Expert Advice Community

Guest

Reconciling Incident SLA vs RTO

  Quote
Guest
Guest user Created:   Feb 04, 2021 Last commented:   Feb 04, 2021

Reconciling Incident SLA vs RTO

As you know, RTO values tends to be higher as disruption levels goes up in scale while in IT Incident Management, the response time or SLA becomes lower. For example, in RTO, if a disruption is on a facility level the RTO would usually involve hours. In IT, the facility level disruption would require IT engineers to work as quickly as possible to restore the services.

What are your thoughts on this?

A P1 IT incident would have to be resolved in minutes while in BCP a P1 incident would entail a higher RTO.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 04, 2021

First is important to note that higher disruption levels do not necessarily lead to higher Recovery Time Objectives (RTOs), or to lower incident response times/SLAs. These times are mostly defined by business continuity strategies, processes interdependencies, and available resources. For example, an organization may decide:

  • to have the same RTO and incident response time/SLA, regardless of the disruption level (this basically means to have an alternative site mirroring the main site in real time at a distance that cannot be affected by the same disruption).
  • to increase RTO to keep the incident response time/SLA, provided the RTO does not become greater than the Maximum Acceptable Outage (MAO). The difference between RTO and MAO is that, once MAO is defined, when MAO threshold is breached, recovering the business is not worthy anymore, while the RTO can be changed for any value from 0 to any value smaller than MAO.
  • to decrease the incident response time/SLA to keep RTO, but you need to note that how much you can decrease the incident response time/SLA will depend on the complexity of processes interdependencies (i.e., some recovery activities can only be performed in sequence, not in parallel, so the sequence with the shortest time will define the minimum incident response time/SLA).

Considering that, you need to find a balance between needed activities, available resources, and business objectives and strategies to define proper values for RTO and incident response time/SLA.

These articles will provide you a further explanation about business continuity concepts:

This material will also help you regarding business continuity concepts:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 04, 2021

Feb 04, 2021