Business Impact Level definition

Business Impact Level or “BIL” means a set of numbers used to guide discussions about risk in government projects. Specifically they are numbers between 0 and 6 for each of the 3 main concepts mentioned below and measure: confidentiality - the potential consequences of information being seen by those who should not see it integrity - the potential consequences of having the accuracy or completeness of information compromised availability - the potential consequences of information becoming inaccessible More details about identifying these numbers can be found in this extract from HMG IA Standard No. 1 ”Computer Aided Facilities Management or CAFM” means the support of Facilities Management by information technology

Split View

AI-Powered Contracts

Draft, Review & Redline at the Speed of AI

Get StartedBook a Demo

Business Impact Level a measurement of the impact resulting from a compromise of confidentiality, integrity and availability of an ICT Environment, in accordance with HMG Security Policy Framework;

Business Impact Level has the meaning given in the Accreditation Standards; Expression Definition "Business Transfer Agreement" or "BTA" means either (a) the business transfer agreement between the Department for Environment, Food & Rural Affairs and the Contractor dated 1 November 2013; (b) the business transfer agreement between the Department for Work & Pensions and the Contractor dated 1 November 2013; or (c) the business transfer agreement between the Environment Agency and the Contractor dated 1 November 2013; "Call-Off Agreement" a Call-Off Order Form and any appendices to it and any documents attached to it entered into between the Contractor and a Customer in accordance with the Call-Off Procedure and incorporating the Standard Terms ; "Call-Off Dispute" a Dispute relating to only one Call-Off Agreement; "Call-Off Order Form" means a completed Call-Off Order Form entered into between a Customer and the Contractor in accordance with the Call-Off Procedure; "Call-Off Period" a period of five (5) years, which shall commence on the Framework Effective Date; "Call-Off Procedure" the procedure set out in Schedule 2.1 (Call-Off Procedure) to the Framework Agreement; "Call-Off Repeat Failure" has the meaning given in Paragraph 6.1 of Schedule 3.3 (Contractor Incentives) to the Standard Terms; "CEDR" the Centre of Effective Dispute Resolution; "Central Government Body" a body listed in one of the following sub-categories of the Central Government classification of the Public Sector Classification Guide, as published and amended from time to time by the Office of National Statistics: (a) Government Department; (b) NDPB or ASPB (advisory, executive, or tribunal); (c) Non-Ministerial Department; or Expression Definition

Examples of Business Impact Level in a sentence

• The customer acknowledges that the service provided is not intended for holding data where its loss, unauthorised disclosure or unavailability has been assessed by the customer or any independent assessor as having a Business Impact Level (as defined by CESG) of greater than BIL 2.

• In exceptional circumstances and not for routine communications, data with a Business Impact Level 3, from or to an OFFICIAL SENSITIVE system or assets protectively marked as RESTRICTED may be sent through Internet if the information asset has been encrypted to appropriate level before transmission.

• The Supplier shall provide a secure service which meets the requirements of current Business Impact Level 2 as a minimum and shall be capable of achieving Pan Government Accreditation.

• These impacts can be most readily seen in the weaknesses that currently exist including searching, handling of long list hierarchies, reporting and Business Impact Level 3 (BIL3) (data security) compliant user administration.

• Service Provider Networks: - may be used if previously accredited to process data, up to and including Business Impact Level 3 as an OFFICIAL SENSITIVE system, or for RESTRICTED information.

• Should a Contracting Authority require a change in the Business Impact Level, the Supplier shall provide a plan which documents any changes required, any associated risks and their mitigation.

• Further information on Business Impact Level Tables can be found at ▇▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇.▇▇/publications/Documents/business_impact_tables.pdf The Supplier shall satisfy the Accreditor that the risks to data confidentiality, integrity and availability have been assessed and adequately addressed.

• May also be stored on laptops / desktops that are accredited to hold data of Business Impact Level 3 as an OFFICIAL SENSITIVE system or RESTRICTED information and are equipped with government-approved CPA Foundation or CAPS Baseline grade whole disk encryption.

• Electronic information – may be stored on standalone systems that have been accredited to, store / process data up to and including Business Impact Level 4 as an OFFICIAL SENSITIVE system, or CONFIDENTIAL information (with use of CPA Foundation or CAPS Enhanced / High grade encryption).

• Internet: - using a government approved encryption product deemed adequate for the Business Impact Level of the data, or for RESTRICTED information.