Over the next several months, the Office of Information Security will conduct a Business Impact Analysis (BIA) and Risk Assessments (RA) on 24 important and critical applications. The BIA is essential to building an effective framework for a Business Continuity Plan. The goal of the BIA is to identify critical functions of the organization and to identify the internal and external resources required to maintain functionality in case of a disaster. Specifically, the BIA identifies the foremost applications, systems, products, and services, then quantifies their possible impact on the university. Additionally, the BIA incorporates a risk assessment to determine internal and external risks that can affect the university’s resources or public image. During a risk assessment, each risk is categorized and assigned a measure of probability and severity. We use the assessment’s findings to identify recovery gaps and bolster our business continuity and disaster recovery plans. Per recommendation by the Board of Directors, the vendor TierPoint was brought in to help conduct the business continuity and disaster recovery portion of the BIA / RA. The project, headed by Clark Huskey, runs through the end of September.