Backup Strategies Recovery & DRaaS

RPO and RTO: What Are They and How to Calculate Them

In this article, we break down RPO and RTO, their role in a BCDR plan, and why it’s essential for businesses to define and understand their RPO and RTO.

6 minute read

“All you have in business is your reputation, so it’s very important that you keep your word.”

— Richard Branson

Businesses have little tolerance for downtime, especially if you consider that the average cost of IT downtime is $5,600 per minute. This translates to thousands of dollars lost in revenue in a matter of minutes. Moreover, if you add costs from loss of productivity, customer churn, and non-compliance fines and penalties, you may even be staring at permanent shutdown.

The irony is that disasters are bound to happen to any business. However, the way an organization deals with disruption determines the true cost of downtime. To mitigate downtime risks, businesses and IT teams need to be prepared by having a solid business continuity and disaster recovery (BCDR) plan in place.

The two most important parameters of a good (or bad) BCDR plan are the recovery point objective (RPO) and recovery time objective (RTO). They quantify the losses that potentially ensue if critical systems fail, and set protocols for rebooting services to resume operations and to meet service level agreements (SLAs). In essence, they provide a realistic backdrop against which IT leaders can plan and execute a successful BCDR plan.

Unitrends Recovery Series

Unitrends purpose-built backup appliances offer dedicated backup storage isolated from production. Replicate backups to the Unitrends Cloud for secure and immutable offsite safekeeping.

Learn More

In this article, we break down RPO and RTO, their role in a BCDR plan, and why it’s essential for businesses to define and understand their RPO and RTO.

RPO and RTO Defined

Let’s start by defining RPO and RTO.

What Is RPO?

A recovery point objective or RPO is the maximum acceptable amount of data loss measured in time. It marks the time during the disruption when the quantity of data lost exceeds the BCDR plan’s maximum allowable threshold.

The purpose of RPO is to determine:

  • What the minimum backup schedule frequency is

  • How much data can be lost after a disaster

  • How far back the IT admin team should go to employ sufficient restoration without delaying data loss against expected RTO

    An example of RPO:

    When disruption occurs, if the most recent backup copy of data is from 10 hours ago, and the standard RPO for the business is 15 hours, then we are still within the bounds of the RPO as specified in the BCDR plan. Essentially, RPO answers the big question, “Up to what point in time can the recovery process move tolerably given the volume of data lost during that interval?”

    What Is RTO?

    Recovery time objective or RTO is the timeframe within which applications and systems must be restored after an outage. It determines the quantity of time that an application or system is allowed to be inoperational without causing significant damage to the business. To put it simply, RTO measures the amount of downtime “tolerated” as per the BCDR plan.

    The purpose of RTO is to determine:

    • The real-time duration required to recover an asset (file/host/site) from the point in time the incident interrupts the normal flow of operations until restored.
  • IT preparations for implementing the BCDR plan.

  • The acceptable level of risk of data loss, when key systems or applications go offline.

    An example of RTO:

    Due to issues with the Microsoft Exchange Server, applications that include emails, calendar and collaboration services (such as Teams) go down. If your RTO is set at six hours, this means the maximum tolerable downtime your business can survive is six hours, and your RTO for the Exchange Server must be less than six hours to avoid serious damage to the business.

    Importance of RPO And RTO

    If you think your business can do without RPO and RTO, think again.

    Here are a few reasons why you need to invest in understanding and establishing RPO and RTO:

    Increases BCDR Plan Effectiveness

    Should a disruption occur, no business can endure data and reputational loss without RPO and RTO. You will be clueless with regards to how much and for how long your business can afford a data loss. An effective RPO and RTO give your BCDR plan a more pragmatic layer, making the policies more effective.

    Protects Critical Applications

    Critical applications are applications without which a business cannot operate under any circumstance. One of the tenants of RPO and RTO is application priority. This leads to a reliable IT infrastructure where critical applications are spun up first, bolstering your disaster recovery efforts.

    Defines Your SLA

    RPO and RTO help you define your SLA during disruption. It also includes prioritizing SLA to ensure the end user isn’t affected by the disruption of business operation. If you can lower your RPO/RTO, you can guarantee tighter deliverables.

    Effective Staff Allocation

    Based on the RPO/RTO, businesses divert relevant personnel to data recovery during a disruption, allowing the rest of the staff to work on more productive tasks that impact the bottom line.

    How Do You Calculate RPO and RTO?

    Different businesses have different and unique RPOs and RTOs. However, the methodology to calculate RPO and RTO are somewhat similar. Start with understanding the cost of downtime for your organization.

    Secondly, as part of your BCDR plan, build an inventory of every system and application used by your organization. Don’t forget to consider internal teams and end users that may be affected by systems rendered inaccessible. These systems are categorized into tiers.

    For instance:

    • Tier 1/ Gold = 15 min – 1hr RTO
  • Tier 2/ Silver = 1hr – 4hr RTO

  • Tier 3/ Bronze = 4hr – 24hr RTO

    To define these tiers and come up with an appropriate RPO and RTO, ask yourself these questions:

    RPO: * How much data do we project to lose should operations be interrupted?

  • What is the maximum amount of data loss we can tolerate?

  • What is the cost of lost data?

  • What is the cost to reenter lost data?

  • How much will it cost to implement a solution that can meet our requirements?

RTO: * How much revenue do we project to lose if this system is inaccessible?

  • Does this system handle customer data? If yes, what SLAs are in place with customers?
  • If X system went offline, does it have dependencies? What other systems would be impacted? What are the RTOs for those systems?
  • What customer-facing systems or applications do we have that would result in loss, churn or customer dissatisfaction if they were unavailable?
  • How much will it cost to implement a solution that can meet our requirements?

  ## Shape Your RPO and RTO With Unitrends

 Unitrends offers the perfect tech stack to shape RPO and RTO that perfectly fits your business needs.
  • Incremental Forever: Meet more aggressive RPO by incrementally backing up a protected asset, meaning IT admins can track changes to the protected system since the most recent backup.

  • Block Agent: Advanced recovery options, like Instant Recovery with image-level backup, enable faster backups of protected Windows assets by protecting them at the disk volume level.

  • Recovery Assurance: Test backups and their recoverability in a sandbox testing environment. Subsequently, track RTO and RPO in exportable compliance reports and know what to expect when you need to recover.

    Learn more about why Unitrends is the right fit for your organization. Get in touch with us today!

     

See Everything Unitrends Backup Appliances Have to Offer

Appliances range from 2-120TB and are available in high-performance desktop and robust rackmount formfactors. Regardless of the use case, there’s a backup appliance that caters to it.

Request a Demo