Maximum Allowable Outage and non financial impact
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: You can have situations where the non financial impact is high and the financial impact is low, so the non financial impact is more significant to determine the MAO. In such cases the MAO is not calculated, but determined considering the perceptions of the interested parties about how much time the outage should last so the organization wouldn't be able to resume business activities. Since this is a subjective approach, you should involve personnel with as much as experience and knowledge about the impact as possible, to ensure some degree of confidence in the MAO value.
This material will also help you regarding Maximum Allowable Outage and non financial impact:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Book Becoming Resilient: The Definitiv e Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
Comment as guest or Sign in
Feb 02, 2018