capacity across the organization before attempting a full recovery
               effort.

               By the same token, the same exercise must be completed for critical

               business processes and functions. Not only can these things involve
               multiple business units and cross the lines between them, but they
               also define the operational elements that must be restored in the wake
               of a disaster or other business interruption. Here also, the final result
               should be a checklist of items in priority order, each with its own risk

               and cost assessment, and a corresponding set of mean time to recovery
               (MTTR) and related recovery objectives and milestones. These include
               a metric known as the maximum tolerable outage (MTO). This is the
               maximum amount of time that the business can withstand the
               unavailability of a service without experiencing significant disruption.
               Business continuity planners can compare MTTR and MTO values to
               identify situations that require intervention and additional controls.


               Crisis Management


               If a disaster strikes your organization, panic is likely to set in. The best
               way to combat this is with an organized disaster recovery plan. The
               individuals in your business who are most likely to first notice an
               emergency situation (that is, security guards, technical personnel, and
               so on) should be fully trained in disaster recovery procedures and

               know the proper notification procedures and immediate response
               mechanisms.

               Many things that normally seem like common sense (such as calling
               911 in the event of a fire) may slip the minds of panicked employees
               seeking to flee an emergency. The best way to combat this is with
               continuous training on disaster recovery responsibilities. Returning to
               the fire example, all employees should be trained to activate the fire

               alarm or contact emergency officials when they spot a fire (after, of
               course, taking appropriate measures to protect themselves). After all,
               it’s better that the fire department receives 10 different phone calls
               reporting a fire at your organization than it is for everyone to assume
               that someone else already took care of it.

               Crisis management is a science and an art form. If your training