Predicting a disaster or business-halting incident is nearly impossible but the financial implications are extensive. According to Veeam’s 2022 Data Protection Report, the average cost of downtime is $1,410 per minute, which is why organizations need to emphasize preparation.
A comprehensive and robust disaster recovery plan defines how an organization will recover from an incident, with as minimal damage and loss as possible. Arguably two of the most critical considerations of both a business continuity and disaster recovery plan are RPO and RTO. Below we explore the differences between them and why they matter to your business.
What does RPO mean?
A recovery point objective, or RPO, is the data backup period that is based on the maximum amount of data loss that is acceptable for your business before it causes damage to your organization. This is typically measured in terms of an amount of time, specifying the maximum amount of time your company can tolerate without a backup. This informs how often you should back up your systems to stay in compliance. Think of this as your data loss tolerance.
When defining an RPO, these are some things to consider:
- How much data, if any, can be lost to still function?
- Can the lost data be recreated from other systems?
- How does potential data loss affect your company’s reputation?
- Are there financial implications relating to data loss?
- What are the potential legal implications?
The higher the risk to your business, the shorter your RPO should be.
What does RTO mean?
A recovery time objective, or RTO, is the maximum length of time an organization (devices, systems, networks or even applications) can be down after a failure or disaster event. Think of it as the business disruption tolerance. This metric signifies the amount of time that can pass before an organization begins to experience serious implications of a halt to normal business operations.
When defining an RTO, these are some things to consider:
- What is the cost of an outage per hour (or even minute or day)?
- What are priority applications that must be recovered and back online?
- Does this system handle customer data and what service level agreements (SLAs) do you have in place?
- If [A] system went offline, are there other systems impacted? What are the RTOs for systems [B] or [C] in relation to [A]?
- What customer-facing systems do you have that would result in customer dissatisfaction or loss of brand loyalty?
The RTO and RPO standards for your organization will be unique to your operations and business model. Calculating RTO and RPO needs to begin with business impact analysis (BIA). It’s important to remember that your business will have unique metrics for each service, application or device. For example, if you are a healthcare organization such as a hospital, your RPO for data loss may be very short. For critical services to your hospital operations and patient safety, your RPO could be 15 minutes or less. This would mean, your backup of data would be within 15 minutes from the time of failure. An RTO for running systems and connected devices could be a little as minutes after declaring a disaster to ensure there is no loss to productivity or critical operations.
Establishing your RPO and RTO are critical steps in building a business continuity and disaster recovery plan. But options about how you manage active backups and recovery are available. Whether you keep your backup recovery in-house or outsource backup as a service along with your disaster recovery, Computer Solutions can help. We have extensive experience in cloud backup services, business continuity and disaster recovery planning and more. Let us help you plan for disasters so you can recover faster. Contact us today to get started on a BCDR plan and establishing your RTOs and RPOs.
