Our Blog

How to define your RPO and RTO, and more to the point: what is it?

How to define your RPO and RTO, and more to the point: what is it?

Teng Yew Ang Teng Yew Ang
Originally published on August 19, 2019
Last updated on December 12, 2024 Post a comment

How would you respond if I asked you:

  • How much data can you afford to lose before it impacts your business?
  • Oh, and how much downtime could you absorb without access to your applications and data?

I’ll have a guess that you answered, “zero and zero”.

And In a perfect world, this would set the requirements for your cybersecurity solutions. But the truth is, it’s not that simple and for most businesses, that level of restoration is just not physically or financially feasible.

So, let me ask you this instead:

Can you afford to invest in the right backup strategy? More to the point: can you afford not to?

With the inevitability of file corruption, accidental (or intentional) deletion and ransomware threats, being prepared for downtime, so you can quickly restore your data – and your business operations – isn’t just desirable. It’s essential.

Preparation is key

321 Cloud Diagram-min

Being prepared means getting a comprehensive 3-2-1 backup strategy in place. But just before you click on that link^ to get an automated cloud backup solution that manages everything for you.

It’s a good idea to get an idea of what your backup requirements are, so your business is not left down and out when disaster strikes.

Oh, and helping you to get clear on your backup requirements, is precisely what this article will help you to do.

So, let’s get started.

Your Business Recovery and Time Objectives

Referred to as your RPO and your RTO, these little acronyms have a big say on how much data your business can afford to lose and how long it takes you to get back up and running. And it’s important that you understand what they are, so your backups can meet your business requirements when it hits the fan.

What is an RPO and RTO?

Recovery Point Objective (RPO)

This refers to a time in the past to which your data will be restored to.

Your RPO is defined by the maximum amount of data you’re willing to lose from the time of a data-loss incident to the time of your last backup.

RPO Example: If you decide to have an RPO of 4 hours for your emails, then you will have a maximum 4 hour data gap between the time of the data loss and the point your emails will be recovered to.

Recovery Time Objective (RTO)

This refers to a time in the future when you’ll be back up and running.

Your RTO is defined by the maximum amount of time it takes from the data-loss incident to a point in the future at which your data will be operational again. 

RTO Example: If your email is subject to a data-loss disaster and has an RTO of 2 hours, then your IT team have an objective to get your emails back up and running within 2 hours of the data-loss incident before it starts to impact your business operations.

Office Solutions IT - How to define your RPO-RTO2-min

Now, it’s a given that you’re going to have different requirements and priorities for each unit and application within your business.

You may have some business units and applications that you wouldn’t notice missing. Whereas you’ll have others that you consider critical to the day-to-day or minute-to-minute operations of your business. This is why you need to define a separate RPO and RTO for each of your business applications.

How to define your RPO and RTO

I hate to be a downer, but I don’t have a one-size-fits-all solution that defines your RPO and RTO for you. And not because I don’t want to share, but because it doesn’t exist.

Establishing your RPO and RTO is a process that typically starts with analysing your business requirements and inviting conversation and input from your business and IT experts.

Every business is different, and your business will have a different set of applications and priorities for the next. Having said that, this free Backup 101 Toolkit and the following steps will help guide your discussions, so you can establish an RPO and RTO for each area of your business, even if you don’t know where to start.

Step#1 – Download our RPO and RTO template

OSIT-RPO-RTO-Template-Mockup-min

Click here to get your copy of our Ultimate Guide to Backing up Your Business, which includes a pre-prepared RPO and RTO template, so you can quickly and easily document your requirements.

Step #2 – Define your tiers of priority

Using tiers simplifies the process of categorising your business applications. Here are some sample tiers that you may want to consider using.

Oh, and please keep in mind that these are generic. You’ll need to define what applications are considered critical and not-so-critical based on your business requirements.

0 – 1 Hour: Mission Critical

These are your critical applications, systems and processes that your business can’t afford to lose any more than 1 hour’s worth of data. This may include applications that are updated frequently.

An example might be your financial systems, CRM databases or an industry-specific application that your business relies on to generate products or meet service-level agreements.

1 - 2 Hour: Business Critical

This tier might be used for critical business units that you can’t afford to lose more than 2 hours’ worth of data.

Examples might include your email accounts or customer support instant chat applications

2- 4 Hour: Semi-Critical

Used for semi-critical business units, this tier can be used for applications that you can’t afford to lose more than 4 hours’ worth of data.

Examples might include your email accounts or customer support instant chat applications

4 – 8 Hour: Important 

Applications and systems that fall into this category can’t lose more than 8 hours of data. These are not considered critical to your business operations and may include your sales collateral, lead generation systems, or perhaps your website.

8-12 Hour: Non-Critical

You may decide to use this tier for any applications that can’t tolerate losing more than 12 hours of data. Typically, these applications and files are not changed as frequently as the previous tiers.

An example of this might be your human resources documentation or weekly reports.

12-24 Hour: Low Priority

Data that falls under this category should tolerate a maximum amount of 24 hours’ worth of data loss. These are likely to be archives or data that is not regularly updated.

Step #3 - Everyone likes making a list, right?

OSIT-RPO-RTO-Template-Step1

Now that you’ve established your tiers of priority, the next step is to complete the first column of the RPO & RTO template with a list of every system and application your business uses day to day.

If you’re unsure where to start:

  • Have a think about the applications that you use on a typical day
  • Call your IT Partner for their input; or
  • Talk to your team members

Step#4 – What functions do your applications perform

OSIT-RPO-RTO-Template-Step2

Next to each application, jot down the role it serves in your organisation. Oh, and while it may seem easy to write down ‘Email’ next to Microsoft Outlook, keep in mind the broader picture too.

For example, if your business uses a customer booking system that links to your Outlook calendars or you use your email accounts for sales purposes, don’t forget to write that down too.

Step #5 – Frequency

OSIT-RPO-RTO-Template-Step3

As a general rule of thumb, you can begin to get a sense of your RPO requirements by the frequency at which your files are updated.

The more frequently your files are updated the shorter your RPO needs to be in order to restore the most up-to-date version of your files.

For each application in your list try to complete this sentence:

Our important data changes ___ times per Hour/Day/Week/Month (Delete as appropriate)

This may be difficult to get 100% accurate, which is fine for now. The idea here is to get as close as you can, so when you present your data to your business and IT experts, they’ll be able to suggest the best cloud backup solution for your business requirements.

Step #6 – Who and what is impacted?

OSIT-RPO-RTO-Template-Step4

Up next is to make a note of the team members, groups and systems that will be affected by the data-loss of each of your applications.

Step #7 – Potential loss

OSIT-RPO-RTO-Template-Step5

From lost time and revenue to corporate reputations and SLAs, the data you lose – and the repercussions you’ll face - will vary from system to system.

This is why it’s a good idea to jot down the potential losses each application could cause, so your business and IT experts can get a sense of the importance – and the potential consequences of your data loss.

Step #8 – Schedule a coffee

OSIT - Coffee with IT Manager

Remember those tiers you copied and pasted and defined in step #2?

This is where they – and your IT Partner come in.

After you’ve collected all of the data for each of your business units, schedule a coffee with your business and IT experts, so you can run through the results and assign a priority tier to each of your applications.

Keep in mind, that these steps are not a definitive calculation for your RPO and RTO requirements. That will develop with the collaboration between your organisation's business and IT experts. What these steps do provide is, a enough information for you to get the ball rolling, so you can identify the gaps in your current backup solution and the areas that need more attention to ensure your backups -  and your investment - can restore your business when the time comes.

Meeting your business objectives with Office Solutions IT

If there’s anything worse than seeing your data disappear, it’s waiting for help. And not knowing when – or if – it will come back. But with our reliable – and affordable - cloud backup in place, you’ll be able to restore your data and get back up and running fast, even if disaster strikes.

Our cloud backup service offers to take the time and hassle out of managing your business-critical offsite backups.

Office Solutions IT - How to define your RPO-RTO-min

It’s automated, it routinely tests your restoration data and manages your backups for you, so you don’t have to. Oh, and if disaster does strike, you’ll get direct access to your data ASAP. To get it - just click here to schedule that coffee.

Save-Money-on-IT---Mockup-Cover.jpg

Up your business game, not your IT spend

Your IT partner might not want you to know, but there's a host of things you can do – right now – to reduce your IT costs and headaches.

Download our eBook to discover how you can save money on IT today.