Skip to content

Page336

Alternate Terms for MTD

Depending on the business continuity framework that is used, other terms may be substituted for Maximum Tolerable Downtime. These include Maximum Allowable Downtime (MAD), Maximum Tolerable Outage (MTO), and Maximum Acceptable Outage (MAO).

Though there may be slight differences in definition, the terms are substantially the same, and are sometimes used interchangeably. For the purposes of consistency, the term MTD will be used in this chapter.

Learn by Example

The Importance of Payroll

An IT security instructor was teaching a group of Air Force IT technicians. At the time, the instructor was attempting to teach the Air Force techs how to prioritize which IT systems should be reconstituted in the event of a disruption. In one of the exercises, the IT techs rated the payroll system as being of the utmost importance for fighting the war and no other war fighting system could take precedence over the payroll system. When the instructor asked the IT techs why this was the case, they said, “If we don’t get paid, then we’re not fighting … That’s why the payroll system is the most important. Without it, we are going to lose the war!”

This is a true story and an excellent point to consider especially when planning for payroll systems. In any BCP/DRP, special attention needs to be paid (no pun intended) to the payroll system and how the organization is going to pay employees in the event of a disruption of IT operations. Every possible disruption scenario needs to be planned for and vetted to ensure that business will continue to function. Employees do not work well when paychecks are late or missing.

Payroll may be used to determine the outer bound for a MTD. Any one payroll could be impacted by a sudden disaster, such as an 11:30 AM datacenter flood, when printing paychecks is scheduled at noon. Most organizations should not allow unmanaged risk of two missed payrolls: if a company pays every 2 weeks, the maximum MTD would be 2 weeks. This is used to determine the outer bound; most organizations will determine a far lower MTD (sometimes in days, hours, or less).

Failure and Recovery Metrics

A number of metrics are used to quantify how frequently systems fail, how long a system may exist in a failed state, and the maximum time to recover from failure. These metrics include the Recovery Point Objective (RPO), Recovery Time Objective (RTO), Work Recovery Time (WRT), Mean Time Between Failures (MTBF), Mean Time to Repair (MTTR), and Minimum Operating Requirements (MOR).