IT Reqs & Gap Analysis
IT Requirements & Gap Analysis
These two documents are working documents which are the liaison between BC and ITSCM. ITDR does not take this into consideration. Although these documents are not defined in any specifications the Requirements document is implied in ITIL. From a practical perspective they are important as they are the formal specification of requirements and the risk response and as such require a high-level sign-off from senior management.
The IT Requirements are the details taken from the BIAs. This lists the applications and IT components in general, and for each relevant IT component an RTO and RPO dictated by each critical process. This information is used to determine the critical components and their RTOs. This will ultimately drive the Service Catalogue, Service Level Agreements and IT Strategy as well as the ITSC Plans.
ICT are not always able to meet these requirements due to the current infrastructure. This leads to a Gap Analysis report which highlights the gaps (see 353HFigure 17). The BCSC (or senior management) can then decide how to mitigate the risk. This may either be a strategic decision to upgrade the infrastructure (at some cost) or the Business Units may have to provide manual workarounds to meet the actual recovery time. Items from the Gap Analysis are logged in the Risk Register.
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...