Application, Software bundle or process Description:
This for is required for current AND new applications.
The goal of this document is:
- Improve the Business decisions.
- Improve communication between the Business, the requester, the Audit, the IT and the compliance.
- Formalize the requests.
- Assign roles, responsibilities
- Help the support
Name of the application, software or process:
- Informed users:
Scope of the application:
- Part of department
- Complete department
- Multi Dept.
- Organization Wide
- Organization Wide and External
Brief description (Goal and Objectives):
- Please provide a brief description of the Business requirement:
- Please provide a brief description of the software:
- Please give some justification of this request:
- Bloomberg, Reuters, Swift, Web, Mail?
Check which on system(s) you wish the software:
- Linux, (SuSE, Ubuntu, Redhat, …)
- Windows XP
- Windows 2003Windows 2008
- Windows Vista/ 7
Which 3rd part application is required?
- Oracle (version _)
- Microsoft SQL (version _)
Which storage, extra media or devices are required?
- DBA, Developer, Analysts, …
Software / Application Information:
Type of licenses (Named, CPU, user, concurrent)
Number of license(s) needed.
Is a site license available?
Deliver and Support information:
Local support person(s):
Distant support person(s):
Documentation availability: Setup, Trouble Shooting, End-Users, FAQ
- Non disclosure
Test / Validation, Deployment:
If it’s a new project;
- Explain your POC (Proof of Concept) plan
- Explain your test and validation plan.
If it’s an upgrade:
* Explain your test and validation plan.
Do you have deployment schedule and resources ready?
- Hardware / Software / License
Effectiveness of application to meet the business needs.
- Meets all needs
- Key needs met, regular change requests
- Key needs met, end user computing and regular change requests
- Some key needs missing
- Fail to meet key needs
Confidentiality of the data in the application.
- Systems contain generally available information, manipulation of data would have no impact
- Systems contain generally available information, manipulation of data would have minimal impact on operations or control are strong
- Systems contain confidential information; disclosure or manipulation would have a significant impact on operations
Data integrity (interface between applications).
- Application input and processing controls in place, no data fixes
- Not all application controls in place, end user computing
- Data fixes, manual interfaces, limited interface controls
Number of error that occurs per year (if needed or known).
The financial impact if the application is not available or not functioning properly/correctly :
- No/Minimal financial loss
- Medium financial loss
- Substantial Financial Loss
- Major financial loss
- Huge financial loss
Backup procedure and policy:
- Data retention
- Backup policy
Availability of the application:
Open hours – 7×7 24×24
Time frame before fall-out of the application will impact the business (the reputation, finance, operation) .
- < 1 hour
- < 1 day
- < 1 week
- End of week
- End of month
- Not specified.
Is this application must be in the recovery plan?
If required, what is the recovery time for this application?
Dependency with operation:
- No relation with operations
- No significant relation with operations – unavailability or malfunctioning will only lead to occasional interruptions of operations
- Medium relation with operations – ultimately unavailability or malfunctioning will lead to regular interruptions of operations
- Strong relation with operations – ultimately unavailability or malfunctioning will lead to frequent delays and a significant decrease of efficiency and effectiveness
- Very strong relation with operations – ultimately unavailability or malfunctioning will lead to a cessation of activities
This application depends on those other applications:
Other application are related to the current one:
Security and Audit
- Access list
- Checks or controls to put in place
See with the auditors.
Can the application fault or data lose (corruption, miss, thief) can be a reputation issue?
Compliance / Regulation
Is the application, data or process requires some compliance feature?
- Data is not used for compliance purposes
- Data is partially used for compliance purposes, supported by human intervention
- Data is the single source for compliance purposes without human intervention
Is the application, data or process requires some regulation feature?
Monitoring / Evaluation
Is the some monitoring and / or evaluation to do ?
* Performance monitoring
* Capacity planning and monitoring
* Quality requirements