The Vendor is required business impact analysis and disaster recovery gap assessment services to conduct an organization-wide Business Impact Analysis, assess the System’s disaster recovery capabilities, identify risks, gaps, recovery requirements, and provide recommendations to strengthen business continuity, disaster recovery, and organizational resilience.
• Universities require an objective, risk-based assessment, utilizing recognized industry standards, leading practices, and proven methodologies. The engagement will evaluate critical business processes, supporting technologies, internal and external dependencies, recovery requirements, existing business continuity, and disaster recovery documentation and capabilities across the organization.
• Advisory and consulting services related to business continuity, disaster recovery, organizational resilience, and matters arising from the findings and recommendations of the engagement may also be needed.
• Business Impact Analysis
1. Review existing Business Impact Analyses, business continuity plans, disaster recovery plans, policies, standards, procedures, and related documentation.
2. Conduct interviews, workshops, surveys, and other information-gathering activities with approximately twenty-four (24) departments and applicable technology stakeholders.
3. Identify and document critical business functions, services, processes, applications, technologies, data, vendors, facilities, and supporting dependencies.
4. Identify and document internal and external dependencies that may impact continuity and recovery capabilities.
5. Evaluate operational, financial, legal, regulatory, reputational, and member service impacts associated with disruptions to critical business functions.
6. Establish or validate process criticality classifications using objective and repeatable criteria and document the methodology used to determine process criticality, recovery priorities, and recovery objectives for future use by universities.
7. Establish or validate Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), Maximum Tolerable Downtime (MTD), and recovery priorities.
8. Identify inconsistencies, conflicting requirements, unsupported assumptions, and areas requiring management review or decision.
9. Facilitate discussions necessary to achieve consistent recovery prioritization across departments and business functions.
10. Develop an enterprise-wide understanding of business recovery requirements and priorities.
• Disaster Recovery Gap Assessment
1. Evaluate the current state of the System’s disaster recovery program, including governance, processes, technologies, recovery strategies, testing practices, and supporting documentation.
2. Assess current backup, recovery, replication, failover, and restoration capabilities.
3. Evaluate disaster recovery capabilities for critical applications, infrastructure, data, networks, cloud services, and third-party services.
4. Assess alignment between business recovery requirements identified through the BIA and existing disaster recovery capabilities.
5. Identify disaster recovery gaps, risks, single points of failure, control weaknesses, and improvement opportunities.
6. Evaluate the maturity and effectiveness of the current disaster recovery program using recognized industry standards and leading practices.
7. Assess disaster recovery capabilities against documented recovery objectives and organizational recovery requirements.
8. Evaluate planned technology modernization initiatives and known future-state changes that may materially impact business continuity requirements, disaster recovery capabilities, recovery strategies, dependencies, or recommendations.
9. Provide recommendations to strengthen recovery capabilities and improve overall organizational resilience.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.