What’s the Difference Between RTO & RPO?
Posted By: Helen Friday 29th March 2019 Tags: business, Cyber Security, IT consultancy, IT infrastructure, it security, it support, RPO, RTOToday’s blog looks at the definition of RPO & RTO, what the differences are and what they both potentially mean to your business.
Let’s start by explaining each of these;
RTO or Recovery Time Objective
Recovery Time Objective is an important term and should be something you are not only aware of but have planned for within your business. Should you experience a loss of data (and let’s face it, if you’re not correctly protected this WILL happen), you should have a target time set for recovery. How fast do you need to recover before there are further problems? Ok, we understand the answer is likely ‘we need to recover now’, but without a strategic plan in place this isn’t going to happen. Once you understand the urgency of this situation you will be able to determine a plan of action alongside a budget to cover this.
Here’s an example;
Your business may decide an RTO of five hours. Bear in mind that every company differs and the time will be based upon the nature of your company. Five hours is a relatively short period of time and therefore preparation and a decent budget are key in this situation. Should you be able to cope with a week or more of downtime, solutions do not have to be quite so stringent. Understanding where your business fits into this example is important to recovery. Knowledge is power and if you have a plan all ready to action, your business will continue successfully alongside the blip.
RPO or Recovery Point Objective
Recovery Point Objective is based on your data and the tolerance your company has against any loss. In order to determine RPO we will assess the time between backups and the amount of data that could potentially be lost in between these backups. As a business, it is very important to understand how long the company can afford to continue running without essential data before it begins to suffer.
Here’s an easy example;
Business continuity planning is necessary for every company. Having a plan in places ensures you can continue should data be lost. If, like many companies you rely on the computer for writing, saving and sending reports, continuity planning is essential. Let’s say, for example, you have a particularly lengthy and important report. Now imagine your PC or laptop takes a turn for the worst and crashes. Hopefully you will have been saving as you go along. What you need to ascertain is how much information have you lost between your last save and the computer going down and how much time can you allow for its retrieval. In terms of retrieval this can mean actually finding it from the computer or re-writing. The time you allocate to this is known as RPO. Once you have an idea of this timescale you know how often data is required to be backed up.
RPO & RTO sound very similar. What’s the difference?
Ok, so both RPO and RTO focus upon timescales and data, making them similar. However, if we look at RPO on its own, we can see that this focuses purely on data. RPO is an assessment on how resilient a company is upon the loss of any data.
So far so good?
RTO on the other hand takes a business in its entirety and all the systems currently in use.
Can’t I just ignore RPO and RTO?
Yes, of course you can. As long as you are happy to wait for a data disaster to occur before settling into panic mode. Without the right cyber security in place, this WILL happen. You will reach a point in your business life where systems will inevitably fail due to outside influences (hackers). This means you are not meeting business continuity objectives and could potentially be putting your company in a precarious position.
I need to consider these points, how can you help?
First of all, don’t worry. We are able to help determine RPO and RTO with you and your company. We do this via an initial, free assessment with you and then determining the best course of action to keep your data safe and secure. Cyber security is a huge topic and one that should be discussed more within the workplace. It may be necessary to investigate the potential of cloud solutions, but this is something we can discuss in detail should it be right for you. Take the first steps in keeping your data safe, today.