Scale of BIA to determine RTOs and RPOs
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I have a scale of (1-Low Impact, 2-Medium Impact, and 3-High Impact) so:
In assessing RTO/RPO for an asset what is the meaning of the impact of 1, 2, or 3?
am I correct if I say for RTO:
- Impact of 1: No user reaction at all
- Impact of 2: Some users will start calling.
- Impact of 3: Most users will be affected by unavailability of the asset in this time frame.
and for RPO:
- Impact of 1: loss of data is acceptable and data can be recreated easily.
- Impact of 2: some data loss is acceptable and missing data can be recreated easily.
- Impact of 3: no data loss is acceptable and missing data is difficult to recreate.
Answer:
Yes, you are right, I think that it is very easy and useful for you. If you need more information about how to perform the BIA please read this article How to implement business impact analysis (BIA) according to ISO 22301 : https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
Comment as guest or Sign in
Jan 12, 2016