Your session has timed out.

BUSINESS IMPACT ANALYSIS (BIA) SURVEY

Application Description:  A brief summary of the application explaining its purpose, core functionality, and importance to the organization. It also includes the business processes it supports and who uses it.

(Example:  System A is a web-based system that supports the administration of the Work First New Jersey General Assistance Program, which is currently used in county welfare agencies and autonomous municipal welfare departments. The program provides Welfare clients with assistance such as Cash Benefits, Immediate Needs, Emergency Assistance, and Temporary Rent Assistance. General Assistance provides these services to individuals and couples without dependent children)

Please select all that apply but at least one must be completed.

Legal Liability Description:  The potential legal risks and responsibilities related to the use and performance of an application. This includes following Federal and State regulations, ensuring data privacy and security, and meeting contractual obligations, such as service level agreements.

(Example:  HIPAA mandates that covered entities and their business associates implement safeguards to protect personal health information (PHI) from unauthorized access, use, or disclosure.  Failure to comply with HIPAA regulations can result in significant penalties, including fines ranging from $100 to $50,000 per violation, with an annual cap of $1.5 million. Additionally, organizations may face legal action and damage to their reputation.)

State/Federal Statutes:  The specific federal laws and regulations that support the selected Recovery Time Objective (RTO) for the application. This description outlines the legal rules an application must comply with, the potential legal implications of non-compliance, and how these regulations impact the application operation and management.  Please cite the specific statute(s) supporting the RTO. 

(Example: N.J.A.C. 17:12-1.2 regulation pertains to the New Jersey Office of Information Technology's (OIT) policies for disaster recovery and continuity of operations.  According to this regulation, specific critical systems must be restored and operational within 4 hours of a disruption. This requirement ensures that essential state government operations can continue without significant delay, maintaining the stability and reliability of public services.  The requirement for a 4-hour recovery window is part of broader regulations to ensure that state systems are resilient and can quickly recover from emergencies or failures.)

Alternate/Workaround Procedures:  Predefined processes or methods designed to continue business operations if the primary application is unavailable or disrupted. These procedures may provide temporary solutions to maintain essential functions and minimize operational impact until the primary application or infrastructure can be restored.

Financial Impact:  The monetary consequences to an agency or organization related to disruption or failure of the application, including both direct and indirect costs resulting from its unavailability.

Key elements of Financial Impact include:

• Revenue Loss: Loss of income due to support sales, transactions, or other revenue-generating activities.
• Operational Costs: Additional costs incurred during the downtime (example: incurred overtime pay for staff, emergency repair costs, or emergency services). 
• Customer Compensation: Expenses related to compensating customers or clients affected by the application or infrastructure disruption.  (example: refunds, service credits, or other reimbursements).
• Legal and Regulatory Penalties: Financial penalties or fines imposed for non-compliance with contractual agreements, regulations, or legal requirements due to the application or infrastructure unavailability.
• Recovery Costs: Expenses associated with restoring the application or infrastructure to full functionality, temporary solutions costs, and additional resources required.

Dependencies:   Something that an application needs to work correctly.

For example, if an application needs a certain database or a specific server to run, those are its dependencies. If the application relies on a particular system or service and isn’t available, it might not work properly.

i.e. your application must be accessed through the MYNJ (Portal); therefore, MYNJ is a dependency.

BUSINESS IMPACT ANALYSIS (BIA) SURVEY

Infrastructure Description:  A brief summary of the infrastructure explaining its purpose, core functionality, and importance to the organization. It also includes the business processes it supports and who uses it.

(Example:  Infrastructure A This infrastructure is a scalable, reliable, and secure platform designed to host applications across different environments, including development, testing, staging, and production. The setup comprises multiple components to support web, mobile, and enterprise applications, allowing high availability and performance optimization.)

Dependencies:   Something that the infrastructure needs to work correctly.

For example, if an infrastructure needs certain hardware, storage, authentication service to run, those are its dependencies. If the infrastructure relies on a particular system or service and isn’t available, it might not work properly.

i.e. The infrastructure requires load balancers to manage internal traffic securely.