Business process disruption can lead to financial and legal losses as well as damage to reputation. Business Continuity Management (BCM) aims (1) to identify critical business processes, systems and services, (2) to identify potential threats to services, systems and critical business processes, and (3) to assess and evaluate potential damages or losses that may be caused by a threat to critical business processes. BCM experts refer to these three activities as a Business Impact Analysis (BIA). One outcome of a BIA is a specific time-frame such as Maximum Tolerable Outage Time (MTO), in which a normal level of services and operations has to be restored such that the organization can continue to deliver products and services.
Using the BIA, a BCM expect may select appropriate service level agreements to restore services in order to avoid MTOs. Generally, service level agreements may refer to service offers by service providers for servicing business services of a company. Each service level agreement may include information such as time constraint information that indicates a period of time when the provider is able to restore a service when the service becomes unavailable (e.g., 0 to 4 hours), as well as cost information indicating the cost of providing such service. In one example, the BCM expert may consider a number of different service level agreements related to the electricity service provided to the company. For instance, one service level agreement may provide that the electricity provider is able to restore electricity within 0 to 4 hours in the event of an electrical outage, and another service level agreement may provide that the electricity provider is able to restore electricity within 4-8 hours in the event of an electrical outage. However, the first service level agreement may have a higher cost than the second service level agreement.
In a Service Oriented Architecture (SOA), services often consume other services and therefore may depend on each other. Typically, the relationship among services may be described using a service dependency graph. In evaluating various service level agreements, the BCM expect may need to translate the MTO objective starting from the top-level services, which are directly consumed by business processes, down to lower-level services in the dependency graph, in order to verify that a particular service level agreement can restore a service according to its time constraint information without causing major disruptions in the business process and avoiding MTO violations. Conventional methods for performing such an analysis rely upon general graphical diagrams and spreadsheets, which are often time consuming and cumbersome.