Disaster Recovery Planning: The Importance of RPO and RTO
By Tobias Geisler Mesevage
Warren Buffet famously said, “It takes 20 years to build a reputation and five minutes to ruin it.”
One of the quickest ways for a business to ruin its reputation is with prolonged downtime during a disaster.
While disasters can happen at any time to any business, how a business handles recovery determines the true cost of downtime. Downtime can be measured in the loss of productivity, revenue and oftentimes, reputation.
A recent survey by IHS, Inc. found that “in aggregate, information and communication technology downtime is costing North American organizations $700 billion per year.”
To ensure rapid recovery from any disaster, it’s critical for a business to have a full understanding of Recovery Time Objective (RTO) and Recovery Point Objective (RPO) as part of its business continuity plan.
In this article, we breakdown RTO and RPO, the important role they play in a business continuity plan and why it’s essential for businesses to define and understand their RTO and RPO.
RTO vs. RPO
Recovery Time Objective (RTO) and Recovery Point Objective are two key metrics in disaster recovery and disaster continuity planning.
While the two may seem similar, they are actually very different and distinct metrics that makeup parts of disaster continuity planning. The main difference between the two lies in their purpose.
RTO is the duration of time it should take to restore all applications and systems after an outage. RTO is usually measured from the moment an outage occurs rather than when the IT team starts working – the moment of the outage is when users and clients were impacted.
The RTO should be established with the goal of minimizing downtime and the disruption of services.
Three questions to consider for RTO:
- How much downtime can your business afford?
- What is your budget for restoring applications and systems?
- What do you need to implement for full restoration?
RPO defines the point in time to which you will restore your data after a disaster. It limits how far to roll back your recovery and defines how much data your business can afford to lose before it affects productivity, revenue, and reputation.
Three questions to consider for RPO:
- How often are you changing or updating critical data for your business?
- How often are you conducting backups?
- How much storage space have you established for backups?
There are several factors to consider when calculating your business’ RTO and RPO.
RTO, RPO And Business Continuity Planning
Power outages, malware or human error can cause a business’ network to go down at any time. Preparing your business for any disaster is critical to ensuring continued operations, minimal downtime and the negative impact on your revenue and reputation.
Roughly 40%-60% of small businesses that experience a disaster never reopen, according to the Federal Emergency Management Agency.
To make sure your business doesn’t become a part of the statistics, create, implement and test a business continuity and disaster recovery plan (BCDR) that includes clearly defined RTO and RPO.
Establishing RTO and RPO will not only decrease the negative effects of downtime, but it will help you more effectively manage a disaster when it strikes.