IT Examiner School eBook

Internal Use Only

Risk Assessment (RA) Management should develop a RA that: • Understands the risks to the business;

• Identifies broad range of potential disruptions; and • Clearly defines the operations and services.

The BIA should define recovery priorities and resource dependencies for critical processes

Internal Use Only

Recovery Metrics & Process Prioritization • After completing the BIA, management should establish formal recovery metrics which will be used to prioritize process recovery and design testing scripts • Metrics should include:

• Recovery Time Objectives (RTOs) • Recovery Point Objectives (RPOs) • Maximum Tolerable Period of Disruption (MTPDs) • Recovery Work Time