Expert Advice Community

Guest

Backup and DR plans - outsourced services

  Quote
Guest
Guest user Created:   Sep 06, 2022 Last commented:   Sep 06, 2022

Backup and DR plans - outsourced services

We have some troubles regarding Backup and Disaster recovery rules for our outsourced services / applications.

We have around 200 different applications where the operations and backups are outsourced. We have divided our applications into 3 different criticality categories - where we have set requirements and collected answers for RPOs and RTOs for the applications with highest criticality level. 

All assets are still in scope (even if they are not business critical) and we have some controls for risks covered by for example backup procedures.

Does that mean we have to collect RTOs and RPOs for all our assets? Or do you have any suggestions on how we can adjust in our policies to make it more simple for us?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 06, 2022

Please note that RTOs are usually set at the department level, while RPOs are set at the application level.

Considering that you do not need to define a specific RTO for each application. They will inherit the RTO from the business departments they are related to.

Regarding the RPO, you can group them according to their criticality or other predefined criteria (e.g., belonging to the same department or process, having a similar RPO) and defining a single RPO for the whole group. Therefore, you will have a different RPO for each of your 3 categories of applications.

This would make your administration job easier. But you need to evaluate the impact of adopting general RTOs/RPOs considering the allocation of resources and fulfillment of legal requirements. 

These articles will provide you with further explanation about RPO and RTO:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 06, 2022

Sep 06, 2022

Suggested Topics