All components and systems should be treated equally.
In cases where risk levels are spread amongst all systems and capabilities relatively equally, there is no requirement to do specific analysis of different components or their interdependencies. Rather, everything can be treated uniformly, with redundancy for one component implying the need for redundancy for all. While this will give an imprecise solution, it is reasonable and saves time and effort that would be spent in analysis on redundancy.
Only internal dependency analysis should be undertaken.
For enterprises that are largely outsourced or have only external dependencies on larger or more reliable entities than themselves, contract mechanisms should be relied upon to provide the necessary level of assurance for external dependencies and only internal dependency analysis should be done.
Interdependency analysis and proper planning for interdependencies should be done.
Analysis of interdependencies should indicate risk aggregations, timeliness, and other requirements that apply to those resources, and the redundancy analysis for each of the interdependent items should be provided for according to their redundancy requirements.