Thanks for the info Sandeep. But I'm looking for best practices/guidance on determining the RTO/RPO values for a dependency on a BIA. In particular, the documentation: Assess the impact categories and dependencies Step 8 says that for a dependency (Depends on), you can add the RTO, RPO, Description of use, etc. It offers no guidance on how to determine the RTO, RPO values to put here. If I was completing this portion of the BIA, what RTO, RPO values would I put for a given dependency? The currently achievable/known RTO, RPO for the dependency? Or would the values I put be the RTO, RPO goals for the dependency scoped to this BIA (perhaps taking in account the overall calculated BIA RTO, RPO)? If these are goal based values, I'm thinking I could just put the overall BIA RTO/RPO value for every dependency on the BIA. Unless there's some inter-dependency between the dependencies (one must be recovered before the other can be).

I am struggling with this one too. Not even sure where those numbers for each dependency will be used afterwards, if any place at all. When you perform RTO assessment of impacts for Business Process you will already have RTO for the process. Logically it would make sense that all dependencies was adjusted to fit that RTO. That is to say it makes no sense having av dependency toward an application but allow it to have a longer RTO than the process it is part of. If on the other hand, those values are achievable RTOs (what the application is capable of today), than it would make a lot more sense to set that in the CMDB itself, since one application can be used within multiple business processes.