RTO – Recovery Time Objective
This determines how quickly you need your systems back up and running following a disaster. In simple words, a time in future, at which your services will be up and running.
While you might consider all the units / process of your business to be up running always (RTO of few seconds / minutes), there is a cost associated with it, the lesser the RTO, the more cost hungry is the recovery strategy.
For eg: Consider a company running BPO / Call centre operations. Following a disaster, the priority would be to ensure the connectivity restored to resume receiving calls, which may give a lesser RTO(higher priority) to IT Department than HR-Recruiting or Marketing.
RTO is calculated during the BIA process.
This would also help us in understanding the resource requirements for that particular process during the recovery period.
RPO – Recovery Point Objective
RPO is our maximum affordable data loss. This would help us determine the type of site required.
case 1: affordable data loss
the particular process always has a provision to reconstruct data from last 12 hours from hardcopy (paper) records. In this case, we can have an RPO of 12 hours, thereby a off-site backup every 12 hours. So 12 hours is the maximum data that would be affected, which you can reconstruct with the hardcopies.
case 2: cost factor, profit vs loss
You are making a profit of 10,000Rs/day, and your loss is as below:
for 1 Day data loss = costs you Rs.3000.
for 2 Days data loss = costs you Rs.7000.
for 3 Days data loss = costs you Rs.15000.
In normal cases, if costs is the only dependent factor, you do not opt for an RPO of anything less than 2 days, as till 2 days, your cost due to data loss is much less than the profit.
We consider the cost of data lost against the recovery strategy cost before arriving at an RPO. Remember the saying – its not worth to guard your horse by a golden fence!
MAO – Maximum Acceptable Outage
(as per BS 25999-1:2006, MTPD. Maximum Tolerable Period of Disruption or MTPD/MTPoD)
- is the maximum allowable time that the organization’s key products or services is made unavailable or cannot be delivered before its impact is deemed as unacceptable.
- In normal cases, RTO is always less than MTPD.
- MTPD provides the maximum criticality point for each process or asset / resource.
Any queries, please feel free to post in the comment box below.