[ skip to content ]

More Information about this image

Handbook and paperwork for the newly hired.

Old Dominion University

Information Technology Standard

07.1.0 Business Impact Analysis Standard

Date of Current Revision or Creation: November 1, 2021

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

  1. Purpose

    The purpose of this standard is to provide the University community with an understanding of the Business Impact Analysis (BIA) requirements.

  2. Definitions

    Business Impact Analysis (BIA) - Business Impact Analysis (BIA) is an information gathering process that identifies critical functions and resources of an organization and acts as the foundation for business continuity planning.

    Continuity of Operations - A process of identifying the essential functions - including staff, systems, and procedures - that ensures the continuation of the University's ability to operate.

    Data Compliance Owners - University directors (typically at the level of Registrar, or Unit Director) who oversee data management functions related to the capture, maintenance, and dissemination of data for a particular operational area. They are responsible for decisions about the usage of university data under their purview.

    Information Technology Resources are defined as computers, telecommunication equipment, networks, automated data processing, databases, the Internet, printing, management information systems, and related information, equipment, goods, and services.

    Office of Emergency Management (OEM) - The office at Old Dominion University responsible for the coordination of efforts to prepare for and carry out the functions to prevent, minimize, respond to, and recover from incidents caused by natural hazards, human-caused hazards, and acts of terrorism.

    Risk Assessment is a managerial process used to determine the probability and impact of threats caused by the human and technological environment on University assets.

    System Compliance Owners - Manager or departmental head responsible for operation and maintenance of a University IT system or overseeing hosted systems under their purview.

  3. Standards Statement

    The Business Impact Analysis (BIA) is an integral part of the University's Emergency Management Program. The BIA defines certain critical information needed to complete and complement the University Continuity of Operations Plan.

    System Compliance Owners, Data Compliance Owners and business stakeholders are required to participate in the assessment and development of Old Dominion University's Business Impact Analysis (BIA).

    With the assistance of the Office of Emergency Management (OEM), Information Technology Services is responsible for the management of the Business Impact Analysis.

    BIA Requirements

    The BIA must identify primary critical business functions, necessary supporting resources, acceptable downtime, and restoration goals and those secondary functions on which each essential function depends and on University goals and objectives and the IT industry best practices.

    The BIA must identify the resources that support each primary and secondary essential business function. For IT systems and/or data that support a primary or secondary essential business function, the BIA must specify to what extent the essential business function depends upon the specific IT system and/or data.

    The BIA management team must produce a BIA report for which the IT component:

    1. Documents the dependence of the ODU's primary and secondary essential business functions on specific IT systems and/or data;
    2. Specifies the required recovery time for the IT systems and/or data on which a primary or secondary essential business function depends and are based upon Old Dominion University goals and objectives;
    3. And documents the extent to which an essential business function depends upon the IT systems and/or data.

    The IT information documented in the BIA report will be used as a primary input to:

    1. IT System and Data Sensitivity Classification
    2. Risk Assessment
    3. IT Contingency Planning

    The BIA is reviewed and updated by business stakeholders annually and is subject to a triennial formal assessment and comprehensive update with the assistance from OEM and other University departments/units as needed.

  4. Procedures, Guidelines & Other Related Information

    Federal and State Law

    University Policy 1021 - Emergency Management Policy

    University Policy 3505 - Information Technology Security Policy

    IT Standard 07.2.0 Business Continuity and Disaster Recovery Plan Standard

    IT Standard 8.1.0 Risk Assessment Standard

  5. History


    Responsible Party


    October 2008



    October 2009



    October 2010



    October 2011



    October 2012



    December 2012

    IT Policy Office

    Minor rewording for clarity

    August 2015 IT Policy Office/ISO
    Three year review, alignment with University Policy 1021, updated titles, links, and definitions.
    August 2018 IT Policy Office Definitions and links checked, minor rewording
    November 2021 IT Policy Office Definitions and links checked

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.