Chapter 4: Strategy Selection - Business Continuity and HIPAA Business Continuity Management in the Health Care Environment [Electronic resources] نسخه متنی

Chapter 4: Strategy Selection

OVERVIEW

The objective of strategy selection is to develop the solutions enhance availability and recoverability of vital applications. The strategy selection process addresses single point of failure (e.g., one production location, vendor dependency, one call center). It addresses environmental risks (e.g., political instability, weather, earthquakes, etc.).

With the advent of HIPAA, downtime due to security breaches has become a major issue. For this reason, we are including a discussion about security measures in this section. More and more, the business needs, as defined in the Business Impact Analysis, support many projects geared at protecting a healthcare organization's image, and preventing or reducing downtime.

In the previous section, we identified the Recovery Time Objective of each function of the business. In a healthcare organization with three different applications, for instance, each application might have a different RTO. Therefore, the strategy to recover each function is driven by a different time requirement.

Another concept is Recovery Point Objective (RPO). This measure addresses the amount of data that is allowed to be lost. It is measured by taking the time of the disaster and subtracting the time of the last recoverable transaction. RPO and RTO are two major demand drivers for strategy selection in a healthcare environment.

In the selection of a strategy, you must weigh the cost of being without the service at various points in time (the duration of the outage) against the cost of the solution. The objective is to minimize the total cost of the impact and the solution. I have attempted to visualize this concept in the following: