Architecture Review Template by lwa19935

VIEWS: 90 PAGES: 17

More Info
									                                Business Case Review
                                                                                  November 2010
                                    Project Name
                  Agency/Department Name
               Application Name (file system)
    Tactical Planning Tracking # (if known)
               PlanView Work ID # (if known)
                                   Contact Person
                         Contact Email Address
                      Document Completed By
                    Date Document Submitted
                                 Business Owner
                Business Owner Telephone #
             Business Owner Email Address




State of New Jersey, Office of Information Technology                  Application, Technical or Both types of a project
BCR Document Version 5.0 (11/2010)                      Page 1 of 17
                                      State of New Jersey
                                Business Case Review Document


The Business Case Review will:
       Enumerate, document, and prioritize the business problem that this project is addressing
       Ensure that the project aligns to the agency's strategic business plan
       Ensure that the project aligns to the State's enterprise IT architecture
       Allows for discussions early in the process for:
         o adding new technologies and/or methodologies
         o leveraging existing physical and information assets to address business problems
         o considering how physical and information assets can be leveraged elsewhere
       Provides an early warning point for capacity needs in our shared infrastructure environment
       Discuss the Benefits, Costs, and Risks of doing/not doing the project
       Ensure awareness and support from all operational units that will be involved with and/or impacted
        by this project

The Business Case Review is an opportunity to craft a conceptual plan with enterprise architecture input
at a suitably early point in the process. This is the vehicle to indicate the support of the Review Board for
the conceptual plan to both business and IT executive management.

The Business Case Review is not a "purchase approval" mechanism and no procurements can be made
until the Business Case Review is held. The outcome of the Business Case Review is one factor in a
purchase decision review.

This document assists in the evaluation of this project by providing an overview of the business
requirements and technical needs. The project can be a system proposal to satisfy an application need, or
a technical proposal to satisfy an infrastructure need.

Once the completed documents are received, a Business Case Review meeting will be scheduled.
Business Case Review meetings are held on Monday afternoons. Once this review process is
completed, the Business Case Review Team will provide a recommendation to Executive Management.
Completed forms should be e-mailed to: sar@oit.state.nj.us




State of New Jersey, Office of Information Technology                  Application, Technical or Both types of a project
BCR Document Version 5.0 (11/2010)                      Page 2 of 17
The BCR document is composed of several sections. Each question is labeled to indicate if it should be answered for
Application (developing or replacing a new system), Technical (adding or replacing new hardware, middleware,
infrastructure, access rules, or processes) or Both types of a project. Please respond to the questions in each section as
completely as possible.

A. Project Information
B 1. Provide a detailed description of the project, including the general purpose and scope:


B 2. What is the justification for this project (what problem is this addressing / or untapped opportunity is
     being realized)?


B 3a. What type of project is this?
        Application - Developing or replacing a system
        Technical - Adding or replacing new hardware, middleware, infrastructure, access rules, or processes
        Both
   3b. How do you categorize this project?
          Maintenance             Build                    Refresh              Enhance                  Other
B 4a. What are the major features in this solution (e.g. sales capture, payment authorization, load balancing,
     replication) and the benefits of each feature?


   4b. Will this application publish or present data on the Internet to anonymous users, such as financial,
       operational, or performance data or data that would otherwise be subject to OPRA requests? (The
       data can be in static documents or files or dynamically delivered from a database).
            YES                  NO
       If YES, you will need to contact the Treasurer's Transparency Steering Committee before proceeding.
B 5. What is the impact if this project is not completed?


B 6. What criteria will determine that the project implementation has been successful?


B 7. Who do you expect or anticipate will perform the development, integration, and/or engineering work on
     this project? (Check all that apply)
         Executive Branch Agency IT Staff
         OIT IT Staff
         Staff augmentation
         Contracted development/SI vendor
         Hardware or software VAR staff
         External government or non-profit staff
         Other, describe:

B 8. Estimated start date for this project:

B 9. Estimated completion date for this project:


   State of New Jersey, Office of Information Technology                      Application, Technical or Both types of a project
   BCR Document Version 5.0 (11/2010)                      Page 3 of 17
B 10. Are there licensing, funding, mandates or other constraints that cause the start or completion date to be
      inflexible?       YES               NO
       If YES, explain:

B 11. Is this project legislatively mandated?
           YES
               Existing State law or regulation
               New State law or regulation
               Existing Federal law or regulation
               New Federal law or regulation
           NO
       If YES, identify compliance requirement(s), source, time-to-comply, funds allocated, funds at-risk if
       not compliant and other non-compliance issues:

B 12. Does this initiative/project pertain to public health, public safety, emergency preparedness or other
      confidential subject matter?
            YES                  NO
       If YES, explain how it pertains and who is impacted:

B 13. Is this project consistent with the State Enterprise Goals?         YES           NO,
       If NO, explain why not:
       If YES, check the goal(s) and/or objective(s) below.
            Goal 1—Governance
            Provide State Government IT leadership and governance by implementing appropriate IT
            organizational structures, processes, standards, policies and procedures, with an emphasis on
            accountability.
            Goal 2—Emerging Technology
            Identify and evaluate emerging technologies and innovative IT solutions.
            Goal 3— E-Government (Internet Commerce)
            Develop an integrated package of e-government services that provides “one-stop self service” for
            businesses and the public.
            Goal 4—Enterprise Architecture
            Implement an Enterprise Architecture Program that aligns technology investments continuously
            with the core business goals and strategic objectives of the Executive Branch of New Jersey State
            Government.
            Goal 5—Statewide Efficiencies
            Maximize the efficient delivery of agency services through the cost effective use of state
            Information Technology resources.
            Goal 6—Security
            Protect valuable information resources by defining and adopting an information security framework
            that ensures the availability, confidentiality, and integrity of state information assets.
            Goal 7—IT Workforce Management
            Develop a comprehensive IT workforce management program that addresses the state’s needs for
            IT skills and staffing.



   State of New Jersey, Office of Information Technology                  Application, Technical or Both types of a project
   BCR Document Version 5.0 (11/2010)                      Page 4 of 17
B. Anticipated Project Technology Needs
B    14a. During the meeting be prepared to discuss the anticipated needs for any boxes checked below:

     Technologies                                           Development
        Portal                                                Application Development
          Asset Management                                     Database
          Identity Management                                  Data Conversion
          Telephony (ex: IVR)                                  COTS Product            As Is           Customized
          Video Conferencing                                   Training
          GIS                                                  Consulting Services
          Radio                                                SaaS (Software as a Service)
          Wireless/Mobile Computing                            Other, explain:

     Automated Record Management /                          Infrastructure
     Storage Systems and Services*                              Mainframe
          Work Flow Application                                Printing
          Email Archiving Platforms                            New or Replacement Hardware (complete 14b)
          Electronic government (e.g. web-                     New or Replacement Software Licensing (complete 14b)
          based/secure bulk filing)
                                                               SAN
          E-payment
                                                               Network Infrastructure (i.e. bandwidth)
          Manual / Electronic scanning
                                                               Disaster Recovery
          Indexing and storage of public
          documents and all related services                   Security
          including document screening and
          preparation                                          Other, explain:

          Other, explain:
                                                            Security
                                                               RFID
                                                               2 - Factor Authentication
                                                               SSL
                                                               Storage Encryption
                                                               Other, explain:
     *Per CL-10-02-OMB, submit required documents to the Automated Records Management System
      Committee (ARMS). http://www.state.nj.us/infobank/circular/cir1002b.pdf

B    14b. If you checked new or replacement hardware or software, describe the nature, quantity, location and
          licensing needs.




    State of New Jersey, Office of Information Technology                        Application, Technical or Both types of a project
    BCR Document Version 5.0 (11/2010)                       Page 5 of 17
C. Estimated Cost and Funding
B 15. What is the estimated cost for this project (If known)?
         Current FY: $
         Current FY +1: $
         Current FY +2: $

B 16. Do you have funding for this project?
              YES                  NO
         If YES, what is the funding source?
             State         Federal          Other, explain:


D. Stakeholders
B 17. Identify the stakeholders / beneficiaries of this project and explain:
  NOTE: Stakeholders are those that have ownership and investment into the design and development
           process.
           Beneficiaries are those that will benefit from this project but will not have input into the design or
           development process.
  a. Are Citizens?                                        Explain:
         Stakeholders       Beneficiaries     Neither
     b. Are Employers / Businesses?                              Explain:
           Stakeholders     Beneficiaries              Neither
     c. Are State Staff?                                         Explain:
           Stakeholders            Beneficiaries       Neither
     d. Are any Others?                                          Explain and identify the stakeholders and/or
           Stakeholders            Beneficiaries       Neither   beneficiaries:


E. Return on Investment
B    18. Time and Cost increase or decrease of this project:
          a. Will this project save time; for example, will a formerly manual task now be automated?
                 YES              NO
             If known, how much time will be saved?
             If known, how will this time savings be used to benefit the State?
          b. Will this project reduce current costs?             YES           NO
             If YES, what is the current cost for doing these tasks?
             What is the anticipated future cost for doing these tasks?
             If NO, will this project result in an increase in costs?         YES            NO
             If YES, what is the anticipated cost increase?
             Why is this cost unavoidable?



    State of New Jersey, Office of Information Technology                      Application, Technical or Both types of a project
    BCR Document Version 5.0 (11/2010)                      Page 6 of 17
B    19. Potential for Revenue generation:
         Will this project generate any increased revenues for the State?          YES          NO
         If YES, how much potential revenue will it generate?
         How was this figure calculated?


F. Infrastructure Hosting Responsibilities (ISS, ASET)
B 20. Do you anticipate that this system will need to be hosted outside the New Jersey Shared IT
      Infrastructure (NJ SITI) or make use of technologies not identified in the NJ SITI? (If known)
               YES*             NO
         If YES, explain why:
         *If YES, New Jersey Architectural principles require that existing infrastructure be used by new
           projects unless a business case is established to do otherwise. Your business case document must
           be attached.


NOTE: For Technical Projects (T) skip to heading Other Enterprise Services




    State of New Jersey, Office of Information Technology                  Application, Technical or Both types of a project
    BCR Document Version 5.0 (11/2010)                      Page 7 of 17
                      ENTERPRISE ARCHITECTURE PLANNING

H. System Security Architecture (ASET, DMS, DR, Information Security, ISS)
   Information Asset Classification
   The Federal Information Processing Standard (FIPS) 199 requires that information assets be
   classified as High-Impact, Moderate-Impact or Low-Impact in terms of the risk to their
   confidentiality, availability and integrity. Your assessment of these dimensions will be used to
   develop recommendations for the appropriate technical solution.
   In General, a higher Confidentiality, Integrity or Availability designation increases the cost to build
   the application, increases the cost of the infrastructure to host the application, increases the cost to
   maintain the application and reduces the performance of the application.
A 21. Confidentiality describes the extent to which data should be limited only to the parties intended.
      Identify the risk posed by a breach to the confidentiality of the Information Assets (data) of this
      application:
       Indicate the most restrictive category that applies to any information created or managed by the
       system, whether in a database management system or in a file system:
           HIGH – Confidential (Includes secret, sensitive, personal, and other privileged information)
           MODERATE – Restricted (information restricted to legitimate business purposes only)
           LOW – Public (Information otherwise available to the public through the Open Public Records Act)
        Briefly describe the reason for this classification:

A 22. Integrity describes the extent to which data must be protected from unauthorized alteration and the
      context of the data must be maintained. Please identify the risk posed by a failure to maintain the
      integrity of the Information Assets (data) of this application:
       Indicate the most restrictive category that applies to any information created or managed by the
       system, whether in a database management system or in a file system:
           HIGH – Critical (Risk to Public Safety if information is altered or context is lost)
           MODERATE – Essential (Risk to core services if information is altered or context is lost)
           LOW – Business (Risk to support operations if information is altered or context is lost)
       Briefly describe the reason for this classification:


A 23. Availability describes the extent to which data should be accessible by the parties intended. Please
      identify the risk posed by a failure to maintain expected availability to the Information Assets (data) of
      this application:
        Indicate the most restrictive category that applies to any information created or managed by the
        system, whether in a database management system or in a file system:
            HIGH – Critical (Risk to Public Safety if information is not available as expected)
            MODERATE – Essential (Risk to core services if information is not available as expected)
            LOW – Business (Risk to support operations if information is not available as expected)
        Briefly describe the reason for this classification:




  State of New Jersey, Office of Information Technology                   Application, Technical or Both types of a project
  BCR Document Version 5.0 (11/2010)                      Page 8 of 17
A 24. Identity and Access Management Services
      What type of application access do you expect to need for users of this system? If access methods
      would differ depending on the type of user (citizen vs. State office staff), explain each need:
      (i.e., anonymous access for the public, user ID and password, multi-factor authentication such as
      tokens, digital certificates, biometrics etc).


       How do you anticipate users will be added, managed and deleted? (Describe the user provisioning life-
       cycle)


       Once a user’s identity is verified by the system (is authenticated), will access be limited based on who
       the user is, and if so, how do you envision the enforcement of authorization and access control
       methodologies?


A 25. Application Compliance
      Are there rules or regulations that govern the design of the application or data (e.g. Sarbanes-Oxley,
      HIPAA, Identity Theft Prevention Act, Payment Card Industry (PCI) compliance, etc.)? Or does your
      application store Personally Identifiable Information (PII) - specifically a name in conjunction with other
      personally identifiable attributes?
           YES                  NO
       If YES, explain what and how:

B 26. Auditing and Access Accountability
      Is there a need to track user access within the system?
           YES                  NO
        If YES, what do you envision as the way this tracking will be performed?




  State of New Jersey, Office of Information Technology                  Application, Technical or Both types of a project
  BCR Document Version 5.0 (11/2010)                      Page 9 of 17
I. Information Architecture (DMS)
INFORMATION SYSTEM DESIGN PATTERNS
   These are solutions to problems in context; known, repeatable approaches for commonly occurring
   situations. The NJCIA has design patterns to address different types of information system
   functionality.
A 27. Information System Functionality
      What type of functionality does your initiative require? (Check all that apply)
            System does not use or create data (if checked, please explain):

   Online Transactional             Batch Transactional             Website – A Website            Data Warehouse – A
   System – An Online               Processing – A Batch            solution is intended to        Data Warehouse is
   Transactional System is          Process is designed to          present information to         designed to collect,
   designed to store and            handle data in bulk and         the public through a web
                                                                                                   store, and integrate data
   record day-to-day                run to completion without       browser and is not
   business information,            manual intervention.            transactional.                 from different sources. It
   structured around                Batches shift the time of                                      allows users access to
                                                                        Static Web Content         large amounts
   events, business                 job processing to when
                                                                    only
   processes or business            the computing resources                                        operational data to track
   activities. These                are less busy.                     Web-enable Public           and respond to business
   systems are used to                                              Facing Data                    trends, facilitate planning
                                       Process Internal
   store daily transactions
                                    Data                                                           and forecasting efforts,
   and produce standard
   operational reports                                                                             and to perform historical
                                       Provide Data to
                                                                                                   analysis.
       Collect Data                 External Systems
                                                                                                      Analytical Reporting
       Report Data                     Integrate Data from                                         against Historic Data
                                    External Systems
      Provide Real-time                                                                               Dashboard KPI
   Data to External Systems                                                                        Reporting from Multiple
      Integrate Real-time                                                                          Sources
   Data from External                                                                                 Publish Data to be
   Systems                                                                                         used by Other Systems


   Master Data – Master Data is common, key business information used in multiple business areas. This
   information may include employees, patients, businesses, local government, vendors, etc. Master Data
   Management is a framework to provide consistency, data quality, and better control in its ongoing
   maintenance and use.
       Master Data Management




  State of New Jersey, Office of Information Technology                       Application, Technical or Both types of a project
  BCR Document Version 5.0 (11/2010)                      Page 10 of 17
SINGLE VERSION OF THE TRUTH
   This is a key concept for maintaining common definitions of data: the metadata. Its goals are to
   keep information about data consistent throughout the Enterprise and to minimize disparity
   between systems. A primary objective of the NJCIA is to support this notion of "Single Version
   of the Truth" wherever possible. In order to achieve this goal the following must apply:
     1) All data should have an authoritative source – a designated system, either internal or external to
         the State that has exclusive implicit or explicit responsibility for the data attributes.
     2) Commonly accepted definitions of that data should be available as defined by the Data Steward
         representing the authoritative source.
     3) All actionable information should be derived from the authoritative source data through the use
         of consistent architecture that minimizes the numbers of interfaces and leverages enterprise
         data.

A 28. If this will be a transactional system please answer the following question: Will this project become
      the Authoritative Source System of Record for any new or existing data? (If you are receiving the
      data from somewhere else, your system cannot be the Authoritative Source System of Record for
      that data.)
            YES                   NO                  N/A
       If YES, describe:

A 29. If you will be the Authoritative Source system of record, does that data have potential value to any
      other business unit?
            YES                   NO                  N/A
       If YES, describe:

       If NO, explain:

A 30. The State has enterprise data resources such as common Reference Data, Master Data, and
      Historical (data Warehouse) Data. How does your initiative plan to utilize these resources?




  State of New Jersey, Office of Information Technology                     Application, Technical or Both types of a project
  BCR Document Version 5.0 (11/2010)                        Page 11 of 17
MODEL-DRIVEN ARCHITECTURE
  This is the NJCIA approach to information systems design. It begins with the NJ Enterprise
  Reference Data Model (NJERDM), an over-arching logical data model for the State. A Logical
  Business Model represents a particular line of business and is consistent with the NJERDM. All
  systems shall be designed from a Logical Data Model that while more detailed is consistent with
  the Logical Business Model and the NJERDM. The Logical Data Model documents business
  requirements independent of technology and provides the foundation for the physical database
  solution through the creation of the Physical Data Model.

  Logical Data Models facilitate data integration, reusability, and sharing. Logical Data Models are
  cataloged by the OIT Data Architecture unit, which will also review the models for consistency. The
  OIT Data Architecture unit also provides logical data design assistance to initiatives and projects.
A 31. For new initiatives the State employs a model driven architecture with data naming and definition
      standards and conventions that are to be used wherever possible. Will this initiative follow the State’s
      data naming and definition standards for its data?
              YES                   NO                  N/A (i.e. COTS package)
         If NO, explain:

A 32. It is the responsibility of OIT/DMS to approve and catalogue all logical data models.
      Does your Agency/Business Unit have an updated Logical Business Model?
           YES                  NO             UNKNOWN
      If no or unknown, how do you plan to address this?
      Please explain:
         Who will be responsible for creating your initiative’s Logical Data Model?
           OIT Data Architect                   RFP Vendor Data Architect
           Agency Data Architect                Staff Augmentation Data Architect
           Not Applicable (i.e. COTS or not a Data initiative)


A 33. Will this replace an existing system that will require data conversion?
              YES                   NO                  N/A
         If YES, describe:



J. NJ Common Information Architecture Components
A    34. Please indicate your expectations for how the following Information Architecture components will be
         provided.
         Database Hardware Platform                         OIT           Agency            Vendor               N/A
         Database Management System                         OIT           Agency            Vendor               N/A
         Database Administration                        OIT               Agency            Vendor               N/A
         Operational Reporting Tools                    OIT               Agency            Vendor               N/A
         Analytical Reporting Tools                     OIT               Agency            Vendor               N/A
         Data Integration Tools                         OIT               Agency            Vendor               N/A
         Data Profiling and Quality Tools               OIT               Agency            Vendor               N/A


    State of New Jersey, Office of Information Technology                          Application, Technical or Both types of a project
    BCR Document Version 5.0 (11/2010)                        Page 12 of 17
K. Service-Oriented Architecture (SOA) (ASET, DMS, EADI, ISS, LAN, WAN)
   In computing, Service-Oriented Architecture (SOA) is a web-service based method of system
   development that integrates your business needs (address validation, credit card processing, etc)
   as linked, repeatable tasks or services.

A 35. In accordance with SOA concepts, are there any reusable/sharable services produced from this
      proposed solution that you believe may have value to other systems or agencies?
           YES                   NO
       If YES, describe:
       Are these services a candidate for an SOA approach?
           YES                   NO
       If YES, describe:

A 36. Are there any reusable/sharable services required from external sources for this proposed solution?
           YES                   NO
       If YES, describe:
       If yes, would these services be valuable to other systems or agencies?
           YES                   NO
       If YES, describe:
       Are these services a candidate for an SOA approach?
           YES                   NO
       If YES, describe:


L. Geographic Information Systems (GIS)
   New Jersey’s Geographic Information Systems offers a variety of services that can incorporate
   spatial information into your application. These services include, but are not limited to: address
   validation/ geocoding, driving directions, proximity queries and map generation.

A 37. Do you anticipate incorporating GIS functionality into your system?
           YES                  NO
       If YES, describe:



M. Inter-System Dependencies (ISS hosting)
A 38. Do you anticipate integrating with any existing systems, processes, functionalities or services?
           YES                  NO
       If YES, describe:




  State of New Jersey, Office of Information Technology                   Application, Technical or Both types of a project
  BCR Document Version 5.0 (11/2010)                      Page 13 of 17
N. Other Enterprise Services (ISS)
Not every application will require all or even any of the following. Review and check any needs your initiative may have.
A    39. Do you anticipate the need for any batch or scheduled processes for this application?
             YES                  NO
         If YES, explain what and when (frequency):

A    40. Do you anticipate the need for any bulk printing services for this application?
             YES                  NO
         If YES, explain what, when (frequency) and volume if known:

A    41. Do you anticipate the need for any special printing stock or form design needs?
             YES                  NO
         If YES, explain what, when (frequency) and volume if known:

A    42. Are you intending to use a commercial Workflow product to assist with your project?
             YES                  NO
         If YES, explain what and when:

A    43. Do you anticipate the need for e-Commerce/Payment Services, such as Electronic Funds Transfer,
         credit card processing, etc.? (QOS)
             YES                  NO
         If YES, explain what, when (frequency) and volume if known:

A    44. Do you expect to make use of a messaging service, to send out, receive or process messages
         programmatically (without human intervention) from within your application? (ASET)
         YES – SEND
         If yes: e-mails             SMS           Other
         YES – RECEIVE
         If yes: e-mails             SMS           Other
         NO – NEITHER

A    45. Do you anticipate the need for storage of any non-database files? These types of files would include,
         but are not limited to: image files, templates, scanned documents, reports.
             YES                  NO
         If YES, describe:

A    46. Do you anticipate the need for File Transfer services? (A&S)
             YES – W ITHIN THE GSN               YES – OUT FROM THE GSN        YES – INTO THE GSN                NO
         If YES, include any details known as to the intended technology (web service, ETL, SFTP, etc.),the
         inbound and outbound locations (including servers, if known), the quantity, size, and type of files,
         and any requirements for encryption (secure transfer):

A    47. Do you anticipate the use of Media Serving (video, audio etc.) within your application?
             YES                  NO
         If YES, describe:

    State of New Jersey, Office of Information Technology                    Application, Technical or Both types of a project
    BCR Document Version 5.0 (11/2010)                      Page 14 of 17
A     48. Do you anticipate the need for Telephony (ex: IVR) services?
              YES                  NO
          If YES, describe:

B     49. Do you anticipate the use of Secure Socket Layer (SSL) certificates?
              YES                  NO
          If YES, describe:


O. Availability, Recovery, and Business Continuity (ISS)
    Overall Criticality - Criticality is a general assessment of the relationship of the system as it pertains
    to the delivery of State services. It is based upon the nature of the service, the risk to the State or
    stakeholders if interrupted, and the ability, if any, to conduct business operations manually. It is a
    starting point for discussions about the appropriate system design to meet business availability
    expectations.

B     50. Identify the overall criticality* of the system (the degree to which a loss of the system or its data has the
          potential to result in harm or loss to the State or stakeholders). Note that the higher the criticality, the
          greater the cost to address it.
               BUSINESS – Supporting systems that can be restored as resources permit.
               ESSENTIAL – State services that should be restored as soon as possible.
               CRITICAL* – Public Safety systems that must be restored immediately.
         *Completion of a Business Impact Analysis Survey is required for any objectives identified as critical.
          http://www.nj.gov/it/reviews/forms/Business_Impact_Analysis_Survey.dot


P. Availability (Normal Operations)
B 51. Identify the required Operational Objective for the system. The operational hours during which the
      application or technology solution must perform reliably and planned outages should not occur. Note
      that the higher the availability requirement, the greater the cost:
               Available from 7:00 am to 7:00 pm Monday through Friday (excluding holidays).
               Available every day from 6:00 am to Midnight, with one Sunday outage per month from 6:00 am
               until Noon.
               Less than 60 minutes/day of planned downtime, between midnight and 6:00 am.*
               Public Safety. Negotiated planned downtime only*.
         *Completion of a Business Impact Analysis Survey is required for any objective requiring less than 60
          minutes/day of planned downtime.
         http://www.nj.gov/it/reviews/forms/Business_Impact_Analysis_Survey.dot




     State of New Jersey, Office of Information Technology                   Application, Technical or Both types of a project
     BCR Document Version 5.0 (11/2010)                      Page 15 of 17
Q. Restoration Objectives (at the Production Data Center)
A 52. Identify the required Operation Restoration Time Objective for the system, (the expected time to
      restore the IT Service at the production data center after an outage caused by component failure – not
      a data center failure). Note that the shorter the period of time to restore, the greater the cost:
            Return to service by the next business day.
            Fail-over to a backup configuration within one to four hours.*
            Public Safety. No interruptions can be tolerated.*
            Other, explain:
      *Completion of a Business Impact Analysis Survey is required for any objective that needs to be
       restored sooner than one business day.
      http://www.nj.gov/it/reviews/forms/Business_Impact_Analysis_Survey.dot

A 53. Identify the required Operational Restoration Point Objective for the system (the greatest acceptable
      time since the last stable, available copy of the data to be restored at the production data center site
      can be utilized, after which, as a result of the component failure, data will have been lost permanently
      and cannot be recreated. Note that the shorter the period of time, the greater the cost:
            The application should lose no more than the current week’s data.
            The application should lose no more than the current day’s data.
            The application should lose no more than sixty minutes of data.*
          Public Safety. The application should lose little or no data.*
      *Completion of a Business Impact Analysis Survey is required for any objective requiring recovery with
       60 minutes or less data lost.
        http://www.nj.gov/it/reviews/forms/Business_Impact_Analysis_Survey.dot


R. Disaster Recovery
B 54. Describe the disaster recovery requirements strategy for the system.
        REPLACE - with new hardware and restore from backup once installed and configured (within days to weeks).
        RECOVER - onto existing hardware at an OIT managed DR Facility based upon requirements (within days).
        FAILOVER - onto existing hardware at an OIT managed DR Facility based upon requirements (within hours).
        OTHER, describe:
   55. If the proposed solution is unavailable, what is the business continuity plan (how will business be
       conducted manually)?
       Explain:




  State of New Jersey, Office of Information Technology                   Application, Technical or Both types of a project
  BCR Document Version 5.0 (11/2010)                      Page 16 of 17
S. Restoration Objectives (at the Disaster Recovery Site)
B    56. Identify the required Disaster Restoration Time Objective for the system (the expected time to restore
         the IT Service at the DR site after an outage caused by data center failure). Note that the shorter the
         period of time to restore, the greater the cost:
             The solution should be restored as resources permit.
             The solution should be restored within three to five business days.
             The solution should be restored within one to two business days.*
             Public Safety. The solution should be restored within hours.*
        *Completion of a Business Impact Analysis Survey is required for any objective requiring restoration in
          less than 3 business days.
         http://www.nj.gov/it/reviews/forms/Business_Impact_Analysis_Survey.dot

A    57. Identify the required Disaster Restoration Point Objective for the system (the greatest acceptable
         time since the last stable, available copy of the data to be restored at the DR site can be utilized, after
         which, as a result of the data center failure, data will have been lost permanently and cannot be
         recreated). Note that the shorter the period of time, the greater the cost:
              The application should lose no more than the current day’s data.
              The application should lose no more than sixty minutes of data.*
              Public Safety. The application should lose little or no data.*
        *Completion of a Business Impact Analysis Survey is required for any objective requiring restoration with
         60 minutes or less data lost.
        http://www.nj.gov/it/reviews/forms/Business_Impact_Analysis_Survey.dot


L. Next Steps
B             58. The next step is the Logical SAR that must be completed and submitted to
                  SAR@OIT.STATE.NJ.US. What are the anticipating subsequent next steps?




                                            Submit this completed document to:
                                                         SAR@OIT.STATE.NJ.US
                                        For review by the System Architecture Review Board.




    State of New Jersey, Office of Information Technology                   Application, Technical or Both types of a project
    BCR Document Version 5.0 (11/2010)                      Page 17 of 17

								
To top