A crucial part of every organization’s list of objectives is to be able to get back up and resume operations after a disaster. Disruption in whatever form–database corruption, power outage, SAN failure, or natural disaster, translates to a revenue loss for any enterprise. To minimize such losses, it’s imperative to have a reliable data protection program and a sound disaster recovery plan for all operations within an enterprise.
When planning data protection and disaster recovery options, there are two important parameters that should be considered: Recovery Point Objective (RPO) and Recovery Time Objective (RTO). This post discusses what these two concepts are, how they differ, and how they are invariably tied to your business continuity and disaster recovery plan.
RTO or Recovery Time Objective is the period of time within which an enterprise should be able to resume business processes following a disruption or disaster. The objective is to get operations back up within that acceptable time frame before serious losses can arise from the break in operations. RTO answers the question: “How much time can the organization afford to lose before services can resume after a disruption?”
For instance, if your RTO is eight hours, this means that business operations should only be down for this long before the organization would have to deal with severe consequences from the fallout. In contrast, a business that has set two days as its RTO would have more time to put all infrastructure and systems back into place.
RPO or Recovery Point Objective focuses on the amount of data that could be at risk in case of a disaster and the organization’s tolerance for data loss under such event. This metric takes into account the enterprise’s data backup strategy and how much data it can afford to lose between backups.
RPO answers the question: “How much data can the organization afford to lose after a disruption before such loss seriously affects operations?” For a business that relies heavily on data, the RPO should be much shorter, and the backups, therefore, more frequent.
RTO and RPO: What these mean for your business
RTOs and RPOs are crucial metrics that organizations should consider when evaluating viable strategies for a disaster recovery and business continuity plan. The two parameters may not be directly related, but both are essentially part of the recovery process. The RPO deals specifically with data–how far back prior to the disaster can the organization recover data and how resilient that company can manage to be with the loss of data. The RTO, on the other hand, is based on a larger scale and views the business as a whole, focusing on getting services back up.
Whether one carries more weight than the other or should have higher priority than the other depends on your industry, services, and continuity strategy. An enterprise could have an RTO of 24 hours and an RPO of 7 days or the other way around. An online university, for instance, would put more importance on resuming online classes following a major power outage even while putting its data back in order; that’s RTO. For a company maintaining the database for an e-commerce site, however, the RPO is so critical that even an hour of lost data can translate to significant losses.
Ideally, both RTO and RPO should be within very short time spans–minutes, preferably–to ensure optimal business operations. But as every enterprise would know, even a few hours RTO and RPO are difficult to achieve. It’s worth noting that resumption of business after a disaster does not necessitate the use of IT systems at all times. Manual workarounds and procedures may also be implemented in order to get as close as possible to the set RTO and RPO.
However, for those enterprises that are looking for recovery plans that are nearly foolproof, employing Disaster Recovery as a Service (DRaaS) solutions would help ensure a fast and seamless resumption of your business, thereby meeting, and even exceeding, your RTO and RPO.