Guest user Created: Feb 04, 2021 Last commented: Feb 04, 2021

Reconciling Incident SLA vs RTO

As you know, RTO values tends to be higher as disruption levels goes up in scale while in IT Incident Management, the response time or SLA becomes lower. For example, in RTO, if a disruption is on a facility level the RTO would usually involve hours. In IT, the facility level disruption would require IT engineers to work as quickly as possible to restore the services. What are your thoughts on this? A P1 IT incident would have to be resolved in minutes while in BCP a P1 incident would entail a higher RTO.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 04, 2021

First is important to note that higher disruption levels do not necessarily lead to higher Recovery Time Objectives (RTOs), or to lower incident response times/SLAs. These times are mostly defined by business continuity strategies, processes interdependencies, and available resources. For example, an organization may decide:

to have the same RTO and incident response time/SLA, regardless of the disruption level (this basically means to have an alternative site mirroring the main site in real time at a distance that cannot be affected by the same disruption).
to increase RTO to keep the incident response time/SLA, provided the RTO does not become greater than the Maximum Acceptable Outage (MAO). The difference between RTO and MAO is that, once MAO is defined, when MAO threshold is breached, recovering the business is not worthy anymore, while the RTO can be changed for any value from 0 to any value smaller than MAO.
to decrease the incident response time/SLA to keep RTO, but you need to note that how much you can decrease the incident response time/SLA will depend on the complexity of processes interdependencies (i.e., some recovery activities can only be performed in sequence, not in parallel, so the sequence with the shortest time will define the minimum incident response time/SLA).

Considering that, you need to find a balance between needed activities, available resources, and business objectives and strategies to define proper values for RTO and incident response time/SLA.

These articles will provide you a further explanation about business continuity concepts:

What is the difference between Recovery Time Objective (RTO) and Recovery Point Objective (RPO)? https://advisera.com/27001academy/knowledgebase/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/
Explanation of the most common business continuity terms https://advisera.com/27001academy/blog/21/01/18/explanation-of-most-common-business-continuity-terms/

This material will also help you regarding business continuity concepts:

Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 04, 2021

Expert Advice Community