|
Article 7
|
An organization shall conduct regular BIA on an annual basis to evaluate the degree of impact caused by interruption to core business and generate the following analysis result to help assessment of strategies for core system recovery:
1. An organization shall identify the business nature and important characteristics of core business, and determine the maximum tolerable period of interruption (MTPD), recovery time objective (ROT), minimum tolerable service level, and recovery point objective (RPO) of core business based on the results of identification, to be used as the basis of core system recovery.
2. An organization shall determine the recovery time objective (RTO) and recovery point objective (RPO) of core system as the basis of backup planning and implementation of recovery operation.
3. An organization shall list priorities of what to be recovered based on the importance of core business or recovery time objective (RTO), and identify allocation of resources necessary for meeting the minimum acceptable service level (including but not limited to site, infrastructures, network, telephone lines, information and communication system, office software and hardware, office equipment, reserve fund, staff, documents and suppliers necessary for recovery).
4. An organization shall determine the minimum tolerable service level to be timely recovered after occurrence of disaster based on its operation strategies, operation objective, organizational size and resources, to reflect the risks the organization is willing to accept.
|