How to define criticality?
Assign topic to the user
Juliano,
Your BIA questionnaire should be set to assess the impact for disruption for e.g. 4 hours - 8 hours - 24 hours - 48 hours - 1 week. If the impacts of disruption are acceptable for e.g. 4 hours and 8 hours, but for 24 hours and after they are not acceptable, this means your MAO (Maximum Acceptable Outage) is somewhere between 8 and 24 hours.
To determine MAO more precisely (where it is between 8 and 24 hours), you will have to consult with the owner of the process.
Dejan,
Actually, i want identify the criteria that i can use to define the criticality of my business process, eg: mission critical, important, minor.
I understood how to identify the MAO/MTPD, but i think that are different things right?
So, the BIA results will show:
Process A - Mission Critical - MAO 4hours
Process B - Important - MAO 5hs
Juliano,
Actually ISO 22301 does not require you to grade the criticality of your processes - it is either critical or not. If it is critical, the only thing that matters is how quickly it needs to recover - this is defined by MAO/RTO.
Dejan,
How you define the priority of business process recovery? Do you use only de RTO or quantitative impacts too?
Juliano,
Priority of recovery is determined on the basis of RTO - the activity with the shortest RTO will be recovered first. Quantitative impacts are an input for determining the RTO - for instance if the impact of disruption that lasts 24 hours is US$ 100,000, you can determine that this is not acceptable, so that your RTO needs to be less than 24 hours.
Comment as guest or Sign in
Jan 12, 2016