In an executive meeting, the vice president (VP) of manufacturing, the data owner of the material requirement planning (MRP), and the VP of sales, the data owner of the online shopping website, are justifying the criticality of the underlying information systems that process their data and support their business processes. Both of them believe their business processes are more critical and should be recovered first in case of a disaster. As a CISO, how should you do?
A. Facilitate the process for the determination of the maximum tolerable downtime, and invite the VP of information technology to commit to the recovery time objective and recovery point objective.
B. Take importance and urgency into consideration, and implement a hot site for the business processes with higher priority while a code site for the ones with lower priority.
C. Prepare a disaster recovery plan (DRP) based on the recovery time objective and recovery point objective.
D. Prepare a business continuity plan (BCP) and a business case with alternatives to implement a hot site to support both MRP and the online shopping website.
This post, The Concept of Business Continuity, states the justification.