Maximum Tolerable Period of Disruption (MTPOD): BSI committee response

Get free weekly news by e-mailFurther to an article, Maximum Tolerable Period of Disruption (MTPOD) by Jacque Rupert, published recently by Continuity Central, Malcolm Cornish provides an update on the latest thinking on MTPOD and highlights a ‘corrigendum for BS 25999’, relating to Maximum Tolerable Period of Disruption, which was approved on June 9th 2009 by BSI’s BCM/1 standard development committee.

By Malcolm Cornish, FBCI FCA, BSI BCM/1 committee member.

Jacque’s article explains very well how the application of MTPoD (Maximum Tolerable Period Of Disruption) for key products and services engages management, improves management understanding of the business continuity management programme and adds clarity and justification to recovery priorities. The standard also requires MTPoDs for the activities that support the key products and services.

BS 25999 in essence defines four levels within an organization:
* Organization
* Product/service
* Activity
* Assets and resources.

This accommodates sufficient flexibility for organizations big and small and the adoption of any approach or methodology that conforms to the requirements of the standard.

The definition of the organization is self-evident and encapsulates the entire entity for which the business continuity management system (BCMS) is being established.

Some organizations choose to define product or service at a fairly high level within the organization (eg a customer services operation comprising call centre, billing services and credit management). These could in effect be organizations in their own right. Other organizations define product or service at a 'delivery' level to represent the products and services they deliver to customers/clients (eg a single manufactured product of a well-known bakery).

Whatever the product/service definition, anything beneath this level is an activity in some shape or form and could even encapsulate what others define as a product or service.

Activities can have a direct (operational) or indirect (support or strategic) relationship with the products and services that they support.

The standard requires the dependencies of critical activities to be identified (other activities, assets, resources, suppliers and outsource partners).

Any definition of MTPoD (and recovery time objective (RTO)) needs therefore to recognise the permissible interpretations of product/service and activity.

The BSI committee responsible for BS 25999 has approved the wording of a ‘corrigendum’ that explains the full application of the term MTPoD. Hopefully management and those implementing business continuity will read Jacque’s excellent article and the corrigendum and appreciate more fully the added value that MTPoD brings to the discipline.

The full corrigendum is as follows:

Corrigendum on ‘Maximum Tolerable Period of Disruption’

Purpose: The definition of the term ‘Maximum Tolerable Period of Disruption’ is incomplete and is therefore open to a variety of interpretations. This corrigendum clarifies the intended meaning of this term.

Maximum tolerable period of disruption (MTPD)

Products and services
The maximum tolerable period of disruption for a product or service represents how long it would take for an organization to become unviable because of the adverse impacts that would arise as a result of not providing that product or service

Note: An MTPD should be estimated for each key product or service and agreed by top management

Activities
The maximum tolerable period of disruption for an activity represents how long it would take for an organization to become unviable because of the adverse impacts that would arise as a result of not performing that activity

Note: An MTPD is required for each activity that supports the delivery of the organization’s key product and services and should be determined based on the impact over time of disrupting that activity.

Having established the MTPD of an activity, the organization shall identify:
1. The maximum time period after the start of a disruption within which the activity needs to be resumed;
2. The minimum level at which the activity needs to be performed on its resumption;
3. The length of time within which normal levels of operation need to be resumed.

Terms and definitions

Revised entries for BS 25999 Part 2:

2.27 (2.23 in Part 1) maximum tolerable period of disruption
duration after which an organization’s viability will be irrevocably threatened because of the adverse impacts that would arise as a result of not providing a product/service or performing an activity

2.32 (2.26 in Part 1) recovery time objective
target time set for:
• resumption of product or service delivery after an incident; or
• resumption of performance of an activity after an incident; or
• resource recovery after an incident.

NOTE: The recovery time objective of a product or service has to be less than its maximum tolerable period of disruption and the recovery time objective of an activity has to be less than its maximum tolerable period of disruption.

Author: Malcolm Cornish FBCI FCA
malcolm.cornish@continuity2.com

•Date:11th June 2009• Region:UK/World •Type: Article •Topic: BC plan development
Rate this article or make a comment - click here





Copyright 2010 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help