We use Yale IT Systems to complete our work every day. But what if those Yale IT Systems were not available? What would you do? How would you continue operations? Could you continue operations? The availability requirement helps us answer these questions.
What is the availability requirement?
The availability requirement determines how long your IT System can be unavailable without impacting operations.
The full definition is: The maximum length of time a Yale IT System can be down in the event of a disruption before incurring a significant impact on operations. This is commonly referred to as the Recovery Time Objective (RTO).
Why do we determine the availability requirement of Yale IT Systems?
There are many unpredictable events that can affect the availability of an IT System. Some examples include: cyber threats, power loss, or equipment failure. These events are sometimes referred to as “disasters.” Knowing the availability requirement of a Yale IT System helps us:
- Build or select a Yale IT System that meets your availability needs.
- Identify workarounds for temporary use in case the IT System is down.
- Ensure the systems that support your IT System have the same, or higher, availability. Examples include the network, application server, or authentication servers.
- Create a Disaster Recovery plan to bring back the IT System in the event of a disaster. This plan will verify you can restore your system before significantly impacting operations.
How to determine your availability requirement
We measure availability requirement in hours or days. We assign that time frame an availability risk level. This risk level helps you figure out the overall classification of your Yale IT System. You can determine your availability requirement using the steps below.
- Determine how long your IT System can be unavailable before significantly impacting operations.
To figure this out, consider:
- What is the business or academic function this IT System provides?
- How critical is this business or academic function to my daily work?
- Do we have a backup plan in place? If yes, how long can we function with that backup plan if the IT System is unavailable (e.g. 24 hours, 1 week)?
The answer to the last question should be in hours or days. That is your availability requirement.
2. Align your availability requirement with a risk level:
Availability Requirement | Availability Risk Level |
---|---|
0-8 hours | High |
8:01-24 hours | Moderate |
> 24 hours | Low |
Use the risk level to help you determine the overall risk classification of your Yale IT System.
Need help?
If you are unsure of your availability requirement, we recommend talking to:
- The primary users of the system. They can help you understand the criticality of this system, as well as the backup plan if the system goes down.
- Your system support provider. This is the individual(s) who build and maintain the system to meet security requirements.
Email us with any questions or feedback on the content on this page.