Recovery Point Objective (RPO) and Recovery Tip Objective (RTO)

What is RPO?

Recovery Point Objective (sometimes referred to as RPO or simply recovery point) is a pre-established point in time, wherein if data that was created after that point was not able to be recovered in the event of a loss, the business would be seriously impacted. For example, say a business wrote a file every afternoon called “Account Resolution” where all transactions for that day were reconciled and appended to an accounting database. This file is created every day and the database is used at the end of the week to bill clients. Now, imagine if on Thursday that week, the computer holding database was lost, and most importantly, not able to be recreated. Not only would the data be gone, but the business would be severely impacted! In this case, it would be important to establish an RPO stating that the database must be backed up every night after the creation of the “Account Resolution” file, thus making the RPO no less than every 24 hours so a given day’s transactions would be captured. If an RPO is never established, an administrator may only back up the database once a week, thus setting the business up for a catastrophic data loss if the database crashes mid-week.

What is RTO?

RTO establishes a maximum downtime for a given asset. That is to say, the business must establish just how long administrators can take to restore data from backup in the event of a loss. Depending on the volume of data, the interval between backups, the RPO, and even the physical location of the backups, recovery can take a significant amount of time. It is important for a business to take this into consideration when establishing a recovery time objective. Using the example above, the RTO may be “no later than the start of business the morning after a data loss, or no more than 12 hours, whichever time is shorter.” This would help ensure that the database was not only up and running for business the following day, but also that previously recorded transactions are properly input back into the database before new entries are made.

Why are RPO and RTO Important?

Both RPO and RTO are important to establishing useful, relevant, and robust backup and recovery plans. It is always best for a business to plan for data loss, as it is almost guaranteed to happen at some point in time. Part of this planning is ensuring that data is backed up at a point that the business can cope with, and that the backup is restored in time to resume normal operations and a smooth and predictable manner.