2023 IT Examiner School

Internal Use Only

Risk Assessment (RA) Management should develop a RA that: • Understands the risks to the business;

• Identifies broad range of potential disruptions; and • Clearly defines the operations and services.

The BIA should define recovery priorities and resource dependencies for critical processes

Internal Use Only

Recovery Metrics & Process Prioritization • After completing the BIA, management should establish formal recovery metrics which will be used to prioritize process recovery and design testing scripts

• Metrics should include:

• Recovery Time Objectives (RTOs) • Recovery Point Objectives (RPOs) • Maximum Tolerable Downtimes (MTDs)

Made with FlippingBook - Share PDF online