SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

MAO vs RTO

  Quote
Guest
Guest user Created:   Sep 13, 2018 Last commented:   Sep 13, 2018

MAO vs RTO

What's the difference between the MAO (Maximum Acceptable Outage) and RTO (Recovery Time Objective)? Let's say the MAO is 8 hours, shouldn't be the recovery time 8 hours as well? Isn't it the same thing?
0 1

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Sep 13, 2018

Answer: MAO and RTO are similar things, but not the same. MAO is maximum outage for a particular activity, whereas RTO is targeted time for recovery, and is usually shorter then MAO.

It works like this: first you define MAOs for all your activities, then see if there are any interdependencies, and once you realize that e.g. activity A depends on activity B, you will need to decrease the activity B's RTO to the time that will fit the MAO of the activity A.

This principle is explained further in this article: How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/

Quote
0 6

Comment as guest or Sign in

HTML tags are not allowed

Sep 13, 2018

Sep 13, 2018

Suggested Topics

Guest user Created:   Feb 13, 2020 ISO 27001 & 22301
Replies: 1
1 0

RTO and MAO

Guest user Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 1
0 0

Activities, MAO and RTO

Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

MBCO, RTO, MPTD/MAO