There is one more point, i think: restart time after disaster.
Consider several levels of disaster:
- software breaks
- hardware breaks
- site disaster (complete datacenter down)
Now, for each of these scenarios work out:
- the cost of downtime
This is individual to the system and might range from zero (testing system) to some really big amount (mission-critical production system). Ask business for their estimation, because ultimately they will use it, not you.
- the time it takes to rebuild a working system
Estimate the times for each of these scenarios. For instance: hardware breaks down. How long will it take to get a new system, how long will it take to reinstall it and restore backups? This is about as long as the system is going to be down.
- ways to shorten that time and an estimation how much that would cost
When you have gotten the estimation from business how much is at risk it is easy to assess if a certain way to improve recovery time is worth it or not.
Additionally you make your life easier, because usually systems tend to be absolutely uncritical at all - until they break down. Then they are suddenly very, very important and the company is losing huge amounts of money - all because of you! WIth the business' estimation in hand you can pass the ball back to them: you said it isn't important and we should not invest in ways to improve recovery time, now you tell me the system is mission-critical? Are you lying now or were you lying then?
Among ways to improve on recovery time are HA-systems, which will reduce recovery-time to near zero: there is things like disk mirroring or other redundant hardware, there are redundant systems (HACMP) and there are even cross-site-solutions by which it is possible to survive site disasters. It is easy to argue the costs for such things once you have a risk you can oppose these.
Another point on my checklists is usually the SLA (service level agreement), which overlaps ith what i said above: business (=customer) has to say how much of what he wants to have: does the system have to be online non-stop? Will there be downtime windows for maintenance? If yes, how often, how long? Is there a backup plan? How much has to be backed up and how often? How long does it have to be stored? What will the system do and how fast will it have to do it?
All these things should be negotiated and agreed upon. It is easy to create anything the customer is willing to pay for - but the most common way is that customer wants everything but is willing to pay for nothing. Negotiate some compromise and make them agree in documented form (inside a company some e-mail is good enough), but definitel make it documented! Just having Frank from accounting say "i understand" in some meeting is going to be forgotten as soon as the meeting is over (if not sooner).
I hope this helps.
bakunin