yes
No
N/A
Other
Describe the specialized forms and equipment and how is it used:
*
Are there critical cash management / liquidity issues related to this process / function?
*
Yes
No
N/A
Other
Describe the critical cash and liquidity concerns:
*
Have employees received cross training, and has the department defined back-up functions / roles that employees should perform if key personnel are not available?
*
Yes
No
N/A
Other
Comment on cross-training / back-up functions or roles:
*
Back
Next
Critical Technology and Vendor Related Information
Select the IT systems and applications that are critical to this process:
*
Fiserv Cleartouch
E-Mail
Fedline Advantage
Terminal Services
Internet Access (research etc.)
Internet Bill Pay
Online Banking
Credit Reporting
Branch Capture (SCO)
Merchant Deposit Capture
Mobile Deposit Capture
Fiserv Reports
Document Imaging
Microsoft Office 365
Prologue GL
BAM+ AML Software
Sageworks
eShare
Specific Files or File Folders (explain below)
Other
Comment on technologies and/or list additional technologies:
Are there any known single points of failure related to the critical systems for this process / function?
*
Yes
No
Requires research
Other
Explain single points of failure:
*
Frequency of critical system usage
*
Multiple times a day
Daily
Weekly
Monthly
Other
Can the critical applications used to support this process / function be accessed remotely if necessary?
*
Yes
No
Requires research
N/A
Select the remote access method(s) used:
*
GoToMyPC
Direct via Secure VPN
Mobile Device
Web
All of the above
Other
Back
Next
Select the vendors that are critical to this process:
*
Fiserv
Federal Reserve Bank
Internet Service Provider
Dynatek
Fiserv EFT
Square 9
Abrigo
CSI
Deluxe
SageWorks
eShare
Other
Comment on vendors and / or list additional vendors:
Are there any service level agreements in place with any critical vendors that define the responsibilities of the institution and the third-party service provider?
*
Yes
No
N/A
Other
What was the longest time that this process / function was unable to function effectively due to the loss or interruption of its critical IT systems / data or critical employees in the last 5 years?
*
Please Select
Less than 1 business day
1 business day
2 business days
3 business days
1 week
1 month
N/A
Other
Provide details on the interruption (including any relevant recovery details):
*
Back
Next
Coping Strategies
What is the minimum number of staff and amount of space that would be required at a recovery site to perform this process / function?
*
Can this process / function be performed manually without access to critical IT systems?
*
Yes
No
N/A
Other
Is the manual process documented?
*
Yes
No
N/A
Other
Briefly describe the manual process or reference documented procedures:
*
Estimate how long this process / function could continue to be performed at an effective level on a manual basis or without its typical application? Assume that loss of support occurs during your busiest or peak period.
*
Less than 1 business day
1 Business day
2 Business days
3 business days
1 week
1 month
N/A
Other
Back
Next
Are there any special forms or supplies that are needed at a recovery site to support this process / function?
*
Yes
No
N/A
Other
Describe the special forms or supplies that would be needed at a recovery site:
*
Are there critical operational or security controls that require implementation prior to recovery?
*
Yes
No
N/A
Other
Describe the critical operational or security controls that require implementation prior to recovery:
*
Back
Next
Describe any processes designed to consider the personal / health and safety needs of employees and / or customers:
*
Overall comments, concerns and / or conclusions:
Submit
Should be Empty: